Webhooks
How to solve webhooks for e-invoice statuses?
Short answer
Never process the e-invoice status webhook blindly. Verify the source or signature, store the payload, check for idempotency, map the state to an internal state machine, and only then update the invoice. The same webhook can come multiple times, so processing must be secure.
Verification
Signature or token
The webhook must come from a trusted source.
Idempotency
Same event multiple times
A duplicate webhook must not change the result.
Mapping
Internal states
Translate the partner's status names into your own model.
Log
Payload and result
Save what came and how the system decided.
Conclusion
Process webhooks for e-invoices as verified, idempotent and logged events.
Sources
- Law no. 222/2004 Z. z. Coll. on VAT, § 76a
- Technical documentation of the partner
- Internal audit trail
Not legal advice. Machine-translated answer, not yet manually reviewed. For the exact wording, see the Slovak original.