Webhooks

Dispatches an event notification to a configured webhook endpoint

This webhook is triggered when a significant event occurs within the system that a partner might be interested in. The payload contains details about the event type and the associated data.

Request

The webhook will be sent as an HTTP POST request to the URL configured for the webhook. The body of the request will be a JSON payload (application/json) containing an ApiWebhookContainer.

Headers

The following headers will be included in the request, adhering to the Standard Webhooks specification:

content-type: application/json: Indicates the payload format.
webhook-id: A unique UUID (version 4) identifying this specific delivery attempt. This can be used for idempotency and logging.
webhook-timestamp: A string representing the Unix timestamp (seconds since epoch) of when the webhook notification was sent.
webhook-signature: A signature to verify the authenticity and integrity of the payload. The format is v1=<signature>, where <signature> is an HMAC-SHA256 hash.

Signature Verification

To verify the signature:

Extract the webhook-timestamp from the header.
Extract the webhook-signature from the header and remove the v1= prefix.
Concatenate the webhook-timestamp string and the raw request body.
Calculate the HMAC-SHA256 hash of the concatenated string using your webhook’s secret key.
Compare the calculated hash (hex-encoded) with the signature extracted from the header. They should match.

It is crucial to use a constant-time comparison function when comparing signatures to prevent timing attacks. (See the examples for more details)

POST

new_event

Body

application/json; charset=utf-8

Webhook Container

Top-level container for webhook notifications

data

WebhookNotification · object

required

Webhook Notification

Notification sent to a webhook subscriber containing event details

Show child attributes

data.customer_id

string<uuid>

required

The ID of the customer associated with this notification

data.message

WebhookEventMessage · object

required

Webhook Message

Union type representing different kinds of webhook messages

Webhook Event Message

Contains details about a general event notification

WebhookEventMessage
WebhookFiatAddressStatusMessage
WebhookAutorampStatusMessage
WebhookTransactionStatusMessage
WebhookCustomerStatusMessage
WebhookIdentificationStatusMessage
WebhookPingMessage

Show child attributes

data.message.id

string<uuid>

required

Unique identifier for the event

data.message.kind

enum<string>

required

Webhook Event Kind

Types of events that can be included in webhook notifications

Available options:

Transaction,

NewBankAccount,

NewAutoramp,

DepositAddressCreated,

CustomerCreated

timestamp

string

required

ISO timestamp when the notification was sent

type

string

required

The type of notification

Response

200 - undefined

Ping webhook

⌘I

Iron API - Sandbox

Body

Response