Webhooks are used to notify your application about status updates occurring in our system. You can add a webhook in your intermediary dashboard.
Loan application status update
Whenever a loan application gets a new status your webhook gets called. An example of such a request:
All webhooks we send will be signed by a signing secret, with can be set in your dashboard. You don't have to validate the incoming request, but it's highly suggested.
Webhook authentication & signing
Our signing method is simple but efficient. For every webhook we call, we pass an additional header called
Signature that contains the hash of the payload.
In your webhook, you can validate if that
Signature header contains the hash you expected.
It's calculated as follows:
$computedSignature = hash_hmac('sha256', $payload, $secret);
$payloadis the body of the
POST request, which will be a JSON representation of event.
$secret can be found in your dashboard.
hash_hmac() function is a PHP function that generates a keyed hash value using the HMAC method.
$computedSignature should match the
Signature that's been set.