Webhook Format and Processing

Connect Webhooks service is a logical extension of our Messages Services. When Customer has subscribed to any of the Message types via Subscription services our system will start sending the POST requests to the host and uri configured.

Our Webhook messages contain similar data already covered in Messages Services - request and response ID's, message type, creation time etc. Business information is only provided if either Webhook Metadata or Full Bodied Webhooks are enabled. If not, the customer must use the Messages Services to read the actual message content. Webhook payloads can be optionally compressed to reduce message size and optimize delivery performance. In this case the message will include the HTTP header Content-Encoding: gzip.

The main benefit of using Webhooks for the customer is significantly improving how the general integration is built. With Webhooks there is no need to constantly poll GET /messages endpoints to detect any new Messages pending. This is especially important for services that are not directly triggered by the customer requests like Transaction Notification. This improves both the speed of getting the newest events from the system and also reduces the load from both Client and Server side.

Subscription services are described at Managing Webhook Configurations

Sample of a typical Webhook message:

{
    "eventId": "7c334869-9c9e-43e7-b11a-be8f605f44fd",
    "eventTimestamp": "2024-08-19T07:41:18.421145632+01:00",
    "subscriptionReference": "9ab35ca0-2f58-4578-aea2-0e611f686ca9",
    "messageResponseId": "RESfaf42325221c4ba3a162286aaf76d00c",
    "messageRequestId": "REQce11219c581840199ca1e4cca0edbd17",
    "messageType": "ACCOUNT_BALANCE",
    "messageCreatedTime": "2024-08-19T07:41:18.404298+01:00",
    "regCode": "13180211",
    "regCodeIssuer": "GB",
    "bankCode": "LHVUK"
}

The message body can be retrieved using Get message by response ID, or automatically received within the webhook if the subscription is configured to include the full body.

When you have processed the message, you should mark it is processed ( Mark message as processed) just the same as if you were not using webhooks.

Alternatively, you can configure the webhook subscription to automatically mark successfully delivered webhook messages as processed.

Preventing Duplicate Processing

It is possible to receive the same webhook event more than once. This can occur if the network connection breaks or an error code is returned after the event has already been processed.

Webhooks retried by the system will use the same eventId, allowing the event to be uniquely identified and safely ignored if already handled. In contrast, webhook events replayed via the API will generate a new eventId, as each replay is treated as a separate delivery.

The eventId field serves as an idempotency key for identifying original deliveries and system retries. This helps prevent duplicate processing and mitigates replay attacks, where an attacker could resend a previously signed webhook.

As keeping a complete history of all received eventIds is not practical, old entries can be expired from cache after a day. Similarly, webhooks with an eventTimestamp older than one day can be rejected.

Webhooks & Source IP Addresses

Webhooks are sent from a fixed LHV IP address range. Currently the list is shared for Production and Prelive Environments. Please make sure this IP range is added to your systems IP Access List.

Actual IP list will be provided by our implementation or support team!

Webhook Event Payload Schema

Field
Type
Description

eventId

String

(UUID)

A unique identifier for this webhook event.

eventTimestamp

String

(ISO-8601 datetime)

The server time when this webhook was queued to send. This will stay the same if we retry the notification.

subscriptionReference

String

The reference of the associated webhook configuration.

messageRequestId

String

The ID of the request message that this response message pertains to.

messageResponseId

String

The ID of this response message. This is the key field you should use to retrieve the actual message body.

messageType

String

The type of the message. See the list at Message Types

messageCreatedTime

String

(ISO-8601 datetime)

Server time when the message occurred

clientCode

String

The client this message pertains to

clientCountry

String

The county of the client this message pertains to

bankCode

String

Either LHVUK or LHVEE, indicating whether this message originated from the UK or Estonian branch of Connect

metadata (Optional)

String

The most relevant values and keys. See Webhook Metadata

messageBase64 (Optional)

String

The full message body encoded in Base64. See Full Bodied Webhooks

Last updated

Was this helpful?