Webhooks are event-based notifications that are received when a specific event related to the account aggregator occurs.
Add webhooks Add your webhook URL in our system for us to deliver webhook events.
Follow the instructions below to configure the webhook URL. Ensure to provide the publicly accessible HTTPS URL to your webhook endpoint.
Log in to the Merchant Dashboard Developers .
Click Webhooks listed under the Secure ID card.
Click Add Webhook URL in the Webhook screen.
In the Add Webhook popup, fill in the following information:
Webhook URL - Enter the URL in this field.
Click Test & Add Webhook .
Consent webhook event
Event Description AA_CONSENT_VERIFICATION_SUCCESS Consent is approved. AA_CONSENT_VERIFICATION_PAUSED Consent is paused. AA_CONSENT_VERIFICATION_REVOKED Consent is revoked. AA_CONSENT_VERIFICATION_REJECTED Consent is rejected. AA_CONSENT_VERIFICATION_EXPIRED Consent has expired.
AA_CONSENT_VERIFICATION_SUCCESS
AA_CONSENT_VERIFICATION_PAUSED
AA_CONSENT_VERIFICATION_REVOKED
AA_CONSENT_VERIFICATION_REJECTED
AA_CONSENT_VERIFICATION_EXPIRED
{ "event_type": "AA_CONSENT_VERIFICATION_SUCCESS", "event_time": "2024-02-15 16:53:15", "version": "v1", "data": { "status": "SUCCESS", "consent_verification_id": "a12bc34def56789" } }
FI webhook event
Event Description AA_FI_VERIFICATION_SUCCESS Financial information verification is successful. AA_FI_VERIFICATION_ACTIVE Financial information consent is active. AA_FI_VERIFICATION_FAILED Financial information verification has failed. AA_FI_VERIFICATION_EXPIRED Financial information verification has expired.
AA_FI_VERIFICATION_ACTIVE
AA_FI_VERIFICATION_SUCCESS
AA_FI_VERIFICATION_FAILED
AA_FI_VERIFICATION_EXPIRED
{ "event_type": "AA_FI_VERIFICATION_ACTIVE", "event_time": "2024-02-15 16:53:15", "version": "v1", "data": { "status": "ACTIVE", "fi_verification_id": "v1234567890abcdef", "fi_status_response": [ { "fip_id": "FIP_1", "accounts": [ { "link_ref_number": "b2328fa7-0dcd-2314-asb5-9ef7b4c1cz6b", "fi_status": "READY" }, { "link_ref_number": "a2328fa7-0dcd-2314-asb5-9ef7b4c1cz6b", "fi_status": "TIMEOUT" } ] }, { "fip_id": "FIP_2", "accounts": [ { "link_ref_number": "c2328fa7-0dcd-2314-asb5-9ef7b4c1cz6b", "fi_status": "READY" } ] } ] } }
Webhook signature You will receive the webhook signature in the webhook header. Here is a sample header from a webhook request.
Header Name Header Value content-length 1099 x-webhook-attempt 1 content-type application/json x-webhook-signature 07r5C3VMwsGYeldGOCYxe5zoHhIN1zLfa8O0U/yngHI= x-webhook-timestamp 1746427759733
Always capture the webhook payload in its raw text format before parsing into JSON. Parsing and re-serialising the payload can change the structure (for example, array ordering, spacing, or null handling) and cause a signature mismatch during verification. Use the exact raw body string from the request when computing the signature.
Webhook payload fields The webhook payload contains important metadata in its top-level fields.
Field Type Description event_typestringIndicates the type of event that triggered the webhook. event_timestringThe UTC timestamp of when the event occurred, formatted in ISO 8601 (YYYY-MM-DDTHH:MM:SSZ). versionstringIndicates the webhook format being used. Default version is “v1”. dataobjectContains event-specific details related to this feature.
Verifying the signature is mandatory before processing any response. Refer to Signature Verification for more details. 
