Webhooks are used to notify your application about status updates occurring in our system. You can add a webhook in your intermediary dashboard

Webhook events

Loan application status update

Whenever a loan application gets a new status your webhook gets called. An example of such a request:

"type": "loan_application_status_update",
"data": {
"external_reference": "1234-abcd",
"amount": {
"amount": "1674480",
"currency": "EUR"
"maturity_in_months": 48,
"monthly_installment": {
"amount": "34885",
"currency": "EUR"
"nominal_rate": 0.055,
"effective_rate": 0.0564,
"status": "rejected",
"confirmation_url": "https://www.lenderspender.nl/aanmelden/verificatie/some-verification-id/123456789"



All webhooks we send will be signed by a signing secret, with can be set in your dashboard. You don't have to validate the incoming request, but it's highly suggested.

Webhook authentication & signing

Our signing method is simple but efficient. For every webhook we call, we pass an additional header calledSignature that contains the hash of the payload.

In your webhook, you can validate if that Signature header contains the hash you expected.

It's calculated as follows:

$computedSignature = hash_hmac('sha256', $payload, $secret);

The $payloadis the body of the POST request, which will be a JSON representation of event.

The $secret can be found in your dashboard.

The hash_hmac() function is a PHP function that generates a keyed hash value using the HMAC method.

The$computedSignature should match the Signature that's been set.