Webhooks
ERPly Pro delivers HMAC-SHA256-signed events to the tenant's configured URL.
Events
| Event | When |
|---|---|
invoice.accepted | DGII accepted the e-CF. |
invoice.rejected | DGII rejected the e-CF. |
invoice.failed | Internal error past the SLA. |
Structure
POST /tu-webhook HTTP/1.1
Content-Type: application/json
X-ErplyPro-Event: invoice.accepted
X-ErplyPro-Signature: t=1714583811,v1=4f9d…
X-ErplyPro-Delivery: 01HW9X4G…
{
"event": "invoice.accepted",
"docId": "01HW9X4G…",
"trackId": "20260501-DGII-9988",
"tenantId": "demo-rnc-131000001",
"occurredAt": "2026-05-01T17:42:11Z"
}
Signature verification
import hmac, hashlib, time
def verify(body: bytes, header: str, secret: bytes, *, max_skew=300) -> bool:
parts = dict(p.split("=", 1) for p in header.split(","))
t = int(parts["t"])
if abs(time.time() - t) > max_skew:
return False
expected = hmac.new(secret, f"{t}.".encode() + body, hashlib.sha256).hexdigest()
return hmac.compare_digest(expected, parts["v1"])
POST /v1/webhooks/test
Trigger a test event against the tenant's configured endpoint:
curl -X POST https://sandbox.api.erply.pro/v1/webhooks/test \
-H "Authorization: Bearer $TOKEN"
Retries
Exponential back-off: 1 s, 4 s, 16 s, 64 s, 256 s. After 5 consecutive failures, the event goes to a DLQ and support redispatches it once the endpoint is fixed.