Security Considerations
Using webhooks assumes that the URL/port in question is publicly accessible, or at least reachable from our test and production environments! To achieve this, it may be necessary to open ports or create the following exceptions in the firewall of the machine running the web service:
| Environment | Domain | IP Address |
|---|---|---|
| Testing/QA | https://ilink.acin.pt | 62.28.56.162:443 |
| Production | https://ilink.pt | 193.43.40.153:443 |
If the communication process for a document fails, ilink will attempt to send it again up to 10 times over the next 7 days, with increasingly longer intervals between each attempt. After 10 failed attempts, ilink will stop trying to send that document to the ERP.
A document is considered successfully delivered to the ERP when the webhook response returns an HTTP status code 200 (regardless of the content of the response). We recommend avoiding long-running processes in the response endpoint.
Important: When implementing this endpoint, the ERP is responsible for validating the access key and subsequently recording the received information in its system. We strongly recommend that your system validates the access key sent in the headers of our request; otherwise, you are accepting data from an unknown source. ilink sends your key in the header
Authorization: Bearer {INTEGRATION_KEY}. If no key is defined for the webhook, the integrator application token will be used.