Webhook and Refresh method

Documentation (swagger)

Webhook notification enables you to access information, if there was any change on the accounts, which were authorized by your application.

There are 2 types of events:

  • transactionEvent
  • accountEvent

*Please note, once you enable webhooks, the activation takes place exactly on the next hour after. For example, if you enable webhooks at 11:31, the webhooks will be activated from 12:00.


Transaction events are currently provided only for TB accounts. This event type provides you information about changes for transaction for specific account(accountId).

Currently only eventType=NEW is supported.

This kind of webhook event contains aggregated information for

  • consentId: e.g. "151f5dsf5s-15fsd1f5d-d1f5sdf15s"
  • eventType: "NEW" (default value on every occasion)
  • accounts:
    • accountId: e.g. "ds8f4ds8-d18saf4d8f-1ds8f4ds8f"
    • accountId: ...


Account events are provided only for accounts from other than TB. In case of TB there are balances and transactions still up-to-date. On the other side - other bank’s balances and transactions have to be refreshed by TPP using method PUT /refresh. This method execute asynchronous task for updating all accounts balances and transactions for specific user (consentId). Webhooks will be provided for the consent for each bank separately (each bank is updated separately). TPP will be able to map webhook by taskId. TaskId is returned as a response of the method PUT /refresh and also as a part of webhook body message.

This kind of webhook event contains attributes such as

  • consentId: e.g. "151f5dsf5s-15fsd1f5d-d1f5sdf15s"
  • taskId: e.g. " ds8f4ds8-d18saf4d8f-1ds8f4ds8f"
  • taskStatus: e.g. " FINISHED"
  • bankCode: e.g. " SLSP"
  • bankName: e.g. „Slovenská sporiteľňa“
  • accounts:
    • accountId: e.g. "ds8f4ds8-d18saf4d8f-1ds8f4ds8f"
    • eventType: e.g. „ADDED“

Webhook notification set-up:

In order to set up webhook notifications, you have to enter Application settings -> Tab Application Usage. There are three settings connected to the webhook notifications:

  • Webhook Enabled: Yes/No
    • It indicates, if the application is able to retrieve the notifications
  • Webhook Endpoint (URL): freetext field
  • You have to state the url, where you want to receive notifications. Please note that the URL can not contain any parameters.
  • It serves you as an optional parameter for additional layer of security
  • Security header might be empty or it must follow a regular expression [ a-zA-Z0-9=+/]*, e.g. "Basic dXNlcjpwYXNzd29yZA=="
  • Defined header has to be inserted in the webhook call as a Header (Authorization: security_header)
  • Webhook Security Header: freetext field