Webhooks & API Keys

Webhooks and API keys let you integrate Inori with your existing tools and workflows.

Webhooks

Webhooks send real-time HTTP POST requests to your server when events occur in Inori.

Create a Webhook

1. Navigate to Settings > Integrations > Webhooks.
2. Click Add Webhook.
3. Enter the endpoint URL — the HTTPS URL where Inori will send events.
4. Select the events you want to subscribe to:
   • record.status_changed — A record's compliance status changed.
   • record.created — A new record was created.
   • certificate.uploaded — A COI was uploaded.
   • certificate.analyzed — AI analysis completed on a certificate.
   • vendor.created — A new vendor was added.
   • escalation.triggered — An escalation rule fired.
5. Optionally add a secret for payload signature verification.
6. Click Save.

Payload Format

Webhook payloads are JSON and include:

• event — The event type (e.g., record.status_changed).
• timestamp — ISO 8601 timestamp.
• data — The full object that triggered the event.

If you provided a secret, Inori includes an X-Inori-Signature header with an HMAC-SHA256 signature of the payload body.

Retry Policy

Failed deliveries (non-2xx responses) are retried up to 5 times with exponential backoff over 24 hours. After 5 failures, the webhook is marked as Failing and you receive an email alert.

API Keys

API keys allow external applications to authenticate with the Inori REST API.

Generate an API Key

1. Navigate to Settings > Integrations > API Keys.
2. Click Generate Key.
3. Enter a label to identify the key's purpose (e.g., "BI Dashboard" or "Zapier").
4. Click Create.
5. Copy the key immediately — it is shown only once.

Using API Keys

Include the API key in the Authorization header of your requests:

Authorization: Bearer your-api-key-here

Revoking Keys

From the API Keys list, click the three-dot menu on any key and select Revoke. Revoked keys stop working immediately. This action cannot be undone.