Using Callbacks / Webhooks

Partners can be notified of consent events through a consent callback mechanism. Partner can setup webhook invocation at the partner config level and must expose an endpoint that accepts a JSON data structure that contains the User Info of the User that has been granted access and the User that granted the access.

Partners can subscribe to multiple verification events on Privo Admin Hub (ask PRIVO Customer Support for details). Those events will trigger the webhooks which will be posted to partner provided endpoint with defined security headers.

Webhook Security Header Types:
TypeDefinition
* Key/ValuePartner provides secure endpoint URI, endpoint name and corresponding API Key. Webhooks will fire to provided endpoint and return the endpoint name and API Key in the secure header.
Custom SignedPartner provides secure endpoint URI. PRIVO supplies a unique API Key to partner. Webhooks will fire to provided endpoint and return the unique custom PRIVO signed API Key in the secure header.
Bearer TokenPartner provides secure endpoint URI and corresponding API Key. Webhooks will fire to provided endpoint and return the partner provided API Key after "Bearer" in the secure header.
  • Preferred method suggested by PRIVO

Sample Key/Value Header:

{"timestamp":1557934559462,"url":"/echo/v0.1/callback/90001-webhook/","method":"HEAD","headers":{"User-Agent":"Apache-HttpClient/4.5.4 (Java/1.8.0_212)","(webhook_name)":"(webhook_apiKey)","Accept":"text/plain, application/json, application/*+json, */*","Connection":"Keep-Alive","Host":"example.privo.com","content-length":"0","Content-Type":"text/plain"},"content":""}

Sample Custom Signed Header:

{"timestamp":1557934446367,"url":"/echo/v0.1/callback/90001-webhook/","method":"HEAD","headers":{"User-Agent":"Apache-HttpClient/4.5.4 (Java/1.8.0_212)","X-Privo-Webhook-Signature":"(PRIVO_signed_apiKey)","Accept":"text/plain, application/json, application/*+json, */*","Connection":"Keep-Alive","Host":"example.privo.com","content-length":"0","X-Privo-Webhook-Id":"16","Content-Type":"text/plain"},"content":""}

Sample Bearer Token Header:

{"timestamp":1557934665833,"url":"/echo/v0.1/callback/90001-webhook/","method":"HEAD","headers":{"User-Agent":"Apache-HttpClient/4.5.4 (Java/1.8.0_212)","Authorization":"Bearer (webhook_apiKey)","Accept":"text/plain, application/json, application/*+json, */*","Connection":"Keep-Alive","Host":"example.privo.com","content-length":"0","Content-Type":"text/plain"},"content":""}

Sample JSON Response:

{
    "requester": {Data Set of Requesting User},
    "approver": {Data Set of Granting User},
    "permissions": [
        {
        "on": true,
        "consent_date": 1448035241,
        "request_date": 1448035241,
        "feature_on": true,
        "feature_id": 99999,
        "feature_identifier": "FEATURE_XYZ",
        "feature_name": "A Very Special Feature"
        }
    ],
    "request_date": 1448035241
}