Skip to content
/
Card authorisation

Weavr Webhook (v2)

For Verification, create a base64 hash using HmacSHA256 using Published-Timestamp header as message and your API key as secret. The result should match the Signature header.

Download OpenAPI description
openapi.json
openapi.yaml
Overview
URL
https://weavr.io
Languages
Servers
Mock server
https://api.weavr.io/_mock/products/webhooks/openapi
https://api.weavr.io/""

Corporates

Webhooks

Consumers

Webhooks

Managed Cards

Webhooks

Card state changeWebhook

Request

Notification that a card has changed state. The following events trigger a notification:

  • Activate a physical card.
  • Remove a managed card.
  • Report a physical card as lost.
  • Report a physical card as stolen.
  • Mark a virtual card as compromised.
  • Card has expired.
  • Block a managed card.
  • Unblock a managed card.
  • Update card renewal type.

Please note that since a card can have multiple blocks, an unblock event (for which a notification is sent) may not always result in the card state being updated to Active.

Headers
call-refstring

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestampinteger(int64)required

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature-v2stringrequired

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

signaturestringDeprecatedrequired

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

Bodyapplication/jsonrequired
idobject(InstrumentId)required
id.​idstring(Id)^[0-9]+$required
id.​typestring(InstrumentType)required
Enum"managed_cards""managed_accounts"
timestampstring^[0-9]+$required

The timestamp of the state change, using epoch timestamp with millisecond precision.

eventTypestring(StateChangeEventType)required
Enum"ACTIVATED""BLOCKED""UNBLOCKED""DESTROYED"
stateobject(StateChangeState)
cardTypestring(CardType)required
Enum"VIRTUAL""PHYSICAL"
renewalTypestring(CardRenewalType)required

Indicates how the card will be handled once it is close to expiring.

  • RENEW: The card will be automatically renewed, keeping the same card number but with a new expiry date and CVV.
  • NO_RENEW: Once the expiry date is reached, the card is destroyed.
Enum"RENEW""NO_RENEW"
application/json
{
  "id": {
    "id": "string",
    "type": "managed_cards"
  },
  "timestamp": "string",
  "eventType": "ACTIVATED",
  "state": {
    "state": "ACTIVE",
    "blockedReason": "USER",
    "destroyedReason": "SYSTEM"
  },
  "cardType": "VIRTUAL",
  "renewalType": "RENEW"
}

Responses

Success - No Content

Card authorisationWebhook

Request

Notification that a card authorisation attempt has been performed on a managed card. This is sent irrespective of the authorisation outcome

  • the approved field indicates whether the authorisation has been approved or denied.
Headers
call-refstring

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestampinteger(int64)required

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature-v2stringrequired

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

signaturestringDeprecatedrequired

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

Bodyapplication/jsonrequired
idobject(InstrumentId)required

The id of the managed card on which an authorisation has been performed.

id.​idstring(Id)^[0-9]+$required
id.​typestring(InstrumentType)required
Enum"managed_cards""managed_accounts"
transactionIdstring^[0-9]+$required

The id of the transaction, for reference.

transactionAmountobject(LegacyCurrencyAmount)required

The amount in the currency of the card.

transactionAmount.​currencystring(Currency)= 3 characters^[A-Z]*$required

The currency expressed in ISO-4217 code. Example: GBP, EUR, USD.

transactionAmount.​amountstring^[0-9]+$required

The monetary amount, scaled to the lowest denomination of the currency.

transactionTimestampstring^[0-9]+$required

The timestamp of the transaction, using epoch timestamp with millisecond precision.

sourceAmountobject(LegacyCurrencyAmount)required

The amount in the currency of the merchant.

sourceAmount.​currencystring(Currency)= 3 characters^[A-Z]*$required

The currency expressed in ISO-4217 code. Example: GBP, EUR, USD.

sourceAmount.​amountstring^[0-9]+$required

The monetary amount, scaled to the lowest denomination of the currency.

merchantDataobject(MerchantData)required

Merchant related information

merchantData.​merchantNamestringrequired

The name of the merchant where the authorisation has been made.

merchantData.​merchantCategoryCodestringrequired

The merchant category code.

merchantData.​merchantIdstringrequired

The merchant ID.

merchantData.​merchantDescriptionstring

The merchant description

merchantData.​merchantStreetstring

The merchant street address (if available)

merchantData.​merchantCitystring

The merchant city (if available)

merchantData.​merchantStatestring

The merchant state address (if available)

merchantData.​merchantPostalCodestring

The merchant postal code (if available)

merchantData.​merchantCountrystring

The merchant country address

merchantData.​merchantTelephonestring

The merchant telephone number

merchantData.​merchantURLstring

The merchant URL

merchantData.​merchantNameOtherstring

The alternative merchant name

merchantData.​merchantNetworkIdstring

The merchant's network id

merchantData.​merchantContactstring

The merchant's contact (if available)

approvedboolean

Indicates whether the authorisation has been approved or denied.

availableBalanceobject(LegacyCurrencyAmount)

The updated card available balance after this authorisation was processed.

declineReasonstring(AuthDeclineReason)

An indication of why the authorisation was declined

Enum"NO_REASON""PHYSICAL_NOT_ACTIVATED""INSUFFICIENT_BALANCE""CVV_CHECKS_FAILED""CVV_RETRIES_EXCEEDED""CARD_STATUS_NOT_ALLOWED""PIN_CHECKS_FAILED""PIN_RETRIES_EXCEEDED""CARD_EXPIRY_CHECKS_FAILED""AVS_CHECKS_FAILED"
authRuleFailedReasonstring(AuthRuleChecksFailedReason)

If the authorisation was declined due to auth rule checks, this indicates the auth rule that was violated.

Enum"NONE""MERCHANT_CATEGORY_NOT_IN_ALLOWED_LIST""MERCHANT_CATEGORY_BLOCKED""MERCHANT_ID_NOT_IN_ALLOWED_LIST""MERCHANT_ID_BLOCKED""ATM_NOT_ALLOWED""CONTACTLESS_NOT_ALLOWED""ECOMMERCE_NOT_ALLOWED""CASHBACK_NOT_ALLOWED""CREDIT_AUTHORISATIONS_NOT_ALLOWED"
authorisationTypestring(CardAuthorisationDetailsAuthorisationType)required

The type of authorisation that was processed.

Enum"AUTHORISED""AUTHORISED_CREDIT""DECLINED""ONLINE_REVERSE""EXPIRED""MANUAL_CLOSE""CANCELLED"
authorisationCategorystring(AuthorisationCategory)

The category of the authorisation.

Enum"PRE_AUTH""FINAL_AUTH"
relatedAuthorisationIdsArray of integers(int64)

The list of related authorisation ids which this authorisation is related to.

ownerobject(StringWrappedTypeId)required
owner.​typestring<= 50 characters^[a-zA-Z0-9_-]+$required
owner.​idstring^[0-9]+$required
cardholderPresentstring(CardHolderPresent)

Optional detail indicating if the card holder was present when the authorisation occurred.

Enum"PRESENT""NOT_PRESENT""PRESENCE_UNKNOWN"
cardPresentboolean

Optional detail indicating if the card was present when the authorisation occurred.

detailsobject(ManagedCardModeDetails)
authCodestring[ 1 .. 6 ] characters

The authorisation code associated with this authorisation.

forexPaddingobject(LegacyCurrencyAmount)

The forex padding amount, if any, that has been included in the transactionAmount.

forexFeeobject(LegacyCurrencyAmount)

The forex fee, if any, that has been included in the transactionAmount.

authForwardingDetailsobject(AuthForwardingDetails)

Contains information about the authorisations that have been forwarded.

digitalWalletDetailsobject(DigitalWalletDetails)

Contains information about the digital wallet, if it has been used.

userCurrencyTransactionDetailsobject(UserCurrencyTransactionDetails)

The object representing the localised transaction's details

merchantNamestringDeprecatedrequired

The name of the merchant where the authorisation has been made.

merchantCategoryCodestringDeprecated

The merchant category code.

merchantIdstringDeprecated

The merchant ID.

relatedAuthorisationIdstringDeprecated^[0-9]+$

The related authorisation id which this authorisation is performing further updates on.

merchantCountryCodestringDeprecated

The merchant country code.

application/json
{
  "id": {
    "id": "string",
    "type": "managed_cards"
  },
  "transactionId": "string",
  "transactionAmount": {
    "currency": "str",
    "amount": "string"
  },
  "transactionTimestamp": "string",
  "sourceAmount": {
    "currency": "str",
    "amount": "string"
  },
  "merchantData": {
    "merchantName": "string",
    "merchantCategoryCode": "string",
    "merchantId": "string",
    "merchantDescription": "string",
    "merchantStreet": "string",
    "merchantCity": "string",
    "merchantState": "string",
    "merchantPostalCode": "string",
    "merchantCountry": "string",
    "merchantTelephone": "string",
    "merchantURL": "string",
    "merchantNameOther": "string",
    "merchantNetworkId": "string",
    "merchantContact": "string"
  },
  "merchantName": "string",
  "merchantCategoryCode": "string",
  "merchantId": "string",
  "approved": true,
  "availableBalance": {
    "currency": "str",
    "amount": "string"
  },
  "declineReason": "NO_REASON",
  "authRuleFailedReason": "NONE",
  "authorisationType": "AUTHORISED",
  "authorisationCategory": "PRE_AUTH",
  "relatedAuthorisationId": "string",
  "relatedAuthorisationIds": [
    0
  ],
  "owner": {
    "type": "string",
    "id": "string"
  },
  "cardholderPresent": "PRESENT",
  "cardPresent": true,
  "details": {
    "prepaidModeDetails": { … },
    "debitModeDetails": { … }
  },
  "authCode": "string",
  "forexPadding": {
    "currency": "str",
    "amount": "string"
  },
  "forexFee": {
    "currency": "str",
    "amount": "string"
  },
  "authForwardingDetails": {
    "authForwardingTriggered": true,
    "authForwardingDecisionOutcome": "APPROVE",
    "authForwardingInnovatorTimedOut": true
  },
  "merchantCountryCode": "string",
  "digitalWalletDetails": {
    "digitalWalletType": "GOOGLE_PAY"
  },
  "userCurrencyTransactionDetails": {
    "userTransactionAmount": { … },
    "userExchangeRate": "string"
  }
}

Responses

Success - No Content

Card adjustmentWebhook

Request

Notification that a balance adjustment has been processed on a managed card.

Headers
call-refstring

A call reference generated by the caller and unique to the caller to provide correlation between the caller and system with a maximum length of 255

published-timestampinteger(int64)required

The timestamp, expressed in Epoch timestamp using millisecond precision, when this event was published.

signature-v2stringrequired

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the call-ref + payload + published-timestamp using your API key.

signaturestringDeprecatedrequired

The signature to verify the authenticity of this request. This is the base64 hash (HmacSHA256) of the published-timestamp using your API key.

Bodyapplication/jsonrequired
idobject(InstrumentId)required

The id of the managed card on which a settlement has been performed.

id.​idstring(Id)^[0-9]+$required
id.​typestring(InstrumentType)required
Enum"managed_cards""managed_accounts"
transactionIdstring^[0-9]+$required

The id of the transaction, for reference.

adjustmentTypestring(CardAdjustmentDetailsAdjustmentType)required

The type of adjustment that was processed.

Enum"DEFAULT_ADJUSTMENT""LOST_STOLEN_REPLACEMENT_BALANCE_TRANSFER"
adjustmentAmountobject(LegacyCurrencyAmount)required

The amount in the currency of the card.

adjustmentAmount.​currencystring(Currency)= 3 characters^[A-Z]*$required

The currency expressed in ISO-4217 code. Example: GBP, EUR, USD.

adjustmentAmount.​amountstring^[0-9]+$required

The monetary amount, scaled to the lowest denomination of the currency.

transactionTimestampstring^[0-9]+$required

The timestamp of the transaction, using epoch timestamp with millisecond precision.

availableBalanceobject(LegacyCurrencyAmount)

The updated card available balance after this adjustment was processed.

ownerobject(StringWrappedTypeId)required
owner.​typestring<= 50 characters^[a-zA-Z0-9_-]+$required
owner.​idstring^[0-9]+$required
detailsobject(ManagedCardModeDetails)
application/json
{
  "id": {
    "id": "string",
    "type": "managed_cards"
  },
  "transactionId": "string",
  "adjustmentType": "DEFAULT_ADJUSTMENT",
  "adjustmentAmount": {
    "currency": "str",
    "amount": "string"
  },
  "transactionTimestamp": "string",
  "availableBalance": {
    "currency": "str",
    "amount": "string"
  },
  "owner": {
    "type": "string",
    "id": "string"
  },
  "details": {
    "prepaidModeDetails": { … },
    "debitModeDetails": { … }
  }
}

Responses

Success - No Content

Managed Accounts

Webhooks

Linked Accounts

Webhooks

Transfers

Webhooks

Send

Webhooks

Outgoing Wire Transfers

Webhooks

Manual Transactions

Webhooks

Fees

Webhooks

Login

Webhooks

Stepup

Webhooks

Authentication Factors

Webhooks

Beneficiaries

Webhooks

Bulk Operations

Webhooks

Auth Users

Webhooks