Webhook privacy and payload control

Signed events with configurable customer context

Webhook payloads are structured event messages. Depending on configuration, they can include customer, location, contact, target, appointment, visit report or billing trigger context.

What webhooks can contain

Outbound events can include only the operational context needed by the receiving system, depending on event type and payload options.

eventId eventType occurredAt customer context location context contact context target appointment visit report billing trigger event delivery metadata

What webhooks should not contain

Ordinavo webhook payloads should not become broad data exports or a place for secrets.

API keys webhook secrets internal notes full private free text by default unnecessary personal data data from other tenants target-level customer numbers

Webhook payload matrix

Ordinavo uses privacy-conscious defaults. Contact details, summary previews and billing details should only be included when needed by the receiving system.

Field Default Configurable Notes
Customer context Included Yes Can be disabled if not needed.
Contact details Included or opt-in Yes Only operational contact data.
Summary preview Off Yes Shortened and privacy-sensitive.
Billing details Off Yes plus feature For billing endpoints only.
Internal notes Never No Not sent.
Secrets/API keys Never No Not sent.
Target-level customer number Never No CustomerNumber comes from Customer.

Signature and delivery behavior

HMAC signatures

Webhook deliveries are signed with HMAC. Receiving systems should verify signatures before processing events.

At-least-once delivery

Retries can cause delayed or duplicate deliveries. Receiving systems should deduplicate by eventId.

Out-of-order handling

Retries and network behavior can cause events to arrive later or out of order.

Receiver responsibility

Once delivered, the receiving system is responsible for protecting, storing and deleting the received payload according to its own policies and legal obligations.

Typical delivery headers

X-Ordinavo-Event-Id: evt_01JZ8Y4EXAMPLE
X-Ordinavo-Event-Type: visit_report.approved
X-Ordinavo-Timestamp: 2026-06-18T16:40:00Z
X-Ordinavo-Signature: sha256=...

CustomerContext in webhooks

CustomerContext helps external systems connect Ordinavo events back to their own customer, site and contact records. External IDs are resolved for the source system of the integration client. Customer numbers are read from the Ordinavo customer record.

Internal notes and secrets are never included in webhook payloads.

Billing trigger events are not invoices

Ordinavo can mark approved, billable visit reports as billing trigger events. These events notify external ERP, accounting or billing systems that a completed visit may be relevant for downstream billing.

Ordinavo does not create invoices in this workflow. Invoice creation, pricing, taxation and accounting rules remain the responsibility of the connected billing system.

Design webhook payloads deliberately

We can review event types, payload options, signing, retry behavior and receiver responsibilities for your integration.