diff --git a/lnbits/extensions/lnurlpos/lnurl.py b/lnbits/extensions/lnurlpos/lnurl.py
index 0369b0aa2..e61fc900b 100644
--- a/lnbits/extensions/lnurlpos/lnurl.py
+++ b/lnbits/extensions/lnurlpos/lnurl.py
@@ -83,9 +83,12 @@ async def handle_lnurl_firstrequest(
                 "reason": f"Invalid hex or base64 payload: {payload}",
             }
 
-    h = hashlib.sha256(nonceb)
-    h.update(pos.key.encode())
-    s = h.digest()
+    if len(payloadb)!=8:
+        raise RuntimeError("Expected 8 bytes")
+    expected = hmac.new(pos.key.encode(), payloadb[:-2], digestmod="sha256").digest()
+    if expected[:2] != payloadb[-2:]:
+        raise RuntimeError("Invalid HMAC")
+    s = hmac.new(pos.key.encode(), nonceb, digestmod="sha256").digest()
 
     res = bytearray(payloadb)
     for i in range(len(res)):
diff --git a/lnbits/extensions/lnurlpos/templates/lnurlpos/index.html b/lnbits/extensions/lnurlpos/templates/lnurlpos/index.html
index ac7b84cbf..3cf4c6203 100644
--- a/lnbits/extensions/lnurlpos/templates/lnurlpos/index.html
+++ b/lnbits/extensions/lnurlpos/templates/lnurlpos/index.html
@@ -127,10 +127,14 @@
     position="top"
     @hide="closeFormDialog"
   >
-    <q-card class="q-pa-lg q-pt-xl lnbits__dialog-card">
+    <q-card
+      style="width: 700px; max-width: 80vw"
+      class="q-pa-lg q-pt-xl lnbits__dialog-card"
+    >
       <div class="text-h6">Copy to LNURLPoS device</div>
       <div class="text-subtitle2">
-        {% raw %} String server = "{{location}}/lnurlpos/api/v2/lnurl/{{settingsDialog.data.id}}";<br />
+        {% raw %} String server =
+        "{{location}}/lnurlpos/api/v1/lnurl/{{settingsDialog.data.id}}";<br />
         String key = "{{settingsDialog.data.key}}";<br />
         String currency = "{{settingsDialog.data.currency}}";{% endraw %}
       </div>