Introducing Webhooks

Webhooks are automated notifications generated by system events that occur for your organization. Using the Webhooks REST API, you can subscribe to receive notifications for the events of your choice and designate a URL in your system to receive the notifications. This is especially helpful for events that are not part of an API request and response, or are not covered by the Reporting API. For example, you can be notified anytime a security key expires, an invoice is canceled, or a network token is provisioned. You can program your system to respond to those events in any way you choose. For information about products and event types, see Product and Event Types.
The Webhooks REST API enables you to update or delete existing webhooks, check the status of a webhook, and retrieve notification history and details. Transport Layer Security is required in order to ensure data integrity.
All API requests must be authenticated. See
Getting Started with the REST API
 for more information.

Additional Information

Reporting API
For more information on the Reporting API, see the
Reporting API Developer Guide
.

Webhooks Benefits

The Webhooks REST API provides these key benefits:
  • Visibility into system events that are otherwise not visible.
  • Ability to respond to events programmatically and to automate workflows.
  • Multiple security options.

Webhooks Requirements

Business Center
Account
You must have an account in the
Business Center
. You will need it for generating security keys. You can sign up for a test account in the Developer Center. During the test account signup, you will receive a security key for testing API calls in the test environment. To sign up for a production account, contact your account manager.
API Security Keys
You must have separate API security keys for the test and production environments. You can generate security keys in the
Business Center
.
Webhooks Server
You must have a server set up with a URL to receive notifications and a URL for the health check service. See the Health Check URL topic for the applicable Webhooks subscription workflow for more information.

Webhooks Workflow Options

There are three webhooks subscription workflows that provide instructions, up to and including subscribing to webhook event notifications. The workflow you choose depends on which security policy you use:
  • Webhooks Subscription Workflow Using Mutual Trust
  • Webhooks Subscription Workflow Using OAuth
  • Webhooks Subscription Workflow Using OAuth with JWT
There are also optional tasks that you can complete after you set up the webhooks subscription.

Webhooks Subscription Workflow Using Mutual Trust

Follow these steps to set up your webhooks subscription using Mutual Trust:
  1. Set up your server security to receive webhooks notifications.
  2. Generate API security keys for authenticating API requests. You must generate separate keys for the testing and production environments.
  4. Request a product list.
  5. Subscribe to webhooks event notifications.

Webhooks Subscription Workflow Using OAuth

Follow these steps to set up your webhooks subscription using OAuth:
  1. Set up your server security to receive webhooks notifications.
  2. Generate API security keys for authenticating API requests. You must generate separate keys for the testing and production environments.
  4. Send your OAuth credentials.
  5. Request a product list.
  6. Subscribe to webhooks event notifications.

Webhooks Subscription Workflow Using OAuth with JWT

Follow these steps to set up your webhooks subscription using OAuth with JWT:
  1. Set up your server security to receive webhooks notifications. Include app-specific certifications.
  2. Generate API security keys for authenticating API requests. You must generate separate keys for the testing and production environments.
  4. Send your OAuth credentials.
  5. Request a product list.
  6. Subscribe to webhooks event notifications.

Optional Tasks