Skip to main content
POST
v1
/
payment-links
Qonto webhook
curl --request POST \
  --url https://thirdparty.qonto.com/v1/payment-links \
  --header 'Content-Type: application/json' \
  --header 'X-Qonto-Signature: <api-key>' \
  --data '
{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "subscription_id": "123e4567-e89b-12d3-a456-426614174000",
  "organization_id": "123e4567-e89b-12d3-a456-426614174000",
  "membership_id": "123e4567-e89b-12d3-a456-426614174000",
  "type": "v1/transactions",
  "created_at": "2025-01-24T10:55:00Z",
  "data": {
    "event": "created",
    "payment_link_id": "123e4567-e89b-12d3-a456-426614174000",
    "status": "open",
    "amount": {
      "value": "50.00",
      "currency": "EUR"
    },
    "resource_id": "46e9e0d2-f1af-4d2e-a6be-a536a604b89e",
    "resource_type": "Basket",
    "resource_metadata": {
      "invoice_number": "INV-123"
    },
    "potential_payment_methods": [
      "credit_card",
      "sepa_credit_transfer"
    ],
    "latest_payment_method_used": "credit_card",
    "expired_at": "2025-01-24T10:54:00Z",
    "created_at": "2025-01-24T10:54:00Z",
    "updated_at": "2025-01-24T10:55:00Z"
  }
}
'
{
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "subscription_id": "123e4567-e89b-12d3-a456-426614174000",
    "organization_id": "123e4567-e89b-12d3-a456-426614174000",
    "membership_id": "123e4567-e89b-12d3-a456-426614174000",
    "type": "v1/payment-links",
    "created_at": "2025-01-24T10:55:00Z",
    "data": {
        "event": "created",
        "status": "open",
        "payment_link_id": "0199e1de-4fa1-7324-9aed-0b0f6a65243e",
        "amount": {
            "currency": "EUR",
            "value": "77052.50"
        },
        "potential_payment_methods": [
            "bank_transfer",
            "credit_card",
            "apple_pay",
            "paypal"
        ],
        "resource_id": "0199e1de-4e01-72b7-86a0-fbe4e0475d56",
        "resource_metadata": {
            "invoice_number": "H2025-343"
        },
        "resource_type": "Invoice",
        "expired_at": "2026-10-14T08:37:47Z",
        "created_at": "2025-10-14T08:37:47Z",
        "updated_at": "2025-10-14T08:37:47Z"
    }
}

Authorizations

X-Qonto-Signature
string
header
required

The signature header follows the format t={timestamp},v1={signature}.

Verification steps:

  1. Extract the timestamp and signature from the signature header
  2. Reject the request if the timestamp is older than 5 minutes
  3. Recreate the signed payload: '{timestamp}.{raw_request_body}'
  4. Compute HMAC-SHA256 of the signed payload using your webhook secret as the key
  5. Compare the computed signature with the one in the header

Body

application/json
id
string<uuid>
required

Unique identifier for this webhook event

Example:

"123e4567-e89b-12d3-a456-426614174000"

subscription_id
string<uuid>
required

ID of the webhook subscription that received the event

Example:

"123e4567-e89b-12d3-a456-426614174000"

organization_id
string<uuid>
required

ID of the organization that owns the bank account

Example:

"123e4567-e89b-12d3-a456-426614174000"

membership_id
string<uuid>
required

ID of the membership associated with subscription

Example:

"123e4567-e89b-12d3-a456-426614174000"

type
enum<string>
required
Available options:
v1/transactions,
v1/accounts,
v1/organizations,
v1/memberships,
v1/consent-revocations,
v1/cards,
v1/payment-links,
v1/payment-links-connections,
v1/beneficiaries
Example:

"v1/transactions"

created_at
string<date-time>
required

Timestamp when the webhook event was created

Example:

"2025-01-24T10:55:00Z"

data
object
required

Response

200

Webhook received successfully