Webhooks
Webhooks let your application receive real-time HTTP notifications when events occur in your Invoro account - such as an invoice being delivered or a Peppol participant being activated.
How It Works
Section titled “How It Works”- You register a webhook URL in the Invoro app
- You select which events to subscribe to
- When an event occurs, Invoro sends a
POSTrequest to your URL with a JSON payload - Your endpoint responds with a
2xxstatus code to acknowledge receipt
Setting Up a Webhook
Section titled “Setting Up a Webhook”- Go to Developers > Webhooks in the Invoro app
- Click Add Webhook
- Enter your HTTPS endpoint URL
- Select the events you want to receive
- Click Add - your webhook secret will be shown once, save it securely
Webhook Request Format
Section titled “Webhook Request Format”Every webhook delivery is a POST request with these headers:
| Header | Description |
|---|---|
Content-Type | application/json |
X-Signature-SHA256 | HMAC-SHA256 signature for payload verification |
X-Webhook-Event | The event type (e.g., invoice.delivered) |
The request body is a JSON object containing the event data. See Events for payload details.
Responding to Webhooks
Section titled “Responding to Webhooks”Your endpoint must return a 2xx HTTP status code within 30 seconds. Any other response (or timeout) is treated as a failure and will be retried.
Recommended approach:
- Receive the webhook
- Verify the signature
- Store the event for processing
- Return
200 OKimmediately - Process the event asynchronously
This ensures you respond quickly and avoid timeout failures.
Testing Webhooks
Section titled “Testing Webhooks”Use the Test button on any webhook in the Invoro app to send a test delivery with sample data. Test deliveries include "is_test": true in the payload.
Next Steps
Section titled “Next Steps”- Events - All event types and their payloads
- Signature Verification - Verify webhook authenticity
- Retry Behavior - Failure handling and auto-disable