v1/consent-revocations

{
    "id": "01968118-96ca-702f-8d57-63c23479dd5b",
    "subscription_id": "01968118-d9fe-7b06-adec-19167234406c",
    "organization_id": "01968118-ff61-71a1-8c88-9a5032bc0d28",
    "membership_id": "01968119-23e1-7650-9eb5-0268e910cf80",
    "type": "v1/consent-revocations",
    "created_at": "2025-01-01T10:00:00Z",
    "data": {
        "client_id": "01968119-8efd-7422-8a8a-75c9b45a6a69",
        "revoked_at": "2025-01-01T10:00:00Z"
    }
}

WEBHOOK

consent-revocations

{
    "id": "01968118-96ca-702f-8d57-63c23479dd5b",
    "subscription_id": "01968118-d9fe-7b06-adec-19167234406c",
    "organization_id": "01968118-ff61-71a1-8c88-9a5032bc0d28",
    "membership_id": "01968119-23e1-7650-9eb5-0268e910cf80",
    "type": "v1/consent-revocations",
    "created_at": "2025-01-01T10:00:00Z",
    "data": {
        "client_id": "01968119-8efd-7422-8a8a-75c9b45a6a69",
        "revoked_at": "2025-01-01T10:00:00Z"
    }
}

{
    "id": "01968118-96ca-702f-8d57-63c23479dd5b",
    "subscription_id": "01968118-d9fe-7b06-adec-19167234406c",
    "organization_id": "01968118-ff61-71a1-8c88-9a5032bc0d28",
    "membership_id": "01968119-23e1-7650-9eb5-0268e910cf80",
    "type": "v1/consent-revocations",
    "created_at": "2025-01-01T10:00:00Z",
    "data": {
        "client_id": "01968119-8efd-7422-8a8a-75c9b45a6a69",
        "revoked_at": "2025-01-01T10:00:00Z"
    }
}

Authorizations

X-Qonto-Signature

string

header

required

The signature header follows the format t={timestamp},v1={signature}.

Verification steps:

Extract the timestamp and signature from the signature header
Reject the request if the timestamp is older than 5 minutes
Recreate the signed payload: '{timestamp}.{raw_request_body}'
Compute HMAC-SHA256 of the signed payload using your webhook secret as the key
Compare the computed signature with the one in the header

Body

application/json

string<uuid>

required

Unique identifier for this webhook event

Example:

"123e4567-e89b-12d3-a456-426614174000"

subscription_id

string<uuid>

required

ID of the webhook subscription that received the event

Example:

"123e4567-e89b-12d3-a456-426614174000"

organization_id

string<uuid>

required

ID of the organization that owns the bank account

Example:

"123e4567-e89b-12d3-a456-426614174000"

membership_id

string<uuid>

required

ID of the membership associated with subscription

Example:

"123e4567-e89b-12d3-a456-426614174000"

type

enum<string>

required

Available options:

v1/transactions,

v1/accounts,

v1/organizations,

v1/memberships,

v1/consent-revocations,

v1/cards

Example:

"v1/transactions"

created_at

string<date-time>

required

Timestamp when the webhook event was created

Example:

"2025-01-24T10:55:00Z"

data

object

required

Show child attributes

Response

200

Webhook received successfully

v1/cards Create a new webhook subscription

Business API

Onboarding API

v1/consent-revocations

Authorizations

Body

Response