Webhooks
Webhooks allow external systems to receive real-time notifications when events occur in ERPX.
How Webhooks Work
ERPX Event → Webhook Queue → HTTP POST → Your Endpoint → Acknowledge (200 OK)When an event occurs, ERPX sends an HTTP POST request to your configured endpoint with event details in the request body.
Setting Up Webhooks
Navigate to Settings
Go to Settings → Webhooks → New Webhook.
Configure Endpoint
| Field | Description |
|---|---|
| URL | Your endpoint URL (HTTPS required) |
| Events | Select events to listen for |
| Secret | Shared secret for signature verification |
| Active | Enable/disable the webhook |
Test the Webhook
Click Send Test Event to verify your endpoint receives and processes events correctly.
Available Events
Document Events
| Event | Description |
|---|---|
document.created | A new document was created |
document.updated | A document was modified |
document.submitted | A document was submitted |
document.cancelled | A document was cancelled |
document.deleted | A document was deleted |
Sales Events
| Event | Description |
|---|---|
sales_order.created | New sales order created |
sales_order.confirmed | Sales order confirmed |
invoice.created | New invoice generated |
invoice.paid | Invoice fully paid |
payment.received | Payment recorded |
Inventory Events
| Event | Description |
|---|---|
stock.updated | Stock level changed |
stock.low | Item below reorder level |
stock.transfer | Stock transferred between warehouses |
HR Events
| Event | Description |
|---|---|
employee.created | New employee added |
leave.applied | Leave application submitted |
leave.approved | Leave application approved |
payroll.processed | Payroll run completed |
Webhook Payload
Event Structure
{
"id": "evt_abc123",
"event": "sales_order.created",
"timestamp": "2024-01-15T10:30:00Z",
"data": {
"id": "so_001",
"customer": "Acme Corporation",
"total": 10599.8,
"items": 2,
"status": "draft"
},
"metadata": {
"userId": "usr_123",
"userName": "John Doe",
"ipAddress": "192.168.1.100"
}
}Signature Verification
ERPX signs webhook payloads using HMAC-SHA256. Always verify the signature to ensure authenticity:
const crypto = require('crypto');
function verifyWebhookSignature(payload, signature, secret) {
const hash = crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(`sha256=${hash}`),
);
}The signature is sent in the X-ERPX-Signature header.
Always verify webhook signatures before processing events. This prevents unauthorized requests from being processed.
Retry Policy
If your endpoint doesn’t respond with a 2xx status code, ERPX retries with exponential backoff:
| Attempt | Delay |
|---|---|
| 1st retry | 1 minute |
| 2nd retry | 5 minutes |
| 3rd retry | 30 minutes |
| 4th retry | 2 hours |
| 5th retry | 24 hours |
After 5 failed attempts, the webhook is deactivated and an admin notification is sent.
Webhook Logs
View webhook delivery logs in Settings → Webhooks → Logs:
- Delivery status (success/failure)
- Response status code
- Response body
- Delivery duration
- Retry history
Best Practices
- Respond quickly — Return
200 OKimmediately, process asynchronously - Handle duplicates — Use the event
idfor idempotency - Verify signatures — Always validate the
X-ERPX-Signatureheader - Use HTTPS — Webhook URLs must use HTTPS
- Monitor failures — Set up alerts for webhook delivery failures