Webhooks

Receive real-time notifications at your own HTTPS endpoint. Every event is signed with HMAC-SHA256 using the secret you copied when creating the webhook.

Event types

inspection.created
inspection.finalized
inspection.sent
inspection.pe_sealed
observation.created
observation.updated
report.generated
report.signed
report.delivered
reviewer.rejected
reviewer.approved
final_report.finalized
final_report.filed
user.invited
user.joined

Envelope

{
  "id": "c36b6e1f-...",
  "type": "inspection.sent",
  "created_at": "2026-04-22T14:02:11.091Z",
  "data": {
    "inspection_id": "...",
    "project_name": "...",
    "firm_name": "...",
    "report_id": "..."
  }
}

Signature verification (Node)

import crypto from "crypto"

const expected = crypto
  .createHmac("sha256", process.env.IV_WEBHOOK_SECRET)
  .update(rawBody)
  .digest("hex")

if (expected !== req.headers["x-inspectionvoice-signature"]) {
  return res.status(401).end()
}

Signature verification (Python)

import hmac, hashlib
expected = hmac.new(secret.encode(), raw_body, hashlib.sha256).hexdigest()
if not hmac.compare_digest(expected, signature):
    abort(401)

Retries

Delivery uses exponential backoff up to 5 attempts: 1 min → 5 min → 25 min → 2 hr → 12 hr. After 20 consecutive failed deliveries the webhook is automatically disabled and the admin is notified.