Webhooks
This page describes the webhooks mechanism that Trustap provides for delivering asynchronous updates on the status of different resources.
Overview
When a user creates a resource on Trustap (such as a transaction or listing), this is done via an OAuth2 client. The OAuth2 client used to create the resource is then associated with the resource, and webhooks registered with that client on Trustap will be sent a request whenever an update occurs to the resource. In such a case, the resource is called the "target" resource of the event.
Payload
Here is an example payload that could be passed to a webhook endpoint:
{"code": "p2p_tx.joined","user_id": "feb33a87-3917-4538-9260-127c8a6b5232","target_id": "1309","target_preview": {"id": 1309,"status": "joined","currency": "eur","deposit_pricing": {"price": 1234,"charge": 78},"description": "Soccer ticket","skip_remainder": false,"created": "2019-12-25T09:00:00.000Z","seller_id": "ad5bb99f-85bf-47e1-be0d-15e7541c6ad7","buyer_id": "feb33a87-3917-4538-9260-127c8a6b5232","joined": "2019-12-25T10:00:00.000Z"},"time": "2019-12-25T10:00:00.000Z"}
The following are the included fields:
code(string): A code that signifies the type of event that occurred to the target resource.user_id(string): The ID of the user that triggered the event, if the event was triggered by a user. For example, if the buyer submits a payment then the buyer's user ID will be in this field. As such, if this field is present on an event where the target resource is a transaction, then the user ID must match either theseller_idor thebuyer_idof the target transaction. This field won't be present if the event was caused by an automated system, such as if the funds were released due to the complaints period ending.target_id(string): The ID of the target resource. Note that this field is returned as a string for uniformity even though transaction resources use integer IDs (see the example payload, above). In this case thetarget_idis the string rendering of the integer ID. It is safe to render and parse transaction IDs to and from such strings.target_preview(string): An optional preview of the target resource for efficiency. If this field is present in the event then it can be used to avoid a request to retrieve the target resource.time(string): The time at which the event occurred.
Event Codes
This section lists the event codes that are currently supported.
Event codes for online transactions
basic_tx.joinedbasic_tx.rejectedbasic_tx.cancelledbasic_tx.claimedbasic_tx.listing_transaction_acceptedbasic_tx.listing_transaction_rejectedbasic_tx.payment_failedbasic_tx.paidbasic_tx.payment_refundedbasic_tx.payment_review_flaggedbasic_tx.payment_review_finishedbasic_tx.tracking_details_submission_deadline_extendedbasic_tx.trackedbasic_tx.deliveredbasic_tx.complainedbasic_tx.complaint_period_endedbasic_tx.funds_releasedbasic_tx.funds_refunded
See the online transaction lifecycle page for more details on the sequence in which online transactions go through their different states.
Event codes for face-to-face transactions
p2p_tx.joinedp2p_tx.rejectedp2p_tx.cancelledp2p_tx.claimedp2p_tx.deposit_payment_failedp2p_tx.deposit_paidp2p_tx.deposit_review_flaggedp2p_tx.deposit_review_finishedp2p_tx.deposit_refundedp2p_tx.deposit_acceptedp2p_tx.pricedp2p_tx.remainder_skippedp2p_tx.remainder_paidp2p_tx.remainder_review_flaggedp2p_tx.remainder_review_finishedp2p_tx.buyer_handover_confirmedp2p_tx.seller_handover_confirmedp2p_tx.complainedp2p_tx.funds_releasedp2p_tx.funds_refunded
See the face-to-face transaction lifecycle page for more details on the sequence in which face-to-face transactions go through their different states.
Authentication
Requests sent to webhooks will carry a basic authentication header, so the username and password carried by the basic authentication can be used to verify the Trustap API as the source of the request.