What webhooks can contain
Outbound events can include only the operational context needed by the receiving system, depending on event type and payload options.
Webhook privacy and payload control
Webhook payloads are structured event messages. Depending on configuration, they can include customer, location, contact, target, appointment, visit report or billing trigger context.
Outbound events can include only the operational context needed by the receiving system, depending on event type and payload options.
Ordinavo webhook payloads should not become broad data exports or a place for secrets.
Ordinavo uses privacy-conscious defaults. Contact details, summary previews and billing details should only be included when needed by the receiving system.
| Field | Default | Configurable | Notes |
|---|---|---|---|
| Customer context | Included | Yes | Can be disabled if not needed. |
| Contact details | Included or opt-in | Yes | Only operational contact data. |
| Summary preview | Off | Yes | Shortened and privacy-sensitive. |
| Billing details | Off | Yes plus feature | For billing endpoints only. |
| Internal notes | Never | No | Not sent. |
| Secrets/API keys | Never | No | Not sent. |
| Target-level customer number | Never | No | CustomerNumber comes from Customer. |
Webhook deliveries are signed with HMAC. Receiving systems should verify signatures before processing events.
Retries can cause delayed or duplicate deliveries. Receiving systems should deduplicate by eventId.
Retries and network behavior can cause events to arrive later or out of order.
Once delivered, the receiving system is responsible for protecting, storing and deleting the received payload according to its own policies and legal obligations.
X-Ordinavo-Event-Id: evt_01JZ8Y4EXAMPLE
X-Ordinavo-Event-Type: visit_report.approved
X-Ordinavo-Timestamp: 2026-06-18T16:40:00Z
X-Ordinavo-Signature: sha256=...
CustomerContext helps external systems connect Ordinavo events back to their own customer, site and contact records. External IDs are resolved for the source system of the integration client. Customer numbers are read from the Ordinavo customer record.
Internal notes and secrets are never included in webhook payloads.
Ordinavo can mark approved, billable visit reports as billing trigger events. These events notify external ERP, accounting or billing systems that a completed visit may be relevant for downstream billing.
Ordinavo does not create invoices in this workflow. Invoice creation, pricing, taxation and accounting rules remain the responsibility of the connected billing system.
We can review event types, payload options, signing, retry behavior and receiver responsibilities for your integration.