Webhook in Data Sharing
Registering a WebHook to receive consent event updates
To stay current on any event in the consent lifecycle, you must register a webhook API to receive the update information.
The webhook endpoint must be in the POST method , under https. The domain and URI can be in whatever format you have on your platform, for the examples below we will consider the POST endpoint exampleGive yourself a better website » MY DOMAIN
After implementing this API on your platform, you need to register it to receive notifications via our webhook registration API.
But to access this API, you need to perform a previous step, which is to authenticate using your application's credentials. We will describe the step by step in this topic.
Access Token Request (using My First App credentials)
curl --location --request POST 'https://onboard.smartkeys.celcoin.dev.fsapps.io/api/portal/onboard/v1/token' \ --header 'Content- Type: application/json' \ --data-raw '{ "client_id":"64b51075-45bf-46cc-aed4-29b69b51816d", "client_secret": "9257b897-01ca- 4ebd-9fd4-************"}'
Access Token Response
{
"access_token": "********1NiIs*SldUIiwia2l*****kIiA6*****Y0hYOG*F3eXY2****9JQ******UFEUm1pSzV5SWlnW "expires_in": 3600,
"refresh_expires_in": 0, "token_type": "Bearer", "not-before-policy": 0, "scope": "email profile"
}
Now you need to get the contents of the "access_token" parameter and include it as an Authentication Bearer header for all future API calls.
Once the access_token is generated, let's register your webhook using the request below.
Webhook Registration API
curl --location 'https://onboard.smartkeys.celcoin.dev.fsapps.io/api/smart-keys/interceptors' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{your_generated_access_token_here}}' \
--data '{
"endpoint": "https://www.my-domain.com/webhook",
"isAuthenticated": false,
"authenticationType": "",
"user": "",
"password": "",
"type": "DATA"
}'
The request will return the following Http status codes.
HTTP Status Code |
|
---|---|
201 | Webhook succesfully registered. |
400 | Bad Request - error at request field validations. |
401 | The used token is not allowed to access the resource. |
Event | Details |
---|---|
before : consent : create | We received a request for a consent build. |
after : consent : create | All consent fields have been validated, it is following all necessary standards and has been created. |
consent : approved | Consent has been approved by the user. |
consent : rejected | Consent was rejected by the user. |
consent : expired | The consent has expired. Was not approved or rejected after 60 minutes of creation OR after approval/rejection was not consumed within 70 minutes. |
consent : revoke | User revoked consent (usually after approval) |
To test the WebHook process, it can also be configured in the Endpoint Management section of the development portal. We will use the WebHook Site (Webhook.site - Test, transform and automate Web requests and emails ) to simulate the process. The site will generate a WebHook URL as shown below.
Copy the generated WebHook URL and register in the Application Settings under the "Endpoint Management" section. You must insert it as a POST method and you will receive a Json in the body.