Webhooks

Eriga can send real-time HTTP POST notifications when domain events happen in your Space — certificates issued, resources updated, compliance gaps detected.

Under development

Webhooks are under active development. The endpoint configuration UI ships with the next API release. The contract below is stable and intended to ship as-is.

Events

Eriga emits one webhook per domain event. Subscribe per Space.

Event	When
certificate.issued	A new certificate is created
certificate.expiring	A certificate enters the 30-day expiry window
certificate.expired	A certificate has expired
resource.created	A new resource is added
resource.updated	Resource fields change (name, type, units)
unit.created	A new unit is added
compliance.gap.detected	A new compliance gap is computed

Payload format

{
  "event": "certificate.issued",
  "spaceId": "01J0...",
  "occurredAt": "2026-05-04T10:00:00Z",
  "data": {
    "certificateId": "01J0...",
    "resourceId": "01J0...",
    "actionId": "01J0...",
    "issuedAt": "2026-05-04T09:55:12Z",
    "expiresAt": "2027-05-04T00:00:00Z"
  }
}

Security

• HMAC-SHA256 signature in the X-Eriga-Signature header
• Each endpoint has its own secret, rotatable at any time
• Verify the signature before processing payloads
• Idempotent: events include a unique eventId for deduplication

Delivery guarantees

• At-least-once delivery
• Retry with exponential backoff on non-2xx responses (max 24h)
• Failed endpoints can be inspected and replayed from the audit log