Setup
Configure your webhook URL via the Update Platform Settings endpoint:webhookUrl to null to disable webhooks.
Payload format
All webhook payloads follow the same structure:| Field | Type | Description |
|---|---|---|
id | string | Unique identifier for the event. |
type | string | The event type. |
createdAt | string | ISO 8601 timestamp of when the event occurred. |
data | object | The full object associated with the event. |
Event types
Transfers
| Event | Description |
|---|---|
transfer.created | A new transfer has been initiated. |
transfer.processing | The transfer is being processed. |
transfer.completed | The transfer has completed successfully. |
transfer.failed | The transfer has failed. |
Entities
| Event | Description |
|---|---|
entity.kyc.approved | An Entity has passed identity verification. |
entity.kyc.rejected | An Entity’s identity verification was rejected. |
entity.tos.approved | An Entity has accepted the terms of service. |
Accounts
| Event | Description |
|---|---|
account.created | A new Account has been provisioned. |
IBANs
| Event | Description |
|---|---|
iban.deposit.received | A fiat deposit has been received at an IBAN and routed to the linked Account. |
Responding to webhooks
Your endpoint should return a200 status code within 10 seconds. If Otim does not receive a 200 response, the webhook will be retried up to 5 times with exponential backoff.
Verifying signatures
Each webhook request includes aX-Otim-Signature header containing an HMAC-SHA256 signature of the request body. Verify this signature to ensure the request came from Otim.