url), which events to send (triggers), and how Yuno should authenticate to your endpoint when it delivers them. The same configuration is available from the Yuno dashboard.
account_id is required on every request, in the body for POST and PATCH and as a query parameter for GET and DELETE. You can only manage the webhooks of the accounts in your own organization.
Secrets
Secrets are write-only.api_key, secret, hmac_client_secret and oauth2_client_secret are returned as *** once configured, and as null otherwise.
To keep a secret as it is, omit it from the update. Sending the masked value back stores *** as the secret itself, and sending an empty string removes the secret.
Triggers
A webhook subscribes to events through five trigger fields, one per domain, and needs at least one trigger. A webhook withpayment_triggers: ["AUTHORIZE"] is notified when a payment is authorized. See the event catalog for the events Yuno sends and Webhooks Examples for the payload each one carries.
| Field | Values |
|---|---|
enrollment_triggers | ENROLL, UNENROLL |
payment_triggers | AUTHORIZE, CANCEL, CAPTURE, CHARGEBACK, PRECHARGEBACK, PURCHASE, REFUND, VERIFY |
report_triggers | CREATE, UPDATE |
subscription_triggers | ACTIVE, CANCEL, CLOSE_TO_RENEWAL, COMPLETE, CREATE, PAUSE, RESUME |
onboarding_triggers | BLOCKED, CANCELLED, CREATED, DECLINED, ERROR, EXPIRED, INACTIVE, PENDING, SUCCEEDED, TRANSFERRED, UNBLOCKED |
renewal_days sets how many days before a renewal Yuno sends the CLOSE_TO_RENEWAL notification, and is valid only when subscription_triggers contains CLOSE_TO_RENEWAL.
Delivery authentication
This is how Yuno authenticates to your endpoint when it sends an event, so your receiver can tell a genuine notification from a forged one. All the methods are optional and you can combine them.API key and secret
Configureapi_key and secret. Yuno sends them as headers on every delivery, and your endpoint checks that they match what you configured.
HMAC signature
Configurehmac_client_secret. Yuno signs the payload with it and sends the signature as a header, so you can verify that the notification is authentic and was not tampered with.
OAuth2
Configure your token endpoint and your client credentials. Before delivering, Yuno requests a token from your endpoint and sends it asAuthorization: Bearer <token>.
Your token endpoint must use HTTPS. Yuno reuses a token across the deliveries of an account until it is close to expiring, so a short-lived token means a token request on almost every delivery.
| Field | Description |
|---|---|
oauth2_authentication_url | Your token endpoint, over HTTPS. |
oauth2_client_id | The client identifier Yuno authenticates with. |
oauth2_client_secret | The client secret Yuno authenticates with. |
oauth2_grant_type | The grant type Yuno requests the token with, typically client_credentials. |
oauth2_scope | The scope Yuno requests the token with. Set it with Update a Webhook. |
oauth2_authorization_name | The header Yuno sends the token in. Defaults to Authorization. |
oauth2_include_client_id | Send the client identifier as a header on the token request as well. |
oauth2_authentication_url, oauth2_client_id, oauth2_client_secret and oauth2_grant_type together: they are configured as a set.