Home
Home
  1. Home
  • Welcome
    • About Ontime
    • Overview
    • Test and Learn Projects
  • Authentication
  • Idempotency
  • Availability Check
    • Light Availability Check
      POST
    • Full Availability Check
      POST
  • Payment Management
    • Mandates
      • Create a new mandate
      • Cancel an existing mandate
      • Get a Mandate
      • Get many Mandates
    • Payment Requests
      • Instruct a new payment request
      • Cancel an existing payment request
      • Get a Payment
      • Get many Payments
  • Payouts
    • Get a Payout
      GET
    • Get Available Payouts
      GET
  • Webhooks
    • Mandate Created/Updated
    • Payment Request Created/Updated
    • Payout Created
  • Schemas
    • Schemas
      • PaymentManagement
        • MandateLimitations
        • MandateRecordResponse
        • MandateDeleteResponse
        • GetMandatesPagedResponse
        • MandateStatus
        • MandateRecordRequest
        • PaymentCreateRequest
        • PaymentResponse
        • PaymentDeleteResponse
        • GetPaymentsPagedResponse
        • PaymentStatus
        • AuthorisationSource
      • Payout
        • PayoutResponse
        • PayoutPaymentRequestItem
        • ListPayoutsResponse
      • Deprecated
        • Invitation
        • Consumer
        • PaymentMethod
        • ProductPaymentStatus
        • ProductStatus
        • PaymentRequestData
      • Webhook
        • Webhook
        • WebhookPaymentRequestPayload
        • WebhookMandatePayload
        • WebhookPayoutPayload
      • Core
        • ConsumerData
        • ProblemDetails
        • Metadata
        • PagingResponse
      • Availability
        • FullAvailabilityCheckRequest
        • FullAvailabilityCheckResponse
        • AvailabilityStatus
        • LightAvailabilityCheckRequest
        • LightAvailabilityCheckResponse
Home
Home
  1. Home

Real-Time Event Notifications

Introduction#

Ontime Webhooks provide real-time event notifications, allowing billers to receive updates as key events occur. Instead of polling the API for updates, webhooks enable event-driven communication.

Webhook URL Configuration#

Webhook endpoints must be provided during the Biller onboarding process as part of the Test & Learn project. Ontime will use these URLs to send event notifications.

Webhook Security & Authentication#

Each webhook request must be authenticated to ensure secure communication. Ontime supports the following authentication methods:

1️⃣ HMAC Signature (Recommended)#

Each webhook request will include an HMAC-SHA256 signature in the request header:
The signature is generated using a shared secret key.
Receivers must recompute the signature and compare it to validate the request.

2️⃣ API Key Authentication#

Alternatively, Ontime can send a static API key in the request headers:

Webhook Event Structure#

All webhook payloads follow a common format:
{
    "event_id": "unique-event-uuid",
    "event_type": "event.name",
    "event_timestamp": "2024-03-02T12:34:56Z",
    "payload": { }
}
Previous
Get Available Payouts
Next
Mandate Created/Updated