IntegrationNode.jsOAuth 2.0Mar 11, 2026 · 9 min read

How I Built OrderBridge: Solving the Delivery-to-POS Connection

A few months ago, a client came to me with a problem that was simple to describe and it seemed quite straightforward. They needed to bridge the gap between major delivery platforms and their own POS system with an automated OAuth 2.0 handshake.

This project started as a real client brief. The request came in Spanish: "Queremos conectar los servicios de domicilios de nuestros clientes (DoorDash, etc.) a StreamOrder utilizando OAuth. Una vez que StreamOrder esté conectado y autenticado, las cuentas de los servicios de entrega de los clientes se conectarán a nuestro sistema POS."In short: they needed to connect their clients' delivery accounts to their POS system through StreamOrder's partner API — automatically, via OAuth, with no manual intervention. I analysed the requirements, read through the StreamOrder partner documentation, and got to work.

OrderBridge dashboard overview
[ THE BRIEF ]

The Client Proposal

Before writing a single line of code, I put together a formal proposal. It forced clarity on both sides — the client understood exactly what they were getting, and I understood exactly what I was building.

PROJECT PROPOSAL

Delivery Apps to POS Integration

Middleware API · StreamOrder · OAuth 2.0

Maximiliano B. Torres

February 27, 2026

DESCRIPTION

This project establishes a secure, automated “Digital Bridge” — a Middleware API between the StreamOrder aggregator and the client's Point of Sale (POS) system, enabling delivery orders to flow automatically into the POS with no manual intervention.

OBJECTIVE

Implement OAuth 2.0 as the authentication layer, ensuring data remains secure while allowing orders to sync automatically from delivery platforms into the POS.

Secure Connection: OAuth handshake — no shared passwords, data protected by encrypted digital keys.
Automatic Sync: Every DoorDash and delivery platform order appears in the POS instantly.

ARCHITECTURE FLOW

Delivery Platforms
StreamOrder
Middleware API
POS System
Dashboard

4-Week Timeline

Week 1

Security & The Digital Handshake

Goal: Securely connect the client accounts.

Result: StreamOrder officially linked; data protected by encrypted OAuth keys.

Week 2

The Automation Bridge

Goal: Make the systems communicate.

Result: Translator and webhook listener live in a test environment — orders captured and translated instantly.

Week 3

Dashboard & Live Launch

Goal: Visibility and production readiness.

Result: Bridge active, orders printing in the POS, live monitoring dashboard delivered.

Week 4

Refinement & Monitoring

Goal: Stability under real-world conditions.

Result: 7-day live monitoring window; API changes from StreamOrder or delivery platforms patched immediately.

Core Deliverables

OAuth 2.0 IntegrationAuthentication layer connecting all accounts without sharing private passwords.
Real-Time Order InjectionOrders detected via webhook and pushed directly into the POS within seconds.
Automated TranslatorIntelligent menu mapping ensuring every item, modifier, and customer note matches the POS format.
Automatic Token RefreshSelf-maintaining security — OAuth tokens renew automatically so the connection never expires.
Reliability MonitoringError-tracking that alerts immediately if an order fails to sync.
Live Connection DashboardWeb view to monitor bridge status and verify the most recent successful syncs.

PROJECT PREREQUISITES

StreamOrder Developer access with Partner API enabled.
POS developer portal credentials with write permissions.
Menu / SKU list exported from the POS (CSV or Excel).
A named technical point of contact authorised to approve the OAuth handshake.
↓ Download Original Proposal (PDF)
[ THE PAIN POINT ]

Keeping Track of All the Orders

Before we automated this, the workflow was boring and painful. Most busy kitchens have a counter full of tablets from different delivery apps.

A staff member has to:

  1. Read the order off a tablet.
  2. Manually type it into the POS.
  3. Hope they didn't miss a "no onions" modifier or something.

In a quiet shop, it's boring. In a kitchen doing 80+ orders a day, it's a painful operational problem.

THE MATH

50 orders a day × 2.5 minutes of manual entry × $18/hr = $1,100+ lost every month to a task that shouldn't involve a human at all.

OrderBridge orders page with live order feed
Orders page — filterable, sortable, real-time status updates
[ ENGINEERING ]

Engineering the Pipeline

Once the ROI was clear, I mapped out the pipeline. The logic needed to be bulletproof:

OrderBridge architecture diagram showing delivery platforms flowing through OrderBridge into a restaurant POS
High-level flow: delivery platforms → OrderBridge → restaurant POS
01

Ingest delivery webhooks

Receive HTTPS POST from each delivery platform.

02

Verify signatures

HMAC-SHA256 check — security before anything else.

03

Translate schemas

Map disparate JSON payloads into a unified POS format.

04

Inject the order

POST to the POS API with exponential-backoff retry.

05

Broadcast updates

WebSocket push to the live dashboard — no polling.

[ THE PROCESS ]

Writing the Spec First

I started with a Software Requirements Specification (SRS) before writing a single line of code. It's much easier to fix a mistake in a document than to rewrite production code later. The SRS forced both me and the client to agree on exactly what “done” looked like — no ambiguity, no scope creep.

FR-01OAuth 2.0 Server

System must act as an OAuth 2.0 provider — issuing, validating, and refreshing tokens per RFC 6749.

FR-02Webhook Ingestion

System must accept HTTPS POST webhooks from delivery platforms and verify each request with HMAC-SHA256 signature validation.

FR-03Schema Translation

System must map all incoming delivery payloads to a unified POS format, with graceful failure and logging on unmapped SKUs.

FR-04POS Injection

System must POST translated orders to the POS API with exponential-backoff retry on failure — no order dropped silently.

NFR-01Real-Time Updates

Dashboard must reflect order status changes via WebSocket push. No polling.

NFR-02Token Persistence

OAuth tokens must survive server restarts, stored encrypted at rest.

OrderBridge live dashboard showing real-time order feed
Live dashboard — real-time order feed with status tracking
[ TECH STACK ]

The Tech Stack

What tools would I use for this kind of project:

Node.js & TypeScript

I am sure that Python would've also worked wonders here. Personally I prefer working with node modules and npm over pip and virtual environments.

Fastify (Not Express)

Express is the legacy default, but Fastify is built for modern performance. Built-in JSON schema validation, lower overhead. For a middleware API where every millisecond counts, Fastify wins.

[ DEPLOYMENT ]

Infrastructure

The three services are independently deployed — each with its own host, its own domain, and its own responsibility. This mirrors how a real production integration would be structured.

INFRASTRUCTURE OVERVIEW

Vercel
OrderBridge DashboardFrontend

Real-time monitoring UI — edge-deployed, globally available.

Railway
OrderBridge API + PostgreSQLBackend

Core middleware engine with the OAuth server, webhook ingestion, schema translator, and POS injector. PostgreSQL stores OAuth tokens, menu mappings, and order logs.

Railway
MockPOS ServerSimulator

Isolated POS simulator running as a completely separate service — its own OAuth consent flow, its own order terminal.

WHY SEPARATE SERVICES

Keeping MockPOS on its own Railway service wasn't just convenient — it was the point. It proves the integration works across a real network boundary, not just between two functions in the same process.

[ THE HARD PARTS ]

Translation and Trust

The Translator was the hardest part of this project. DoorDash, Uber Eats, and GrabFood all have wildly different ideas of how to describe a "Cheeseburger with no pickles." Mapping these inconsistent payloads to a standardised POS SKU while maintaining a MenuMapping table required deep edge-case handling. If the mapping fails, the system has to fail gracefully — not drop the order into a void.

Then there was the OAuth 2.0 Server. It's one thing to use OAuth; it's another to be the provider. Building the authorization endpoints, token logic, and encrypted storage according to the RFC specs took more gray hair than the rest of the app combined.

MockPOS terminal showing injected orders arriving from OrderBridge
Phing Kai Kitchen [POS Simulator] — orders arriving automatically from OrderBridge
[ THE PORTFOLIO BUILD ]

Introducing OrderBridge

I enjoyed the architecture of the client project so much that I built OrderBridge — a refined, standalone version for my portfolio. It's not just a copy; it's an evolution. A complete end-to-end demo that simulates the entire flow without needing real-world infrastructure.

Backend

Fastify, TypeScript, and WebSockets.

Dashboard

Real-time monitoring and control UI for the OrderBridge system.

POS Simulator (MockPOS)

A secondary app representing a fictional restaurant called Phing Kai Kitchen. It acts as the 'target' POS, complete with its own OAuth consent screen and live order terminal.

OrderBridge order simulator page
Simulator — fire test orders from any delivery platform with one click
[ SOURCE CODE ]

The Complete Codebase

All three core components are open-source and available on GitHub:

OrderBridge API

Core middleware engine with OAuth 2.0, webhook ingestion, and schema translation.

OrderBridge Dashboard

Real-time monitoring UI with live order feed and connection status.

MockPOS Server

POS simulator demonstrating the complete integration flow.

[ LIVE DEMOS ]

Try It Out

Both services are live and ready to use:

OrderBridge Dashboard

🔗

Real-time monitoring interface. Watch orders flow through the pipeline as they arrive.

Visit →

MockPOS Server

🔗

Live orders page from the fictional Phing Kai Kitchen POS system. See orders injected in real time.

Visit →
[ SEE IT IN ACTION ]

Ready to Explore?

Dive into the source code, watch the live systems in action, or check out the full case study.

View Live DemoFull Case Study← All Articles