Data Access Webhooks
Data Access webhooks provide real-time visibility into consumer data sharing by enabling notifications for when your customers' consent grants initialize, renew, modify, revoke, or expire.
Webhooks are available as part of the paid Data Access service. If you have this service, the Data Access portal will have a "Developer" option in the top right area of the portal. Use the Webhook developer tool to create, edit, disable (pause), delete, and test your webhook endpoints. To setup a webhook, you'll need your endpoint URL, authentication type, and credentials. You may also include an optional description of the endpoint.
Credentials
When creating your webhook in the portal, select the authentication type and provide relevant credentials.
| Authentication type | Requirements |
|---|---|
| Basic Auth | Username and Password |
| OAuth | Client ID, Client Secret, and Token URL |
Consent Event Types
Available for Data Providers, Data Recipients, and Intermediaries:
CONSENT_REVOKED: Customer revoked consent to an account for a third party.CONSENT_EXPIRING: A consent to share accounts with a third-party app will expire in 30 days.
Also available for Data Providers:
CONSENT_EXPIRED: Consent expired.CONSENT_INITIATED: A customer has consented to share data with a 3rd party for the first time.CONSENT_MODIFIED: Customer changed which accounts are permissioned for data sharing with a third party.CONSENT_RENEWED: Customer renewed an existing consent to share data with a third party.
Example
The webhook will return a JSON payload based on the FDX Event Notifications specification.
_36{_36 "type": "CONSENT_REVOKED",_36 "sentOn": "2024-11-27T19:46:50Z",_36 "category": "CONSENT",_36 "notificationPayload": {_36 "id": 136804,_36 "idType": "CONSENT",_36 "accountId": "UPS~662105~ef7b28da-4952-11e5-a00d-002481fd708a",_36 "customerId": "ef7b28da-4952-11e5-a00d-002481fd708a",_36 "application_id": 4016,_36 "intermediary": "MX",_36 "accountEntitlements": {_36 "enabled": [_36 "UPS~662105~ef7b28da-4952-11e5-a00d-002481fd708a"_36 ],_36 "disabled": [_36 "UPS~660002~ef7b28da-4952-11e5-a00d-002481fd708a"_36 ],_36 "auto_enable_future_accounts": false_36 },_36 "revokedAt": "2024-11-27T19:46:50.561Z"_36 },_36 "event": "Webhooks::EventDefinitions::ConsentRevoked::V1",_36 "namespace": "mx-prod",_36 "version": "v1",_36 "timestamp": "1732736810",_36 "event_id": "13066465558497255",_36 "publisher": {_36 "name": "Epic Bank",_36 "type": "DATA_PROVIDER"_36 },_36 "subscriber": {_36 "name": "MX",_36 "type": "DATA_ACCESS_PLATFORM"_36 }_36}
Notification properties
| Data | Data type | Definition |
|---|---|---|
| type | enum | Type of notification: CONSENT_EXPIRED, CONSENT_EXPIRING, CONSENT_INITIATED, CONSENT_MODIFIED, CONSENT_RENEWED, CONSENT_REVOKED. |
| sentOn | timestamp | Time notification was sent in ISO 8601 standard, IETF RFC3339 date-time (full-date "T" full-time) format "YYYY-MM-DDThh:mm:ss.nnnZ". |
| category | enum | Category of notification: CONSENT. |
| notificationPayload | object | See the Notification Payload section. |
| event | string | Definition of the event. |
| namespace | string | Example: mx-prod or mx-int. |
| version | string | Webhook version. |
| timestamp | string | Given in Unix epoch time. |
| event_id | string | ID of the event. |
| publisher | object | |
| publisher.name | string | Recognizable, common name of the notification publisher. |
| publisher.type | enum | Identifies the type of publisher. Example: DATA_PROVIDER. |
| subscriber | object | |
| subscriber.name | string | Recognizable, common name of the subscriber. |
| subscriber.type | enum | Identifies the type of subscriber: publishers (DATA_PROVIDER) or subscribers (DATA_ACCESS_PLATFORM). |
Notification payload
| Data | Data type | Definition |
|---|---|---|
| id | number | ID for the origination entity related to the notification. |
| idType | enum | Type of entity causing origination of the notification with the given ID. Example: CONSENT. |
| accountId | string | Customer's account ID. |
| customerId | string | The customer's openid_connect_user_id. |
| application_id | number | ID of application. |
| intermediary | string | Name of intermediary. |
| accountEntitlements | object | Includes an array of enabled accounts, an array of disabled accounts, and auto_enable_future_accounts, a boolean value which indicates whether future accounts will be auto consented. |
| revokedAt | timestamp | Time consent was revoked in ISO 8601 standard, IETF RFC3339 date-time (full-date "T" full-time) format YYYY-MM-DDThh:mm:ss.nnnZ. |