Weavr Webhook (2.27.0)

Download OpenAPI specification:Download

For Verification, create a base64 hash using HmacSHA256 using Published-Timestamp header as message and your API key as secret. The result should match the Signature header.

Corporates

Corporate KYB status updateWebhook

Notification that the KYB status of a corporate identity has been updated.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
corporateId
string^[0-9]+$

Id of the corporate.

corporateEmail
string

Email of the corporate.

status
string (KyiStatus)

Effective KYB status of the corporate.

Enum: "UNDEFINED" "NOT_STARTED" "INITIATED" "PENDING_REVIEW" "APPROVED" "REJECTED"
details
Array of strings (CorporateKybFailureReason)

Action which my be required to re-process kyb in case of temporary rejections.

Items Enum: "UNDEFINED_REQUIRED_INTERVENTION" "DOCUMENTS_UNSATISFACTORY" "SUPPLIED_DATA_AND_DOCUMENTS_MISMATCH" "LANGUAGE_IN_DOCUMENTS_UNSUPPORTED" "SELFIE_UNSATISFACTORY" "SELFIE_AND_DOCUMENTS_MISMATCH" "CORPORATE_DETAILS_UNSATISFACTORY" "BENEFICIARY_DETAILS_UNSATISFACTORY" "REPRESENTATIVE_DETAILS_UNSATISFACTORY" "OTHER" "ROOT_USER_UNMATCHED_TO_DIRECTOR_OR_REPRESENTATIVE" "UNSUPPORTED_COUNTRY" "EXPIRED_KYC_DOCUMENTS"
rejectionComment
string

Reason shown to the user in case of temporary rejection.

ongoingStatus
string (KyiStatus)

Ongoing KYB Status of the corporate.

Enum: "UNDEFINED" "NOT_STARTED" "INITIATED" "PENDING_REVIEW" "APPROVED" "REJECTED"
Responses
204

Success - No Content

Request samples
application/json
{
  • "corporateId": "string",
  • "corporateEmail": "string",
  • "status": "UNDEFINED",
  • "details": [
    ],
  • "rejectionComment": "string",
  • "ongoingStatus": "UNDEFINED"
}

Corporate beneficiary status updateWebhook

Notification that the verification status of a corporate beneficiary has been updated.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
event
Array of strings (BeneficiaryEventType)

The event that triggered this webhook notification. The event is structured to describe the parameter that has triggered the event followed by the action that occurred.

Items Enum: "STATUS_UPDATED" "BENEFICIARY_TYPE_UPDATED" "FIRST_NAME_UPDATED" "MIDDLE_NAME_UPDATED" "LAST_NAME_UPDATED" "EMAIL_UPDATED"
eventDetails
Array of strings (CorporateKybFailureReason)

A reason, if any, describing why this event has occurred.

Items Enum: "UNDEFINED_REQUIRED_INTERVENTION" "DOCUMENTS_UNSATISFACTORY" "SUPPLIED_DATA_AND_DOCUMENTS_MISMATCH" "LANGUAGE_IN_DOCUMENTS_UNSUPPORTED" "SELFIE_UNSATISFACTORY" "SELFIE_AND_DOCUMENTS_MISMATCH" "CORPORATE_DETAILS_UNSATISFACTORY" "BENEFICIARY_DETAILS_UNSATISFACTORY" "REPRESENTATIVE_DETAILS_UNSATISFACTORY" "OTHER" "ROOT_USER_UNMATCHED_TO_DIRECTOR_OR_REPRESENTATIVE" "UNSUPPORTED_COUNTRY" "EXPIRED_KYC_DOCUMENTS"
object (BeneficiaryVerifiedEventAdditionalInformation)

Additional information related to the event triggering this notification.

rejectionComment
string

Reason shown to the user in case of temporary rejection.

Responses
204

Success - No Content

Request samples
application/json
{
  • "event": [
    ],
  • "eventDetails": [
    ],
  • "additionalInformation": {
    },
  • "rejectionComment": "string"
}

Corporate activationWebhook

Notification that a corporate identity has been activated.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
actionDoneBy
required
string (ActionDoneBy)
Enum: "UNDEFINED" "ADMIN" "INNOVATOR"
emailAddress
required
string
Responses
204

Success - No Content

Request samples
application/json
{
  • "actionDoneBy": "UNDEFINED",
  • "emailAddress": "string"
}

Corporate deactivationWebhook

Notification that a corporate identity has been deactivated.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
actionDoneBy
required
string (ActionDoneBy)
Enum: "UNDEFINED" "ADMIN" "INNOVATOR"
emailAddress
required
string
reasonCode
required
string (IdentityDeactivatedReasonCode)
Enum: "UNDEFINED_REASON" "ACCOUNT_REVIEW" "ACCOUNT_SECURITY" "TEMPORARY" "ACCOUNT_CLOSURE" "ACCOUNT_ABANDONED"
Responses
204

Success - No Content

Request samples
application/json
{
  • "actionDoneBy": "UNDEFINED",
  • "emailAddress": "string",
  • "reasonCode": "UNDEFINED_REASON"
}

Consumers

Consumer KYC status updateWebhook

Notification that the KYC status of a consumer identity has been updated.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
consumerId
string^[0-9]+$
consumerEmail
string
status
string (KyiStatus)
Enum: "UNDEFINED" "NOT_STARTED" "INITIATED" "PENDING_REVIEW" "APPROVED" "REJECTED"
details
Array of strings (KycRejectionReason)

Action which my be required to re-process kyc in case of temporary rejections.

Items Enum: "UNDEFINED_KYC_FAILURE_REASON" "DOCUMENTS_UNSATISFACTORY" "SUPPLIED_DATA_AND_DOCUMENTS_MISMATCH" "LANGUAGE_IN_DOCUMENTS_UNSUPPORTED" "SELFIE_UNSATISFACTORY" "SELFIE_AND_DOCUMENTS_MISMATCH" "OTHER" "UNSUPPORTED_COUNTRY" "PEP_STATUS" "REJECTED_DUPLICATE" "EXPIRED_KYC_DOCUMENTS"
rejectionComment
string

Reason shown to the user in case of temporary rejection.

kycLevel
string (KycLevel)
Deprecated

The KYC level, which determines what KYC information will be requested from the consumer:

  • KYC_LEVEL_1: The most basic level of KYC required.
  • KYC_LEVEL_2: Full due diligence level 2
Enum: "KYC_LEVEL_1" "KYC_LEVEL_2"
ongoingStatus
string (KyiStatus)
Enum: "UNDEFINED" "NOT_STARTED" "INITIATED" "PENDING_REVIEW" "APPROVED" "REJECTED"
ongoingKycLevel
string (KycLevel)
Deprecated

The KYC level, which determines what KYC information will be requested from the consumer:

  • KYC_LEVEL_1: The most basic level of KYC required.
  • KYC_LEVEL_2: Full due diligence level 2
Enum: "KYC_LEVEL_1" "KYC_LEVEL_2"
eventTimestamp
string^[0-9]+$

Epoch timestamp using millisecond precision.

object (KycEventAdditionalInformation)

Additional information related to the event triggering this notification.

Responses
204

Success - No Content

Request samples
application/json
{
  • "consumerId": "string",
  • "consumerEmail": "string",
  • "status": "UNDEFINED",
  • "details": [
    ],
  • "rejectionComment": "string",
  • "kycLevel": "KYC_LEVEL_1",
  • "ongoingStatus": "UNDEFINED",
  • "ongoingKycLevel": "KYC_LEVEL_1",
  • "eventTimestamp": "string",
  • "additionalInformation": {
    }
}

Consumer activationWebhook

Notification that a consumer identity has been activated.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
actionDoneBy
required
string (ActionDoneBy)
Enum: "UNDEFINED" "ADMIN" "INNOVATOR"
emailAddress
required
string
Responses
204

Success - No Content

Request samples
application/json
{
  • "actionDoneBy": "UNDEFINED",
  • "emailAddress": "string"
}

Consumer deactivationWebhook

Notification that a consumer identity has been deactivated.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
actionDoneBy
required
string (ActionDoneBy)
Enum: "UNDEFINED" "ADMIN" "INNOVATOR"
emailAddress
required
string
reasonCode
required
string (IdentityDeactivatedReasonCode)
Enum: "UNDEFINED_REASON" "ACCOUNT_REVIEW" "ACCOUNT_SECURITY" "TEMPORARY" "ACCOUNT_CLOSURE" "ACCOUNT_ABANDONED"
Responses
204

Success - No Content

Request samples
application/json
{
  • "actionDoneBy": "UNDEFINED",
  • "emailAddress": "string",
  • "reasonCode": "UNDEFINED_REASON"
}

Managed Cards

Card authorisationWebhook

Notification that a card authorisation attempt has been performed on a managed card. This is sent irrespective of the authorisation outcome

  • the approved field indicates whether the authorisation has been approved or denied.
Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
required
object (InstrumentId)

The id of the managed card on which an authorisation has been performed.

transactionId
required
string^[0-9]+$

The id of the transaction, for reference.

required
object (LegacyCurrencyAmount)

The amount in the currency of the card.

transactionTimestamp
required
string^[0-9]+$

The timestamp of the transaction, using epoch timestamp with millisecond precision.

required
object (LegacyCurrencyAmount)

The amount in the currency of the merchant.

required
object (MerchantData)

Merchant related information

merchantName
required
string
Deprecated

The name of the merchant where the authorisation has been made.

merchantCategoryCode
string
Deprecated

The merchant category code.

merchantId
string
Deprecated

The merchant ID.

approved
boolean

Indicates whether the authorisation has been approved or denied.

object (LegacyCurrencyAmount)

The updated card available balance after this authorisation was processed.

declineReason
string (AuthDeclineReason)

An indication of why the authorisation was declined

Enum: "NO_REASON" "PHYSICAL_NOT_ACTIVATED" "INSUFFICIENT_BALANCE" "CVV_CHECKS_FAILED" "CVV_RETRIES_EXCEEDED" "CARD_STATUS_NOT_ALLOWED" "PIN_CHECKS_FAILED" "PIN_RETRIES_EXCEEDED" "CARD_EXPIRY_CHECKS_FAILED" "AVS_CHECKS_FAILED" "ATM_WITHDRAWAL_LIMIT_EXCEEDED" "SCA_REQUIRED" "AUTH_RULE_CHECKS_FAILED" "TRANSACTION_NOT_PERMITTED" "TIMEOUT"
authRuleFailedReason
string (AuthRuleChecksFailedReason)

If the authorisation was declined due to auth rule checks, this indicates the auth rule that was violated.

Enum: "NONE" "MERCHANT_CATEGORY_NOT_IN_ALLOWED_LIST" "MERCHANT_CATEGORY_BLOCKED" "MERCHANT_ID_NOT_IN_ALLOWED_LIST" "MERCHANT_ID_BLOCKED" "ATM_NOT_ALLOWED" "CONTACTLESS_NOT_ALLOWED" "ECOMMERCE_NOT_ALLOWED" "CASHBACK_NOT_ALLOWED" "CREDIT_AUTHORISATIONS_NOT_ALLOWED" "SPEND_LIMIT_EXCEEDED" "MERCHANT_COUNTRY_NOT_IN_ALLOWED_LIST" "MERCHANT_COUNTRY_BLOCKED" "MIN_TRANSACTION_AMOUNT_EXCEEDED" "MAX_TRANSACTION_AMOUNT_EXCEEDED" "AUTH_FORWARDING"
authorisationType
required
string (CardAuthorisationDetailsAuthorisationType)

The type of authorisation that was processed.

Enum: "AUTHORISED" "AUTHORISED_CREDIT" "DECLINED" "ONLINE_REVERSE" "EXPIRED" "MANUAL_CLOSE" "CANCELLED"
relatedAuthorisationId
string^[0-9]+$
Deprecated

The related authorisation id which this authorisation is performing further updates on.

relatedAuthorisationIds
Array of integers <int64>

The list of related authorisation ids which this authorisation is related to.

required
object (StringWrappedTypeId)
cardholderPresent
string (CardHolderPresent)

Optional detail indicating if the card holder was present when the authorisation occurred.

Enum: "PRESENT" "NOT_PRESENT" "PRESENCE_UNKNOWN"
cardPresent
boolean

Optional detail indicating if the card was present when the authorisation occurred.

object (ManagedCardModeDetails)
authCode
string [ 1 .. 6 ] characters

The authorisation code associated with this authorisation.

object (LegacyCurrencyAmount)

The forex padding amount, if any, that has been included in the transactionAmount.

object (LegacyCurrencyAmount)

The forex fee, if any, that has been included in the transactionAmount.

object (AuthForwardingDetails)

Contains information about the authorisations that have been forwarded.

merchantCountryCode
string
Deprecated

The merchant country code.

object (DigitalWalletDetails)

Contains information about the digital wallet, if it has been used.

Responses
204

Success - No Content

Request samples
application/json
{
  • "id": {
    },
  • "transactionId": "string",
  • "transactionAmount": {
    },
  • "transactionTimestamp": "string",
  • "sourceAmount": {
    },
  • "merchantData": {
    },
  • "merchantName": "string",
  • "merchantCategoryCode": "string",
  • "merchantId": "string",
  • "approved": true,
  • "availableBalance": {
    },
  • "declineReason": "NO_REASON",
  • "authRuleFailedReason": "NONE",
  • "authorisationType": "AUTHORISED",
  • "relatedAuthorisationId": "string",
  • "relatedAuthorisationIds": [
    ],
  • "owner": {
    },
  • "cardholderPresent": "PRESENT",
  • "cardPresent": true,
  • "details": {
    },
  • "authCode": "string",
  • "forexPadding": {
    },
  • "forexFee": {
    },
  • "authForwardingDetails": {
    },
  • "merchantCountryCode": "string",
  • "digitalWalletDetails": {
    }
}

Card adjustmentWebhook

Notification that a balance adjustment has been processed on a managed card.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
required
object (InstrumentId)

The id of the managed card on which a settlement has been performed.

transactionId
required
string^[0-9]+$

The id of the transaction, for reference.

adjustmentType
required
string (CardAdjustmentDetailsAdjustmentType)

The type of adjustment that was processed.

Enum: "DEFAULT_ADJUSTMENT" "LOST_STOLEN_REPLACEMENT_BALANCE_TRANSFER"
required
object (LegacyCurrencyAmount)

The amount in the currency of the card.

transactionTimestamp
required
string^[0-9]+$

The timestamp of the transaction, using epoch timestamp with millisecond precision.

object (LegacyCurrencyAmount)

The updated card available balance after this adjustment was processed.

required
object (StringWrappedTypeId)
object (ManagedCardModeDetails)
Responses
204

Success - No Content

Request samples
application/json
{
  • "id": {
    },
  • "transactionId": "string",
  • "adjustmentType": "DEFAULT_ADJUSTMENT",
  • "adjustmentAmount": {
    },
  • "transactionTimestamp": "string",
  • "availableBalance": {
    },
  • "owner": {
    },
  • "details": {
    }
}

Card settlementWebhook

Notification that a card settlement has been processed on a managed card.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
required
object (InstrumentId)

The id of the managed card on which a settlement has been performed.

transactionId
required
string^[0-9]+$

The id of the transaction, for reference.

settlementType
required
string (CardMerchantSettlementMerchantTransactionType)

The type of settlement that was processed.

Enum: "SALE_PURCHASE" "CASH_WITHDRAWAL" "SALE_WITH_CASHBACK" "MAIL_OR_TELEPHONE_ORDER" "PURCHASE_REFUND_REVERSAL" "ORIGINAL_CREDIT_TRANSACTION_REVERSAL" "CASH_WITHDRAWAL_REVERSAL" "PURCHASE_REFUND" "PURCHASE_REVERSAL" "ORIGINAL_CREDIT_TRANSACTION" "FIRST_CHARGEBACK" "FIRST_CHARGEBACK_REVERSAL" "FIRST_REPRESENTMENT" "FIRST_REPRESENTMENT_REVERSAL" "SECOND_CHARGEBACK" "SECOND_CHARGEBACK_REVERSAL" "SECOND_REPRESENTMENT" "ARBITRATION_CHARGEBACK" "BALANCE_INQUIRY"
required
object (LegacyCurrencyAmount)

The amount in the currency of the card.

transactionTimestamp
required
string^[0-9]+$

The timestamp of the transaction, using epoch timestamp with millisecond precision.

required
object (LegacyCurrencyAmount)

The amount in the currency of the merchant.

required
object (MerchantData)

Merchant related information

merchantName
string
Deprecated

The name of the merchant where the authorisation has been made.

merchantCategoryCode
string
Deprecated

The merchant category code.

merchantId
string
Deprecated

The merchant ID.

object (ManagedCardModeDetails)
object (LegacyCurrencyAmount)

The updated card available balance after this authorisation was processed.

relatedAuthorisationId
string^[0-9]+$
Deprecated

The related authorisation id which this settlement is clearing.

relatedSettlementId
string^[0-9]+$
Deprecated

The related settlement id.

relatedAuthorisationIds
Array of integers <int64>

The list of related authorisation ids which this Settlement is related to.

relatedSettlementIds
Array of integers <int64>

The list of related settlement ids which this Settlement is related to.

required
object (StringWrappedTypeId)
required
object (LegacyCurrencyAmount)

The settlement fee, in the currency of the card.

authCode
string [ 1 .. 6 ] characters

The authorisation code associated with this settlement.

state
required
string (ManagedCardsSettlementEventSettlementState)

The state of the settlement.

Enum: "PENDING" "COMPLETED"
object (LegacyCurrencyAmount)

The forex fee, if any, that has been included in the transactionAmount.

merchantCountryCode
string
Deprecated

The merchant country code.

object (DigitalWalletDetails)

Contains information about the digital wallet, if it has been used.

Responses
204

Success - No Content

Request samples
application/json
{
  • "id": {
    },
  • "transactionId": "string",
  • "settlementType": "SALE_PURCHASE",
  • "transactionAmount": {
    },
  • "transactionTimestamp": "string",
  • "sourceAmount": {
    },
  • "merchantData": {
    },
  • "merchantName": "string",
  • "merchantCategoryCode": "string",
  • "merchantId": "string",
  • "details": {
    },
  • "availableBalance": {
    },
  • "relatedAuthorisationId": "string",
  • "relatedSettlementId": "string",
  • "relatedAuthorisationIds": [
    ],
  • "relatedSettlementIds": [
    ],
  • "owner": {
    },
  • "feeAmount": {
    },
  • "authCode": "string",
  • "state": "PENDING",
  • "forexFee": {
    },
  • "merchantCountryCode": "string",
  • "digitalWalletDetails": {
    }
}

Card expiry and renewalWebhook

Notification that a card is about to expire, a card Expired or a Card was renewed.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
required
object (InstrumentId)

The id of the managed card on which the event occurred.

eventType
required
string (ManagedCardsExpiryAndRenewalEventType)

The type of event.

Enum: "CARD_ABOUT_TO_EXPIRE" "CARD_EXPIRED" "CARD_RENEWED"
required
object (ManagedInstrumentState)

The state of the instrument.

cardType
required
string (CardType)
Enum: "VIRTUAL" "PHYSICAL"
expiryMmyy
string

The end date of this card, in MMYY format.

renewalType
required
string (CardRenewalType)

Indicates how the card will be handled once it is close to expiring.

Enum: "RENEW" "NO_RENEW"
renewalTimestamp
string^[0-9]+$

The timestamp when the card will be renewed, expressed in Epoch timestamp using millisecond precision.

Responses
204

Success - No Content

Request samples
application/json
{
  • "id": {
    },
  • "eventType": "CARD_ABOUT_TO_EXPIRE",
  • "state": {
    },
  • "cardType": "VIRTUAL",
  • "expiryMmyy": "string",
  • "renewalType": "RENEW",
  • "renewalTimestamp": "string"
}

Card upgrade to physical detailsWebhook

Notification that there has been an update in the card upgrade to physical process

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
required
object (InstrumentId)

The id of the managed card on which the event occurred.

required
object (PhysicalCardDetails)
upgradedTimestamp
required
string^[0-9]+$

Epoch timestamp using millisecond precision.

Responses
204

Success - No Content

Request samples
application/json
{
  • "id": {
    },
  • "physicalCardDetails": {
    },
  • "upgradedTimestamp": "string"
}

Managed Accounts

Account updateWebhook

Notification that the status of a managed account has been updated.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
required
object (LegacyManagedAccount)
publishedTimestamp
required
string^[0-9]+$

Epoch timestamp using millisecond precision.

type
required
string (ManagedAccountEventType)
Enum: "CREATED" "UPDATED" "REQUESTED" "REJECTED" "BLOCKED" "UNBLOCKED" "DESTROYED"
Responses
204

Success - No Content

Request samples
application/json
{
  • "account": {
    },
  • "publishedTimestamp": "string",
  • "type": "CREATED"
}

Account depositWebhook

Notification that a deposit (incoming bank transfer) has been performed on a managed account.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
required
object (InstrumentId)

The id of the managed account where a deposit has been performed.

transactionId
required
string^[0-9]+$

The id of the transaction, for reference.

required
object (LegacyCurrencyAmount)

The amount of the transaction.

transactionTimestamp
required
string^[0-9]+$

The timestamp of the transaction, using epoch timestamp with millisecond precision.

emailAddress
string

The email address of the user who effected the deposit.

required
object (StringWrappedTypeId)
senderName
string
state
string (ManagedAccountsDepositEventDepositState)
Enum: "PENDING" "COMPLETED" "REJECTED"
senderIban
string
senderSortCode
string
senderAccountNumber
string
object (LegacyCurrencyAmount)

Any fee amount taken with the deposit

senderReference
string

The reference of the deposit sender

Responses
204

Success - No Content

Request samples
application/json
{
  • "id": {
    },
  • "transactionId": "string",
  • "transactionAmount": {
    },
  • "transactionTimestamp": "string",
  • "emailAddress": "string",
  • "owner": {
    },
  • "senderName": "string",
  • "state": "PENDING",
  • "senderIban": "string",
  • "senderSortCode": "string",
  • "senderAccountNumber": "string",
  • "transactionFee": {
    },
  • "senderReference": "string"
}

Linked Accounts

Linked Account UpdateWebhook

Notification that an event related to a Linked Account has occurred.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
required
object (LinkedAccount)
publishedTimestamp
required
string^[0-9]+$

Epoch timestamp using millisecond precision.

eventType
required
string (LinkedAccountEventType)

The type of event that occurred related to the linked account. Possible values are:

  • PENDING_VERIFICATION: The linked account is pending verification.
  • VERIFIED: The overall verification run was successfully completed. The linked account is now verified.
  • BLOCKED: The linked account has been blocked.
  • UNBLOCKED: The linked account has been unblocked.
  • REMOVED: The linked account has been removed.
  • REJECTED: The linked account was rejected.
Enum: "PENDING_VERIFICATION" "VERIFIED" "BLOCKED" "UNBLOCKED" "REMOVED" "REJECTED"
Responses
204

Success - No Content

Request samples
application/json
{
  • "linkedAccount": {
    },
  • "publishedTimestamp": "string",
  • "eventType": "PENDING_VERIFICATION"
}

Transfers

Transfer transactionWebhook

Notification that a Transfer transaction has been processed.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
eventType
required
string (TransferEventTransferEventType)
Enum: "PENDING" "COMPLETED" "FAILED" "SCHEDULED" "CANCELLED"
required
object (LegacyTransfer)
Deprecated
publishedTimestamp
required
string^[0-9]+$

Epoch timestamp using millisecond precision.

Responses
204

Success - No Content

Request samples
application/json
{
  • "eventType": "PENDING",
  • "transfer": {
    },
  • "publishedTimestamp": "string"
}

Send

Send transactionWebhook

Notification that a Send transaction has been processed.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
eventType
required
string (SendEventSendEventType)
Enum: "PENDING" "COMPLETED" "FAILED" "PENDING_CHALLENGE" "INVALID" "SCHEDULED" "CANCELLED"
required
object (LegacySend)
publishedTimestamp
required
string^[0-9]+$
Responses
204

Success - No Content

Request samples
application/json
{
  • "eventType": "PENDING",
  • "send": {
    },
  • "publishedTimestamp": "string"
}

Outgoing Wire Transfers

Outgoing Wire Transfer transactionWebhook

Notification that a Outgoing Wire Transfer has been processed.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
required
object (LegacyOutgoingWireTransfer)
publishedTimestamp
required
string^[0-9]+$

Epoch timestamp using millisecond precision.

eventType
required
string (OutgoingWireTransferEventType)
Enum: "PENDING_CHALLENGE" "SUBMITTED" "APPROVED" "REJECTED" "FAILED" "COMPLETED" "RETURNED" "INVALID" "SCHEDULED" "CANCELLED" "PENDING_CONFIRMATION"
Responses
204

Success - No Content

Request samples
application/json
{
  • "transfer": {
    },
  • "publishedTimestamp": "string",
  • "eventType": "PENDING_CHALLENGE"
}

Manual Transactions

Manual transactionWebhook

Notification that a manual transaction has been processed.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
transactionId
required
string^[0-9]+$

Id of the transaction.

required
object (InstrumentId)

Id of the instrument on which the manual operation was performed.

availableBalanceAdjustment
string^[0-9]+$

The amount credited or debited on the available balance of the instrument.

actualBalanceAdjustment
string^[0-9]+$

The amount credited or debited on the actual balance of the instrument.

transactionTimestamp
required
string^[0-9]+$

The timestamp when the transaction was processed by the system, expressed in Epoch timestamp using millisecond precision.

object (StringWrappedTypeId)
Responses
204

Success - No Content

Request samples
application/json
{
  • "transactionId": "string",
  • "targetInstrument": {
    },
  • "availableBalanceAdjustment": "string",
  • "actualBalanceAdjustment": "string",
  • "transactionTimestamp": "string",
  • "owner": {
    }
}

Fees

FeeWatchWebhook

Notification that a fee has been charged.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
required
object
publishedTimestamp
required
string^[0-9]+$

Epoch timestamp using millisecond precision.

type
required
string (ChargeFeeEventType)
Enum: "UNDEFINED" "COMPLETED"
Responses
204

Success - No Content

Request samples
application/json
{
  • "chargeFee": {
    },
  • "publishedTimestamp": "string",
  • "type": "UNDEFINED"
}

Login

Login attemptWebhook

Notification that a login attempt was completed successfully or declined.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
required
object (CredentialId)
object (StringWrappedTypeId)
type
required
string

Login type can be with password or with auth/access token

status
required
string (LoginEventLoginEventStatus)
Enum: "VERIFIED" "DECLINED" "EXPIRED"
publishedTimestamp
required
string^[0-9]+$

Epoch timestamp using millisecond precision.

Responses
204

Success - No Content

Request samples
application/json
{
  • "credential": {
    },
  • "identity": {
    },
  • "type": "string",
  • "status": "VERIFIED",
  • "publishedTimestamp": "string"
}

Stepup

Step-up statusWebhook

Notification that a step-up has been completed or declined.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
required
object (CredentialId)
required
object (StringWrappedTypeId)
challengeId
required
string^[0-9]+$
type
required
string
status
required
string (StepupEventEventStatus)
Enum: "VERIFIED" "DECLINED" "EXPIRED"
publishedTimestamp
required
string^[0-9]+$

Epoch timestamp using millisecond precision.

authToken
string
Responses
204

Success - No Content

Request samples
application/json
{
  • "credential": {
    },
  • "identity": {
    },
  • "challengeId": "string",
  • "type": "string",
  • "status": "VERIFIED",
  • "publishedTimestamp": "string",
  • "authToken": "string"
}

Authentication Factors

Enrolment statusWebhook

Notification that an enrolment has been accepted or declined.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
required
object (CredentialId)
type
required
string
status
required
string (EnrolmentEventEnrolmentStatus)
Enum: "ACTIVE" "INACTIVE"
publishedTimestamp
required
string^[0-9]+$

Epoch timestamp using millisecond precision.

Responses
204

Success - No Content

Request samples
application/json
{
  • "credentialId": {
    },
  • "type": "string",
  • "status": "ACTIVE",
  • "publishedTimestamp": "string"
}

Beneficiaries

Beneficiary batchWebhook

Notification that a Beneficiary batch has been submitted.

Request
header Parameters
call-ref
string

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature
required
string
Deprecated

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

signature-v2
required
string

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

Request Body schema: application/json
required
id
required
string^[0-9]+$
operation
required
string (BeneficiaryBatchOperation)
Enum: "CREATE" "REMOVE"
tag
string <= 50 characters ^[a-zA-Z0-9_-]+$
publishedTimestamp
required
string^[0-9]+$

Epoch timestamp using millisecond precision.

eventType
required
string (BeneficiaryBatchEventType)
Enum: "INITIALISED" "FAILED" "PENDING_CHALLENGE" "CHALLENGE_FAILED" "CHALLENGE_COMPLETED"
required
Array of objects (LegacyBeneficiary)
Responses
204

Success - No Content

Request samples
application/json
{
  • "id": "string",
  • "operation": "CREATE",
  • "tag": "string",
  • "publishedTimestamp": "string",
  • "eventType": "INITIALISED",
  • "beneficiaries": [
    ]
}

Bulk Operations

Bulk Process EndWebhook

Reports on the final state of execution of a bulk process the moment it ends:

  • COMPLETED: the execution of the bulk process is complete and all bulk operations of the bulk process were executed successfully.
  • FAILED: none of the operations of the bulk process have executed.
  • PARTIALLY_COMPLETED: the execution of the bulk process is complete and some of the bulk operations of the bulk process failed.
Request
header Parameters
request-ref
string

A unique call reference included in every call, that enables the receiver to avoid duplicate handling of a webhook request (e.g. webhook was resent).

published-timestamp
required
integer <int64>

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

Request Body schema: application/json
required
bulkId
string

The bulk id of the bulk process

status
string (BulkProcessEndStatus)

"COMPLETED" : the execution of the bulk process is complete and all bulk operations of the bulk process were executed successfully. This is a final state for the bulk process

"PARTIALLY_COMPLETED" the execution of the bulk process is complete and some of the bulk operations of the bulk process failed. This is a final state for the bulk process

"FAILED" : none of the operations of the bulk process have executed. This is a final state for the bulk process

Enum: "PARTIALLY_COMPLETED" "COMPLETED" "FAILED"
submittedItemsCount
integer

The number of bulk operations in the bulk process

Responses
204

Success - No Content

Request samples
application/json
{
  • "bulkId": "string",
  • "status": "PARTIALLY_COMPLETED",
  • "submittedItemsCount": 0
}