How do I test webhooks locally?

Use a tunnel (ngrok, Cloudflare Tunnel) for your dev URL, register it in the console, and send sandbox documents to trigger events.

Webhooks

EDI webhooks

Register HTTPS webhook endpoints to receive document validation results, routing updates, and partner acknowledgement signals without polling.

Start free trial API reference

Event types

Typical events include document.validated, document.routed, document.partner_ack, and document.error. Payloads are documented in /docs.

JSON envelopes with documentId + partnerId
Retry with exponential backoff on 5xx

Signature headers

Every delivery carries X-SignalEDI-Signature (sha256=<hex>), X-SignalEDI-Timestamp (unix seconds), X-SignalEDI-Event, and X-SignalEDI-Delivery-ID. The signature is an HMAC-SHA256 over the string timestamp + '.' + rawBody, using your webhook signing secret.

Reject deliveries whose X-SignalEDI-Timestamp skews more than ~5 minutes (replay protection)
During key rotation a second X-SignalEDI-Signature-Legacy header lets you accept both secrets

Verification

Verify webhook signatures using the shared secret configured in the developer console. See the verify-signed-webhooks guide for code samples.

import crypto from "node:crypto";

function verifySignalEdiWebhook(input: {
  rawBody: string;
  signatureHeader: string;
  timestampHeader: string;
  secret: string;
}): boolean {
  const provided = input.signatureHeader.replace(/^sha256=/i, "").toLowerCase();
  const expected = crypto
    .createHmac("sha256", input.secret)
    .update(`${input.timestampHeader}.${input.rawBody}`, "utf8")
    .digest("hex");
  return crypto.timingSafeEqual(Buffer.from(provided, "hex"), Buffer.from(expected, "hex"));
}

Idempotency

Use X-SignalEDI-Delivery-ID to dedupe retries. Your handler should be safe to run twice for the same logical transition.

FAQ

Common questions

Return 2xx quickly after enqueueing async work. Timeouts cause retries — respond fast and process in a background queue.

Trust & proof

Built for SMB teams that need API-first EDI, healthcare diligence, and predictable pricing.

SignalEDI keeps the public promise consistent across every route: real-time processing, transparent monthly plans, no per-document fees, QuickBooks-friendly handoffs, and core healthcare X12 workflows on paid plans.

HIPAA-aware handlingBAA path documentedSecure API + webhooksNo per-document fees

Operations teams

“A supplier operations team can see partner setup, validation, exceptions, and QuickBooks handoff in one workspace instead of chasing spreadsheets.”

Healthcare billing

“837, 835, and 270/271 workflows are explained in plain English, with HIPAA-aware handling and a documented BAA review path for diligence.”

Developer teams

“JSON/CSV in and X12 out, with API docs, webhooks, real-time status, and validation responses that make EDI feel like modern infrastructure.”

Preview case studies