Webhooks
Webhooks
Setting Up Webhooks
When creating your link_session_token
with the POST /link-session
endpoint, you will pass your webhook URL with the webhook field
MoneyKit currently offers three webhooks:
When an end user successfully links their accounts at a financial institution, the webhook updates for that link will be sent to the webhook URL you provided when creating the link_session_token
with POST /link-session
.
The webhook body will always include the link_id
of the link that was updated.
Webhook Security
The webhook payload is signed and will include a moneykit-signature header that can be used to authenticate the webhook.
MoneyKit offers a JSON Web Key Set (JWKS) you can fetch in order to verify the JWT in the header. The JWKS used to sign is rotated regularly, you can use this endpoint to fetch the latest key set.
Note that only one key returned from the JWKS endpoint is meant to be used for verification.
- The
kid
in the webhook JWT header will match up with the key id of one of the keys returned from the JWKS endpoint. - Depending on the language, some JWT packages will handle this for you. You can pass in the Key Set with the token when decoding (instead of a single key).
- To verify the webhook, first extract the
moneykit-signature
from the webhook header, then fetch the latest key set with the above endpoint, and then validate themoneykit-signature
using the key set with your preferred JWT library.
Link State Changed Webhook
-
You will receive this webhook when the state of a link has changed
-
There are five different states for a link, outlined in the enum
LinkState
LinkState -
If the state is
ERROR
, you will be provided an error type via theLinkError
enumLinkError -
Here are two examples of the Link State Changed webhook response body
PythonJSON -
Any link_tags you provide when creating your
link_session_token
with thePOST /link-session
endpoint will be included in the Link State Changed webhook body:
Link Product Refresh Webhook
You will receive this webhook after aggregation for a product has been completed.
There are three scenarios in which this will happen:
-
After an end user completes linking their accounts, if prefetch for a product is set as
true
. -
After requesting a product refresh using the product refresh endpoint.
-
After a scheduled, periodic aggregation.
Here is the Link Product Refresh webhook class in Python:
Here is an example of the Link Product Refresh webhook response body in JSON:
Transaction Updates Available Webhook
You will receive this when transactions have been aggregated for a link.
Here is the Transactions Updates Available webhook class in Python:
Here is an example of the Transactions Update Available webhook response body in JSON:
In order to trigger an aggregation of transactions immediately after an end user completes linking their financial institution, mark prefetch as true
for the Transactions product when creating your link_session_token
with the POST /link-session
endpoint.
In order to aggregate the full transaction history for the link, mark extend_history
as true
for the Transactions product when creating your link_session_token
with the POST /link-session
endpoint.
If the Transactions Updates Available webhook includes the full transaction history, has_history
in the webhook body will return true
.
Testing Webhooks in Sandbox
MoneyKit makes it easy to test webhooks on demand in the sandbox environment.
The Test Link Event webhook allows you to trigger a webhook for one of your Sandbox Links.