Skip to main content

Webhook subscriptions

Creating a subscription

To set up an active event subscription, pass a list containing one or more events to the webhooks API for which you want to be notified.

To create a subscription, use the POST /webhooks operation and provide the parameters as shown in the table below.

ParameterTypeDescription
urlstringURL to which the event should be sent.
descriptionstringFreeform description of the webhook's intended use, for example Jun 28 2021 KYC approved update.
eventsarray of stringsOne or more events to enable.
For a list of events, see Event types.
versionstringThe version of the webhook event envelope to use.
statusstringThe status to set of the webhook, either STATUS_ENABLED or STATUS_DISABLED.

📘 Note

You can also use wildcards when creating webhooks. For example, to refer to all card webhooks, use card*.

The following is an example of a request to create webhook subscriptions.

curl --request POST \
    --url https://sandbox.atelio.com/api/v0.1/webhooks \
    --header 'Accept: application/json' \
    --header 'Authorization: <YOUR_AUTHORIZATION>' \
    --header 'Content-Type: application/json' \
    --header 'Identity: <YOUR_IDENTITY>' \
    --data '
{
    "events": [\
        "card.created",\
        "kyc.verification.success",\
        "kyc.verification.failure",\
        "kyc.verification.error",\
        "kyc.verification.timeout"\
    ],
    "url": "https://hostname.com/webhook/route",
    "description": "KYC state changes.",
    "version": "0.1",
    "status": "STATUS_ENABLED"
}
'

The following is an example of a response to a successful request to create webhook subscriptions.

JSON

{
  "webhook_subscription": {
    "id": "487a7f29-7b80-467d-b20d-7b60c3a14cf0",
    "url": "https://hostname.com/webhook/route",
    "description": "KYC state changes.",
    "events": [\
      "card.created",\
          "kyc.verification.success",\
          "kyc.verification.failure",\
          "kyc.verification.error",\
          "kyc.verification.timeout"\
    ],
    "version": "0.1",
    "secret": "whsec_ira5jceuzhxxBxoWckAU0hLFQe79bSMZ",
    "status": "STATUS_ENABLED",
    "created_time": "2022-06-09T18:23:37.585421Z",
    "updated_time": "2022-06-09T18:23:37.585421Z"
  }
}

The response contains a unique webhook "secret" string, (in this example, whsec_ira5jceuzhxxBxoWckAU0hLFQe79bSMZ), that you should store securely. This string is used to verify the signature of requests from the webhooks API to the provided callback URL and can be retrieved at any time using the webhooks API.

For a complete specification and interactive examples, see Creating a webhook subscription.

Managing subscriptions

Use the operations shown below to manage webhook subscriptions:

📘 Note

You can also use wildcards when managing webhooks. For example, to refer to all card webhooks, use card*.

Retrieving all subscriptions

To retrieve a list of all webhook subscriptions, use the GET /webhooks.

The following is an example of a request to retrieve a list of all subscriptions.

curl --request GET \
    --url https://sandbox.atelio.com/api/v0.1/webhooks \
    --header 'Authorization: <YOUR_AUTHORIZATION>' \
    --header 'Identity: <YOUR_IDENTITY>'

📘 Secret string

The request to retrieve all webhook subscriptions also returns the secret webhook string associated with each subscription in the response.

The following is a response to a successful all-subscriptions request.

{
  "webhook_subscriptions": [
    {
      "id": "487a7f29-7b80-467d-b20d-7b60c3a14cf0",
      "url": "https://hostname.com/webhook/route",
      "description": "Account history is ready.",
      "events": [
        "account.history.ready"
      ],
      "version": "0.1",
      "secret": "string",
      "status": "enabled",
      "created_time": "2022-06-09T18:23:37.585421Z",
      "updated_time": "2022-06-09T18:23:37.585421Z"
    }
  ]
}

For a complete specification and interactive examples, see Retrieving all webhook subscriptions in the Bond API reference.

Updating a subscription

To update a subscription, use the PATCH /webhooks/{webhook_id} operation and provide the body parameters as shown in the table below.

📘 Note

When you update a webhook_id, the list of webhook events that you supply in the API call replaces the existing list associated with that webhook_id.

ParameterTypeDescription
urlstringURL to which the event should be sent, for example, www.bondjames.com.
descriptionstringFreeform description of the webhook's intended use.
eventsarray of stringsOne or more events to update.
For a list of events, see Event types.
versionstringThe version of the webhook event envelope to use.
statusstringThe status to set of the webhook, either STATUS_ENABLED or STATUS_DISABLED.

The following is an example of a request to update the webhook ID 40515057-7e8c-4ae1-b8d9-61ea3378cad5 to subscribe to only the account.history.ready event.

curl --request PATCH \
    --url https://sandbox.atelio.com/api/v0.1/webhooks/40515057-7e8c-4ae1-b8d9-61ea3378cad5 \
    --header 'Authorization: <YOUR_AUTHORIZATION>' \
    --header 'Content-Type: application/json' \
    --header 'Identity: <YOUR_IDENTITY>' \
    --data '
{
    "events": [\
        "account.history.ready"\
    ]
}
'

The following is a response to a successful subscription update request.

JSON

{
  "webhook_subscription": {
    "id": "487a7f29-7b80-467d-b20d-7b60c3a14cf0",
    "url": "https://hostname.com/webhook/route",
    "description": "Account history is ready.",
    "events": [\
      "account.history.ready"\
    ],
    "version": "0.1",
    "secret": "whsec_ira5jceuzhxxBxoWckAU0hLFQe79bSMZ",
    "status": "STATUS_ENABLED",
    "created_time": "2022-06-09T18:23:37.585421Z",
    "updated_time": "2022-06-09T18:23:37.585421Z"
  }
}

For a complete specification and interactive examples, see Updating a webhook subscription in the Atelio API reference.

Removing a subscription

To remove an event subscription, use the DELETE /webhooks/{webhook_id} operation with no further parameters.

The following is an example of a request to remove the webhook subscription ID 40515057-7e8c-4ae1-b8d9-61ea3378cad5.

curl --request DELETE \
    --url https://sandbox.atelio.com/api/v0.1/webhooks/webhook_id \
    --header 'Authorization: <YOUR_AUTHORIZATION>' \
    --header 'Identity: <YOUR_IDENTITY>'

The following is an example of a successful response to a subscription removal request.

JSON

{
  "webhook_subscription": {
    "id": "487a7f29-7b80-467d-b20d-7b60c3a14cf0",
    "url": "https://hostname.com/webhook/route",
    "description": "Account history is ready.",
    "events": [\
      "account.history.ready"\
    ],
    "version": "0.1",
    "secret": "whsec_ira5jceuzhxxBxoWckAU0hLFQe79bSMZ",
    "status": "STATUS_ENABLED",
    "created_time": "2022-06-09T18:23:37.585421Z",
    "updated_time": "2022-06-09T18:23:37.585421Z"
  }
}

For a complete specification and interactive examples, see Deleting a webhook subscription in the Atelio API reference.