Payload and Delivery

When a purchase invoice webhook event occurs, Complyance sends a POST request to your configured endpoint with a JSON payload and delivery metadata in the request headers.

Event Payload Example

{
  "data": {
    "id": "purchase:01HABC123DEF456",
    "type": "purchase.invoice.stored",
    "timestamp": "2026-05-26T07:04:01.550Z",
    "data": {
      "documentId": "01JABCDEFGHIJKLMNOPQRSTUV",
      "documentNumber": "INV-2026-001",
      "documentType": "tax_invoice",
      "country": "AE",
      "totalAmount": 105.0,
      "currency": "AED",
      "sellerName": "Acme Supplies LLC",
      "issueDate": "2026-05-20",
      "submittedAt": "2026-05-26T07:04:01.550Z"
    },
    "metadata": {
      "requestId": "01JABCDEFGHIJKLMNOPQRSTUV",
      "sourceId": null
    }
  },
  "eventId": "purchase:01HABC123DEF456"
}

Core Payload Fields

Field	Type	Description
`data.data.documentId`	string	Unique document identifier for the purchase invoice
`data.data.documentNumber`	string	Supplier-provided invoice or document number
`data.data.documentType`	string	Document type such as `tax_invoice` or `credit_note`
`data.data.country`	string	Country code such as `AE`, `SA`, `MY`, `DE`, or `BE`
`data.data.totalAmount`	number	Total invoice amount including tax
`data.data.currency`	string	ISO 4217 currency code such as `AED`, `SAR`, `MYR`, or `EUR`
`data.data.sellerName`	string	Seller or supplier name
`data.data.issueDate`	string	Invoice issue date
`data.data.errors`	array or omitted	Present for validation-failed events and omitted for stored-success events
`data.data.submittedAt`	string	Timestamp when the invoice entered the receiving flow
`data.id`	string	Unique event identifier, same value as `eventId`
`data.type`	string	Event type
`data.timestamp`	string	Timestamp when the business event was created
`eventId`	string	Unique business event identifier used for deduplication

Delivery Headers

Header	Description
`Content-Type`	Always `application/json`
`X-Webhook-ID`	Unique business event identifier, same as `eventId`
`X-Webhook-Timestamp`	Timestamp for the specific delivery attempt
`X-Webhook-Signature`	HMAC signature when signing is enabled
`X-Webhook-Event`	Event type such as `purchase.invoice.stored`

Timestamp Semantics

There are two timestamps worth treating differently:

data.timestamp: when the business event itself was created
X-Webhook-Timestamp: when this specific delivery attempt was sent

These values may differ when the platform retries delivery.

Deduplication Guidance

Use eventId or X-Webhook-ID as your business event deduplication key. The same identifier is reused across retries for the same underlying event, so it is the right value to persist for idempotent processing.

Do not infer meaning from the structure of the event ID. Treat it as an opaque identifier.

Recommended Receiver Behavior

When your endpoint receives a webhook:

Read the raw request body
Verify the signature if signing is enabled
Confirm the event has not already been processed
Persist the event or enqueue internal processing
Return a success response promptly

Practical Handling Notes

Expect retries and make processing idempotent
Log the event type and event ID for troubleshooting
Separate transport success from business processing where possible
Use purchase.invoice.validation_failed to trigger exception workflows or manual review