Built by the community
Navigation
Metrics
Program
Service DeskPricingPoliciesDocument RepositoryLive Ecosystem
Developer Docs
TPP — Open Finance StandardsLFI — Integration GuideAPI SpecsKnowledge BaseRelease Notes & Erratas
NewsGitHub
Webhooks · Push notifications

Webhooks — Event Notifications 2 min read

Rather than requiring TPPs to poll for status changes, UAE Open Finance supports push-based event notifications. When a relevant event occurs — such as a consent being authorized or revoked, or a payment status changing — the API Hub can deliver a notification directly to your registered webhook endpoint.

01 How Events Are Delivered

HTTP POST of an encrypted, signed payload

Events are delivered as an HTTP POST to the webhook URL you provide along with the consent. The request body is a JWE compact serialisation encrypted using the public Encryption Certificate registered in the Trust Framework and in the Application that created the Consent. Inside the JWE is a signed JWT (JWS) containing the event payload.

You must respond with 202 Accepted and an empty body immediately upon receipt. Decrypt and process the payload asynchronously — the Hub may retry delivery if it does not receive a timely acknowledgement.

See Receiving Event Notifications for the full decryption, signature-verification, and FAPI-required claim-validation flow — including how to use the kid in the JWE header to select the correct private key.

02 Requirements

What you need before events can be delivered

  • A webhook URL registered on your Application in the Trust Framework
  • A valid Encryption Certificate on your Application — events cannot be delivered without one
03 Available Events

What the API Hub will push to you

EventTriggerGuide
Consent StatusAny consent status change (Authorized, Revoked, Expired, etc.)Consent Status Event
Payment StatusPayment status update on a consent with subscription.Webhook.IsActive: truePayment Status Event
Insurance Quote StatusQuote lifecycle event on a quote with Subscription.Webhook.IsActive: true (ApplicationPending, ApplicationApproved, PolicyIssued, Completed, terminal states)Insurance Quote Status Event
Section contents

Browse this section

The full set of pages covering event notifications and webhooks in UAE Open Finance.

Sub-section

Consent Status

How consent state changes (Authorized, Revoked, Expired) are pushed to your webhook.

Open
Sub-section

Payment Status

Per-payment status updates on consents that opted into webhook delivery.

Open
Sub-section

Insurance Quote Status

Quote lifecycle updates delivered when a TPP attaches a Subscription.Webhook to an accepted insurance quote.

Open
Reference

Receiving Event Notifications

FAPI-aligned decryption, signature verification, and replay protection for inbound JWE events.

Open