Get Webhook Configuration API

API to get the current webhook configuration of the merchant. Webhooks are used to receive event notifications from Bank Hub.

API Endpoint

GET
https://bankhub-api-sandbox.sepay.vn/v1/webhook
Note
  • This API requires a Bearer Token in the Authorization header
  • Returns the current webhook configuration of the merchant
  • If webhook is not configured yet, returns data: null
  • Secret key is masked (shows last 4 characters)

Error Handling

401Unauthorized

Access token is invalid or expired

API Response

Response 200 - Success
{
  "status": 200,
  "error": "string",
  "messages": {
    "success": [
      "string"
    ],
    "error": [
      "string"
    ]
  },
  "data": {
    "webhook_url": "https://example.com",
    "auth_type": "SECRET_KEY",
    "secret_key": "***5678",
    "request_content_type": "application/json",
    "active": 0,
    "allow_events": [
      "*"
    ]
  }
}
statusinteger

HTTP status code

errorstring

Error code (if any)

messagesobject

Result messages

dataobject

Webhook configuration (secret key is masked)

Code Examples

1
2
3
curl --request GET \
  --url https://bankhub-api-sandbox.sepay.vn/v1/webhook \
  --header 'Authorization: Bearer REPLACE_BEARER_TOKEN'

Usage Examples

JSGet webhook configuration
1
2
curl --location 'https://bankhub-api-sandbox.sepay.vn/v1/webhook' \
--header 'Authorization: Bearer YOUR_ACCESS_TOKEN'
Allow Events Configuration

How it works:

  • null or []: Don't send any events
  • ["*"]: Send all 13 event types
  • ["BANK_ACCOUNT_LINKED", "BANK_ACCOUNT_UNLINKED"]: Only send specific events

13 event types:

  • Link Token: LINK_TOKEN_CREATED, LINK_TOKEN_REVOKED, LINK_TOKEN_EXPIRED
  • Link Session: LINK_SESSION_INITIALIZED, LINK_SESSION_REINITIALIZED, LINK_SESSION_STATE_CHANGED, LINK_SESSION_COMPLETED, LINK_SESSION_FAILED, LINK_SESSION_ABANDONED, LINK_SESSION_EXPIRED
  • Bank Account: BANK_ACCOUNT_LINKED, BANK_ACCOUNT_UNLINKED, BANK_ACCOUNT_INACTIVATED
Secret Key Display
  • In GET response, secret key is masked for security
  • Only shows last 4 characters: ***5678
  • Full secret key is only returned when creating/updating via POST
Important Note
  • If data is null, merchant hasn't configured webhook yet
  • Secret key is masked in GET response (shows ***xxxx)
  • allow_events = null or [] means webhook will not send any events
  • Active = 0 means webhook is disabled, won't send events even if allow_events is configured
Previous page
Next page