List Webhook Subscriptions

GET

webhooks

curl --request GET \
  --url https://api.central.consent/v1/webhooks \
  --header 'Authorization: Bearer <token>'

{
  "response": {
    "resource": "/v1/access-records/ak_691df0c788ca043403b7fa90",
    "timestamp": "2026-03-11T12:00:00Z",
    "transaction-id": "tid_691df0c788ca043403b7fa90"
  },
  "webhooks": [
    {
      "wid": "wid_a1b2c3d4e5f6a1b2c3d4e5f6",
      "callback-url": "https://app.bright-energy.com/webhooks/dar",
      "alert-email": "platform-ops@bright-energy.com",
      "notify-days-before": 30,
      "event-types": [],
      "created-at": "2026-01-10T08:00:00Z",
      "active": true
    }
  ]
}

Authorizations

Authorization

string

header

required

JWT from GET /auth/token. Pass as Authorization: Bearer <token>. Expires after 7200s.

Response

Webhook list returned.

response

object

required

Show child attributes

webhooks

object[]

required

Show child attributes

Last modified on March 25, 2026

Register a Webhook SubscriptionRegisters an HTTPS callback URL to receive lifecycle event notifications dispatched by the register. **Two event types** are delivered to the same callback URL, distinguished by the `event-type` field in the payload envelope: - `consent.expiring` — fired when a consent-based access record is within the `notify-days-before` window of its `access-event.expiry` date. Allows Controllers to prompt the customer to renew before their access lapses. Only fired for records where `access-event.expiry` is non-null and `access-event.state` is `ACTIVE`. - `tenancy.change` — fired when the register receives notification that a Change of Tenancy has been recorded against an MPxN that has one or more `ACTIVE` access records. Controllers should use this to halt data collection for the departing occupant and, if appropriate, initiate a fresh consent or access registration for the new occupant. The event carries only the MPxN and the effective date of the change — no new occupant PII is included. **Delivery semantics:** - The register performs an HTTPS POST to the `callback-url` with the event payload as the request body. - The callback endpoint must respond with HTTP `2xx` within 10 seconds. - On failure the register retries with exponential backoff: 1 min, 5 min, 30 min, 2 hr, 24 hr. After 5 failed attempts the event is marked `undelivered` and the Data User is notified via the registered `alert-email`. - The register signs each delivery with an HMAC-SHA256 signature over the raw request body, using the `signing-secret` returned at registration. The signature is passed in the `X-DAR-Signature` header as `sha256=<hex-digest>`. Receivers must verify this before processing. **Filtering:** By default, subscriptions receive all event types for all access records registered under the authenticated Data User. Supply `event-types` to restrict to a specific subset. **Idempotency:** Registering a second subscription with the same `callback-url` returns `409 Conflict`. Update an existing subscription using `PATCH /webhooks/{wid}`.

List Webhook Subscriptions

curl --request GET \
  --url https://api.central.consent/v1/webhooks \
  --header 'Authorization: Bearer <token>'

{
  "response": {
    "resource": "/v1/access-records/ak_691df0c788ca043403b7fa90",
    "timestamp": "2026-03-11T12:00:00Z",
    "transaction-id": "tid_691df0c788ca043403b7fa90"
  },
  "webhooks": [
    {
      "wid": "wid_a1b2c3d4e5f6a1b2c3d4e5f6",
      "callback-url": "https://app.bright-energy.com/webhooks/dar",
      "alert-email": "platform-ops@bright-energy.com",
      "notify-days-before": 30,
      "event-types": [],
      "created-at": "2026-01-10T08:00:00Z",
      "active": true
    }
  ]
}

Documentation Index

Authorizations

Response