Signed, retried, verifiable events for everything that matters.
Register an endpoint and DecentroHR posts a signed event whenever something happens — a payroll run completes, a payslip is ready, an employee syncs. Delivery is a transactional outbox with automatic retries and exponential backoff, so events are never lost and never fired for rolled-back actions.
| Event | When |
|---|---|
payroll.run.completed | A payroll run is finalized and posted to the ledger. |
payslip.ready | A payslip PDF is generated and available. |
employee.synced | An employee record is created or updated. |
Every delivery carries an X-DecentroHR-Signature header: sha256= plus the HMAC-SHA256 of the exact raw body, keyed by your endpoint secret. Verify it before acting on the event.
import { verifyWebhook } from "@decentrohr/sdk"; app.post("/hooks/decentrohr", (req, res) => { try { const evt = verifyWebhook(secret, req.rawBody, req.header("X-DecentroHR-Signature")); // evt.event === "payroll.run.completed", evt.tenantId, … res.sendStatus(200); } catch { res.sendStatus(400); // forged / bad signature } });
Pass the raw request body to the verifier — a re-serialized JSON object won't match the signature.
A non-2xx response is retried with backoff up to six attempts, then marked failed; you can redrive a failed delivery from the partner dashboard or API. Handle events idempotently — the same event id may arrive more than once.