System Documentation

Ecovira Developer Docs

Documentation

Ecovira Documentation

Guides, references, and integration pathways for Ecovira API Infrastructure.

All technical documentation in one place. Use the section navigation to jump between topics. Access is designed for approved partners through sandbox-first, governed rollout.

Getting started

Documentation is structured for approved partners, internal teams, and future enterprise integrations. Production API access is planned for governed rollout — not open public self-serve.

Note: SDKs and production credentials are issued during approved partner onboarding — not via instant public signup.

Documentation overview

Ecovira docs are organised around authentication, sandbox testing, events, webhooks, API reference patterns, and partner onboarding. Content reflects the future API surface and staged access model.

Authentication

API keys, environments, and scoped access.

Read →

API Reference

Endpoint categories and response patterns.

Read →

Webhooks

Delivery, signing, and retry behaviour.

Read →

Events

Event types, payloads, and lifecycle.

Read →

Sandbox

Safe testing before live access.

Read →

SDKs

Planned integration kits and language roadmap.

Read →

Developer Platform

Ecosystem overview and integration pathway.

Hub →

Partner Access

Governed onboarding and approval process.

Apply →

Recommended reading order

  1. 01
    Developer Platform/developers/ — ecosystem overview
  2. 02
  3. 03
  4. 04
  5. 05
  6. 06
    API ReferenceEndpoint patterns
  7. 07

Next: API Reference →

API Reference

Structured endpoint patterns for Ecovira’s future operational API layer. The reference describes the planned REST surface for approved partners.

Base URL

All requests use versioned HTTPS endpoints. Use sandbox during onboarding; production is planned for approved partners only.

Productionhttps://api.ecoviraglobal.com/v1
Sandboxhttps://sandbox-api.ecoviraglobal.com/v1
Important: Production access is planned for approved partners only. Sandbox credentials are issued during governed onboarding.

Endpoint categories

The future API surface is organised around operational domains across Ecovira’s ecosystem.

Clients

Partner and organisation client records, scopes, and environment bindings.

Projects

Coordination projects, status, and cross-system attribution.

Events

Operational signals, lifecycle states, and audit trails.

Webhooks

Subscription endpoints, delivery history, and verification.

Payments

Escrow and payment status coordination (governed access).

Documents

Workflow documents, verification states, and restrictions.

Partner Systems

Approved external integrations and operational handoffs.

Example endpoint

Retrieve a project by identifier. Response fields are designed for stable integration and source attribution.

Request
GET/v1/projects/{project_id}
GET /v1/projects/eco_prj_1048
Authorization: Bearer eco_sk_sandbox_xxxxxxxxx
Accept: application/json
Response
{
  "project_id": "eco_prj_1048",
  "status": "in_progress",
  "source": "workvira_nexus",
  "updated_at": "2026-05-25T04:00:00Z"
}

Response format

Responses are JSON with consistent conventions across the planned API surface.

  • JSON — all successful and error payloads use application/json
  • Stable identifiers — prefixed IDs (e.g. eco_prj_*, evt_*) for long-lived references
  • Status fields — operational states aligned with coordination workflows
  • Source attribution — originating system recorded for audit and routing
  • Timestamping — ISO 8601 UTC timestamps on create and update events

Next: Sandbox →

Sandbox Environment

Test integrations safely before live operational access. The sandbox is designed for sandbox-first onboarding.

Purpose

Ecovira follows a sandbox-first integration model. Partners exercise the future API surface in an isolated environment before production credentials are considered. This supports staged rollout and operational readiness reviews.

Sandbox capabilities

Mock project events

Simulate project lifecycle transitions and coordination signals.

Test webhook delivery

Validate endpoints, signing, and retry handling in isolation.

Simulated payment statuses

Preview escrow and payment state changes without live funds.

Document workflow previews

Exercise upload, verification, and restriction paths safely.

Partner integration testing

End-to-end handoffs between approved partner systems.

Error-state testing

Trigger auth, validation, and delivery failures for robust handlers.

Sandbox credentials

Sandbox API keys and organisation bindings will be issued to approved partners during onboarding — not through public self-serve signup. Keys are environment-scoped and separate from planned production credentials.

Base URL: https://sandbox-api.ecoviraglobal.com/v1

Example sandbox event

Emit a mock project update to exercise event ingestion and webhook fan-out.

Sandbox event
POST/v1/events/sandbox.project.updated
{
  "event": "sandbox.project.updated",
  "project_id": "test_prj_0001",
  "status": "review_required",
  "environment": "sandbox"
}

Next: Authentication →

Authentication

Secure, scoped access for approved Ecovira integrations — environment-specific keys and partner-level permissions.

Access model

Authentication supports the staged rollout of Ecovira API Infrastructure.

  • API keys — bearer tokens issued to approved partners per environment
  • Environment separation — sandbox and production credentials are never interchangeable
  • Partner-level permissions — access boundaries aligned with onboarding scope
  • Scoped access — keys limited to approved modules and operations
  • Rotation and revocation — planned lifecycle controls for credential hygiene

Authorization header

Include the API key on every request over HTTPS.

Header
Authorization: Bearer eco_sk_live_xxxxxxxxx
Note: Example keys are illustrative. Live and sandbox prefixes will be issued during approved onboarding.

Environments

Sandbox

Isolated testing with mock events, simulated payments, and webhook delivery exercises.

Production

Planned live coordination for partners who complete security and operational review.

Partner Review

Limited-scope access during integration assessment before full sandbox or production issuance.

Security principles

  • Never expose secret keys client-side (browsers, mobile apps, or public repos)
  • Rotate keys regularly as part of planned credential lifecycle
  • Use environment-specific credentials — never reuse sandbox keys in production
  • Restrict integrations by partner scope and approved modules
  • Monitor webhook and event activity for anomalies during rollout

Error response

401 Unauthorized
{ "error": { "code": "unauthorized", "message": "Invalid or missing API key." } }

Next: Webhooks →

Webhooks

Receive operational updates from Ecovira systems in real time, with signing, retries, and audit-ready delivery logging.

Webhook overview

Subscribe to events that matter for your integration. Planned webhook types include:

  • Project updates and status transitions
  • Payment and escrow status changes
  • Document workflow events
  • Partner alerts and coordination signals
  • Review requirements and escalation notices

Delivery model

01

Event created

Operational signal recorded with stable ID and timestamp.

02

Payload signed

HMAC signature attached for partner verification.

03

Delivery attempted

HTTPS POST to your configured endpoint.

04

Retry scheduled if failed

Exponential backoff on non-2xx or timeout responses.

05

Event logged for audit

Delivery history retained for operational review.

Example payload

Webhook body
{ "id": "evt_2048", "type": "project.updated", "created_at": "2026-05-25T04:00:00Z", "data": { "project_id": "eco_prj_1048", "status": "in_progress" } }

Verification

Verify webhook authenticity using the planned signature header. Compare against your webhook secret using HMAC-SHA256 over timestamp.payload.

Headers
Ecovira-Signature: t=1716614400,v1=8f4a2c...
Ecovira-Timestamp: 1716614400
Content-Type: application/json

Retry policy

Failed deliveries are planned to retry with exponential backoff: initial delay approximately 60 seconds, doubling per attempt, capped at one hour, with up to five attempts before dead-letter handling. Partners should respond with 2xx promptly and process idempotently using event IDs.

Next: Events →

Events

A structured event model for operational coordination across Ecovira systems.

Event philosophy

Every meaningful state change can emit an event with a stable identifier, typed name, source attribution, and timestamp. This supports webhook fan-out, audit trails, and cross-system coordination during staged rollout.

Event types

Event typeDescription
project.createdNew coordination project registered
project.updatedProject fields or assignment changed
project.review_requiredHuman or operational review requested
invoice.createdInvoice drafted or issued in workflow
payment.status_changedEscrow or payment state transition
document.generatedDocument produced or made available
webhook.delivery_failedPartner endpoint delivery exhausted retries
partner.access_updatedPartner scope or credential lifecycle change

Event object

Event JSON
{ "id": "evt_2048", "type": "project.updated", "source": "workvira_nexus", "created_at": "2026-05-25T04:00:00Z", "data": {} }

Status lifecycle

Typical project coordination flow across the planned operational model:

draftreview_requiredin_progresscompletedarchived

Next: SDKs →

SDKs & Integration Kits

Future tooling to help approved partners build faster with Ecovira infrastructure. SDKs are planned — not yet generally available.

SDK roadmap

Ecovira is designing language-specific kits to reduce integration time for approved partners. Availability will follow staged rollout and partner feedback — there is no fully launched public SDK today.

Status: SDKs are planned for future release. Access to early previews may be offered during partner onboarding.

Planned SDKs

JavaScript / TypeScript

Browser and Node clients for REST and webhook verification helpers.

Python

Server-side integrations, automation, and operational scripts.

PHP / WordPress

CMS and partner-site connectors aligned with Ecovira Global properties.

REST examples

Copy-paste request patterns for authentication and core resources.

Webhook testing utilities

Signature verification samples and mock delivery tools.

Postman-style collections

Curated request sets for sandbox exploration during onboarding.

Integration kits

Partner onboarding kit

Checklists, environment setup, and scope documentation for new partners.

Sandbox event kit

Mock payloads and triggers for safe end-to-end testing.

Webhook verification examples

Reference implementations for Ecovira-Signature validation.

Document workflow examples

Sample flows for upload, verification, and restriction states.

Current recommendation

Until SDKs are released, use the API Reference, Sandbox examples, and Webhooks documentation. Request partner access when you are ready for governed credentials.

Next: Partner Access →

Ready for partner access?

When your integration is scoped and tested, begin the governed onboarding process.

Request Partner Access Developer Platform