WEBHOOK
v1
/
organizations
{
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "subscription_id": "123e4567-e89b-12d3-a456-426614174000",
    "organization_id": "123e4567-e89b-12d3-a456-426614174000",
    "membership_id": "123e4567-e89b-12d3-a456-426614174000",
    "type": "v1/organizations",
    "created_at": "2025-01-24T10:55:00Z",
    "data": {
        "event": "suspended",
        "id": "123e4567-e89b-12d3-a456-426614174000",
        "legal_name": "Elektro Tesla GmbH",
        "slug": "elektro-tesla-gmbh-3066",
        "locale": "de",
        "legal_country": "DE",
        "legal_form": "GmbH",
        "legal_sector": "6200Z",
        "legal_number": "12A34FC5",
        "legal_registration_date": "2022-01-01",
        "legal_share_capital": 100000,
        "contract_signed_at": "2022-12-01T08:57:00.123Z",
        "status": "suspended",
        "created_at": "2022-12-01T08:57:00.123Z",
        "updated_at": "2022-12-01T08:57:00.123Z"
    }
}
{
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "subscription_id": "123e4567-e89b-12d3-a456-426614174000",
    "organization_id": "123e4567-e89b-12d3-a456-426614174000",
    "membership_id": "123e4567-e89b-12d3-a456-426614174000",
    "type": "v1/organizations",
    "created_at": "2025-01-24T10:55:00Z",
    "data": {
        "event": "suspended",
        "id": "123e4567-e89b-12d3-a456-426614174000",
        "legal_name": "Elektro Tesla GmbH",
        "slug": "elektro-tesla-gmbh-3066",
        "locale": "de",
        "legal_country": "DE",
        "legal_form": "GmbH",
        "legal_sector": "6200Z",
        "legal_number": "12A34FC5",
        "legal_registration_date": "2022-01-01",
        "legal_share_capital": 100000,
        "contract_signed_at": "2022-12-01T08:57:00.123Z",
        "status": "suspended",
        "created_at": "2022-12-01T08:57:00.123Z",
        "updated_at": "2022-12-01T08:57:00.123Z"
    }
}

Authorizations

X-Qonto-Signature
string
header
required

The signature header follows the format t={timestamp},v1={signature}.

Verification steps:

  1. Extract the timestamp and signature from the signature header
  2. Reject the request if the timestamp is older than 5 minutes
  3. Recreate the signed payload: '{timestamp}.{raw_request_body}'
  4. Compute HMAC-SHA256 of the signed payload using your webhook secret as the key
  5. Compare the computed signature with the one in the header

Body

application/json

Response

200

Webhook received successfully