Webhooks Overview
Webhooks let you receive real-time HTTP notifications when events happen in your Invoice Maker account. Instead of polling the API, your server gets a POST request the moment an invoice is created, paid, or when a quotation is accepted.
How it works
1. An event happens (e.g., invoice is marked as paid)
2. Invoice Maker sends a POST request to your endpoint URL
3. Your server processes the event and returns 2xx
4. If delivery fails, we retry with exponential backoff
Setting up webhooks
1. Create an endpoint
Go to Settings > Webhooks in your dashboard and click Add Endpoint.
Provide:
- Endpoint URL — Your server's HTTPS URL that will receive webhook events
- Events — Select which events you want to receive
- Description (optional) — A label for this endpoint
2. Copy your signing secret
After creating the endpoint, you'll see a signing secret. Copy it immediately — it will only be shown once.
cd6e2be6c464419ee1b1bab994bd6eecb1829473247ae5fe5aa0ac6821cc5f9f
Use this secret to verify webhook signatures.
3. Handle incoming webhooks
Your endpoint should:
- Verify the signature using the signing secret (see Signature Verification)
- Process the event based on the
typefield - Return a 2xx status within 10 seconds
app.post('/webhooks', (req, res) => {
const payload = req.body;
// Verify signature (see Signature Verification page)
if (!verifySignature(req)) {
return res.status(401).send('Invalid signature');
}
switch (payload.type) {
case 'invoice.paid':
// Update your records
markInvoiceAsPaid(payload.data.invoice.id);
break;
case 'invoice.created':
// Sync to accounting software
syncToQuickBooks(payload.data);
break;
}
res.status(200).send('OK');
});
Your endpoint must respond within 10 seconds. If it takes longer, the delivery is marked as failed and will be retried. Do any heavy processing asynchronously.
Webhook request format
Every webhook delivery is a POST request with:
- Content-Type:
application/json - Custom headers for signature verification and deduplication
- JSON body with the event payload
See Payloads for the full format and Events for all event types.
Managing webhooks
Testing
Use the Send test event button in the webhook settings to send a test ping to your endpoint.
Delivery logs
Each webhook endpoint shows recent delivery attempts with:
- Status (success / failed)
- HTTP response code
- Duration
- Timestamp
Rotating secrets
If your signing secret is compromised, click Rotate Secret in the endpoint's delivery logs panel. The old secret stops working immediately.
Disabling endpoints
Toggle an endpoint off to pause deliveries. Events that occur while disabled are not queued — they are simply not sent.
Auto-disable
If an endpoint fails 100 consecutive deliveries, it is automatically disabled. Re-enable it from the dashboard after fixing the issue.
Plan limits
| Feature | Basic | Pro |
|---|---|---|
| Webhook endpoints | 2 | 50 |
| Deliveries per hour | 100 | 5,000 |
| Retry attempts | 5 | 5 |
| Delivery timeout | 10s | 10s |