Skip to main content

Listen to events dispatched

To listen to the events dispatched by your newly created webhooks, you only should open the endpoint that you placed on the callbackUrl when creating or updating your event.

Whenever an event happens we will notify with a POST to the endpoint provided in the creation with the corresponding information. An example of a post could be:

Example of request made by us
"headers": {
"illow-signature": "SIGNATURE_OF_THE_MESSAGE",
"Content-type": "application/json",
"Accept": "*/*"
"body": {
"companyId": "YourCompanyId",
"siteId": "TheSiteIdInWhichTheRequestWasMade",
"idempotencyKey": "Value to determined if the message is repeated or not",
"metadata": "dataSpecificToTheEvent"

The metadata will be filled with data corresponding to the event that called the event. For example, if the data would be data of a dsr being created, then the format of the metadata would be:

Metadata when dsr is created
"metadata": {
"id": "Id of the newly created dsr",
"companyId": "Your company id",
"createdAt": "date from when the dsr was created",
"dueDate": "a date",
"legislation": "The legislation of the dsr",
"requestStatus": "Status of the request"

To validate the signature we provide you with the following snippets of code:

def key_validator(body, header) -> None:
:param body: body received on http request
:param header: header received on http request, must have the illow-signature as parameter
:return None
:raise ValueError in case of signature not valid for message
pk_provided = "ThePKAddedOnAdditionOfWebhook"
key =
signature = header.get("illow-signature")
real_signature = base64.b64decode(signature)
m =
key.verify(m, real_signature)

If you use a parser of the message (such as express) you have to disable the parsing on the body received, if not the parser will change something of the message and the check of the key will not work