Skip to main content
PATCH
/
webhooks
/
{wid}
Update a Webhook Subscription
curl --request PATCH \
  --url https://api.central.consent/v1/webhooks/{wid} \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "callback-url": "https://app.bright-energy.com/webhooks/dar-v2",
  "alert-email": "ops-team@bright-energy.com",
  "notify-days-before": 14,
  "event-types": [
    "consent.expiring"
  ],
  "rotate-secret": false
}
'
{
  "response": {
    "resource": "/v1/access-records/ak_691df0c788ca043403b7fa90",
    "timestamp": "2026-03-11T12:00:00Z",
    "transaction-id": "tid_691df0c788ca043403b7fa90"
  },
  "webhook": {
    "wid": "wid_a1b2c3d4e5f6a1b2c3d4e5f6",
    "callback-url": "https://app.bright-energy.com/webhooks/dar",
    "alert-email": "platform-ops@bright-energy.com",
    "notify-days-before": 30,
    "event-types": [
      "consent.expiring"
    ],
    "created-at": "2026-01-10T08:00:00Z",
    "active": true
  },
  "signing-secret": "<string>"
}

Authorizations

Authorization
string
header
required

JWT from GET /auth/token. Pass as Authorization: Bearer <token>. Expires after 7200s.

Path Parameters

wid
string
required

Unique identifier for a webhook subscription.

Pattern: ^wid_[0-9a-f]{24}$
Example:

"wid_a1b2c3d4e5f6a1b2c3d4e5f6"

Body

application/json

Partial update payload for an existing webhook subscription. All fields are optional; only supplied fields are modified.

callback-url
string<uri>
Example:

"https://app.bright-energy.com/webhooks/dar-v2"

alert-email
string<email>
Example:

"ops-team@bright-energy.com"

notify-days-before
integer
Required range: 1 <= x <= 90
Example:

14

event-types
enum<string>[]
Minimum array length: 1

The event type delivered to the webhook callback URL.

  • consent.expiring — a consent-based access record is within the configured notify-days-before window of its expiry date.
  • tenancy.change — a Change of Tenancy has been recorded against an MPxN that has one or more ACTIVE access records registered under this Data User.
  • consent.withdrawal — a customer has withdrawn consent via the centralised Customer Consent Portal. The access record has already transitioned to REVOKED state before this event is fired. Data Users must update their own systems immediately on receipt.
Available options:
consent.expiring,
tenancy.change,
consent.withdrawal
rotate-secret
boolean
default:false

Set to true to rotate the HMAC signing secret. A new signing-secret is returned in the response. The previous secret remains valid for 15 minutes to allow in-flight deliveries to drain.

Response

Webhook updated.

response
object
required
webhook
object
required

A registered webhook subscription as returned by the API.

signing-secret
string | null

New signing secret. Only present when rotate-secret: true was included in the request. Shown once — store immediately.

Last modified on March 25, 2026