Skip to content
Last updated

Create a new webhook configuration to receive reminders of a payment.

Allows you to receive automatic notifications via webhook -prior registration of a valid URL by the customer- for billers that allow balance inquiry, being activated only after a successful payment and being valid only during the month following the payment (if the bill is not paid within that period no notification is sent for the next month). Shipments are scheduled based on the payment date plus one month minus 5, 3 and 1 day (not based on the original due date), and in case of delivery failure up to 3 retries with increasing delays are made; if the bill is paid before any of the shipments, the remaining reminders are cancelled.


Endpoint

POST /api/v2/webhooks


Description

Registers a new webhook URL. When an event is triggered, the system will send a signed HTTP POST request to the configured URL. The request will include a secret signature for validation.


Authentication

Bearer Authentication


Request

Headers

NameTypeRequiredDescription
Content-TypestringYesMust be application/json
AuthorizationstringYesBearer token

Body

{
  "url": "https://your-api.com/webhooks"
}

Response

{
  "id": 1,
  "url": "https://your-api.com/webhooks",
  "secret": "6e5a9465cb8e117cfe63473ba7310ec96898db7c893a967b35cf58d669e47337"
}
FieldTypeDescription
idintegerUnique identifier for the webhook configuration
urlstringThe webhook URL that was registered
secretstringA secret key used for signing requests in the X-Signature header

Webhook Request

Headers

NameTypeDescription
Content-Typestringapplication/json
X-SignaturestringHex-encoded HMAC-SHA256 signature of the payload
X-TimestampstringUnix timestamp when the request was generated

Body

{
  id: "439bc073-1b68-4a91-bcbb-08ed60bfa542",
  company_name: "CFE",
  account_reference: "123456789012",
  amount: 100.20,
  due_date: "2025-02-20",
  last_payment_date: "2025-01-20"
}
FieldTypeDescription
idintegerUnique identifier for the webhook reminder
company_namestringName of the company
account_referencestringAccount reference of the billed service
amountdecimalCurrent balance of the billed account
due_datestring/nullDue date of the billed account
last_payment_datestringDate of the last payment of this account

Signature Verification

Webhook payloads are signed using HMAC-SHA256 to ensure authenticity. Each webhook request includes the following headers:

HeaderDescription
X-SignatureHex-encoded HMAC-SHA256 signature of the payload
X-TimestampUnix timestamp when the request was generated

To ensure the integrity of the notification, you should verify the signature of the X-Signature header in this way:

timestamp = headers['X-Timestamp']
signature = headers['X-Signature']
payload =  timestamp + "." + request_body
expected_signature = sign('SHA256', secret, payload)
expected_signature == signature

Webhook Delivery Expectation

Your server must return HTTP 202 Accepted to acknowledge the reception of the webhook.

Any other response status will be treated as a failed delivery and may trigger retries. If the reception of the webhook notification fails, three attempts will be made during the same day, the first after 5 minutes, the second after 10 minutes and the third after 30 minutes.