WEBHOOK
v1
/
consent-revocations
{
    "id": "01968118-96ca-702f-8d57-63c23479dd5b",
    "subscription_id": "01968118-d9fe-7b06-adec-19167234406c",
    "organization_id": "01968118-ff61-71a1-8c88-9a5032bc0d28",
    "membership_id": "01968119-23e1-7650-9eb5-0268e910cf80",
    "type": "v1/consent-revocations",
    "created_at": "2025-01-01T10:00:00Z",
    "data": {
        "client_id": "01968119-8efd-7422-8a8a-75c9b45a6a69",
        "revoked_at": "2025-01-01T10:00:00Z"
    }
}
{
    "id": "01968118-96ca-702f-8d57-63c23479dd5b",
    "subscription_id": "01968118-d9fe-7b06-adec-19167234406c",
    "organization_id": "01968118-ff61-71a1-8c88-9a5032bc0d28",
    "membership_id": "01968119-23e1-7650-9eb5-0268e910cf80",
    "type": "v1/consent-revocations",
    "created_at": "2025-01-01T10:00:00Z",
    "data": {
        "client_id": "01968119-8efd-7422-8a8a-75c9b45a6a69",
        "revoked_at": "2025-01-01T10:00:00Z"
    }
}

Authorizations

X-Qonto-Signature
string
header
required

The signature header follows the format t={timestamp},v1={signature}.

Verification steps:

  1. Extract the timestamp and signature from the signature header
  2. Reject the request if the timestamp is older than 5 minutes
  3. Recreate the signed payload: '{timestamp}.{raw_request_body}'
  4. Compute HMAC-SHA256 of the signed payload using your webhook secret as the key
  5. Compare the computed signature with the one in the header

Body

application/json

Response

200

Webhook received successfully