Webhooks
Webhooks allow you to notify external services when certain events occur in Invoiless.
Security
To validate the signature you received from Invoiless, you can generate the signature using your secret and compare it with the signature you received in the request.
- Using the HMAC SHA-256 algorithm, create a hash of the entire received payload as binary.
- Encode the binary hash in base64 format.
- Add prefix
sha256=to the binary hash. - Compare the created value with the signature you received in the
invoiless-signatureheader from Invoiless.
Node.js Example
const crypto = require('crypto');
function isValidSignature(req) {
const signature = req.headers['invoiless-signature'];
const hash = crypto
.createHmac('sha256', process.env.INVOILESS_SECRET)
.update(req.rawBody)
.digest('base64');
return signature === `sha256=${hash}`;
}
Payload
The body of the webhook will be in JSON format:
{
"type": "EventType",
"data": {
// ...
}
}
Notes
- To confirm receipt of a webhook event, your server endpoint should return a 200 OK HTTP status code. Any other HTTP response code will be treated as a failure.
- Invoiless waits for a maximum of 10 seconds for your server to respond to the HTTP POST request.
Event Types
You can configure your webhook to be triggered by the following events:
| Event | Description |
|---|---|
| InvoiceCreated | An invoice was created |
| InvoiceUpdated | An invoice was updated |
| InvoicePaid | An invoice was paid |
| InvoiceDeleted | An invoice was deleted |
| EstimateAccepted | An estimate was accepted |