Skip to main content
WEBHOOK
This topic delivers events related to SEPA Direct Debit mandates. Event: accepted — The mandate has been signed by the debtor. The data.id field is the mandate ID.

Authorizations

X-Qonto-Signature
string
header
required

The signature header follows the format t={timestamp},v1={signature}.

Verification steps:

  1. Extract the timestamp and signature from the signature header
  2. Reject the request if the timestamp is older than 5 minutes
  3. Recreate the signed payload: '{timestamp}.{raw_request_body}'
  4. Compute HMAC-SHA256 of the signed payload using your webhook secret as the key
  5. Compare the computed signature with the one in the header

Body

application/json

Webhook payload for topic v1/sepa-direct-debit-mandates.

id
string<uuid>
required
subscription_id
string<uuid>
required
organization_id
string<uuid>
required
membership_id
string<uuid>
required
type
enum<string>
required
Available options:
v1/sepa-direct-debit-mandates
created_at
string<date-time>
required
data
object
required

Response

200

Webhook received successfully