Home
Home
  1. Home
  • Welcome
    • About Ontime
    • Overview
    • Test and Learn Projects
  • Authentication
  • Availability Check
    • Light Availability Check
      POST
    • Full Availability Check
      POST
  • Payment Management
    • Mandates
      • Create a new mandate
      • Cancel an existing mandate
      • Get a Mandate
      • Get many Mandates
    • Payment Requests
      • Instruct a new payment request
      • Cancel an existing payment request
      • Get a Payment
      • Get many Payments
  • Payouts
    • Get a Payout
      GET
    • Get Available Payouts
      GET
  • Webhooks
    • Mandate Created/Updated
    • Payment Request Created/Updated
    • Payout Created
  1. Home

Real-Time Event Notifications

Introduction#

Ontime Webhooks provide real-time event notifications, allowing billers to receive updates as key events occur. Instead of polling the API for updates, webhooks enable event-driven communication.

Webhook URL Configuration#

Webhook endpoints must be provided during the Biller onboarding process as part of the Test & Learn project. Ontime will use these URLs to send event notifications.

Webhook Security & Authentication#

Each webhook request must be authenticated to ensure secure communication. Ontime supports the following authentication methods:

1️⃣ HMAC Signature (Recommended)#

Each webhook request will include an HMAC-SHA256 signature in the request header:
The signature is generated using a shared secret key.
Receivers must recompute the signature and compare it to validate the request.

2️⃣ API Key Authentication#

Alternatively, Ontime can send a static API key in the request headers:

Webhook Event Structure#

All webhook payloads follow a common format:
{
    "event_id": "unique-event-uuid",
    "event_type": "event.name",
    "event_timestamp": "2024-03-02T12:34:56Z",
    "payload": { }
}
Previous
Get Available Payouts
Next
Mandate Created/Updated