Skip to main content
WEBHOOK
v1
/
terminal-payments
{
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "subscription_id": "123e4567-e89b-12d3-a456-426614174000",
    "organization_id": "123e4567-e89b-12d3-a456-426614174000",
    "membership_id": "123e4567-e89b-12d3-a456-426614174000",
    "type": "v1/terminal-payments",
    "created_at": "2026-04-28T13:02:32Z",
    "data": {
        "event": "authorized",
        "id": "019dd42e-87cf-7072-863e-7fef8714c2c0",
        "terminal_id": "019d7188-1476-7a74-a7da-01c57793eb93",
        "poi_id": "S1F2-000158244717080",
        "amount": {
            "value": "20.00",
            "currency": "EUR"
        },
        "authorized_amount": {
            "value": "21.00",
            "currency": "EUR"
        },
        "tip_amount": {
            "value": "1.00",
            "currency": "EUR"
        },
        "payment_method": "cartebancaire",
        "card_summary": "2120",
        "metadata": "{\"order_id\": \"zelty-order-456\"}",
        "created_at": "2026-04-28T13:01:52Z",
        "authorized_at": "2026-04-28T13:02:00Z"
    }
}

Documentation Index

Fetch the complete documentation index at: https://docs.qonto.com/llms.txt

Use this file to discover all available pages before exploring further.

This topic delivers events for POS terminal payment outcomes. Events:
  • authorized — The payment was approved by the card issuer. Includes authorized_amount (may differ from the requested amount if a tip was added), tip_amount if applicable, payment_method, card_summary, and authorized_at.
  • refused — The payment was declined. Includes failure_reason with the decline code.
{
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "subscription_id": "123e4567-e89b-12d3-a456-426614174000",
    "organization_id": "123e4567-e89b-12d3-a456-426614174000",
    "membership_id": "123e4567-e89b-12d3-a456-426614174000",
    "type": "v1/terminal-payments",
    "created_at": "2026-04-28T13:02:32Z",
    "data": {
        "event": "authorized",
        "id": "019dd42e-87cf-7072-863e-7fef8714c2c0",
        "terminal_id": "019d7188-1476-7a74-a7da-01c57793eb93",
        "poi_id": "S1F2-000158244717080",
        "amount": {
            "value": "20.00",
            "currency": "EUR"
        },
        "authorized_amount": {
            "value": "21.00",
            "currency": "EUR"
        },
        "tip_amount": {
            "value": "1.00",
            "currency": "EUR"
        },
        "payment_method": "cartebancaire",
        "card_summary": "2120",
        "metadata": "{\"order_id\": \"zelty-order-456\"}",
        "created_at": "2026-04-28T13:01:52Z",
        "authorized_at": "2026-04-28T13:02:00Z"
    }
}

Authorizations

X-Qonto-Signature
string
header
required

The signature header follows the format t={timestamp},v1={signature}.

Verification steps:

  1. Extract the timestamp and signature from the signature header
  2. Reject the request if the timestamp is older than 5 minutes
  3. Recreate the signed payload: '{timestamp}.{raw_request_body}'
  4. Compute HMAC-SHA256 of the signed payload using your webhook secret as the key
  5. Compare the computed signature with the one in the header

Body

application/json
id
string<uuid>
required

Unique identifier for this webhook event

Example:

"123e4567-e89b-12d3-a456-426614174000"

subscription_id
string<uuid>
required

ID of the webhook subscription that received the event

Example:

"123e4567-e89b-12d3-a456-426614174000"

organization_id
string<uuid>
required

ID of the organization that owns the bank account

Example:

"123e4567-e89b-12d3-a456-426614174000"

membership_id
string<uuid>
required

ID of the membership associated with subscription

Example:

"123e4567-e89b-12d3-a456-426614174000"

type
enum<string>
required
Available options:
v1/transactions,
v1/accounts,
v1/organizations,
v1/memberships,
v1/consent-revocations,
v1/cards,
v1/payment-links,
v1/payment-links-connections,
v1/beneficiaries,
v1/client-invoices,
v1/terminal-payments
Example:

"v1/transactions"

created_at
string<date-time>
required

Timestamp when the webhook event was created

Example:

"2025-01-24T10:55:00Z"

data
object
required

Response

200

Webhook received successfully