2 min read
Why webhooks
Polling wastes both sides’ resources and adds latency: you either poll too often (and hit the rate limit) or too rarely (and learn about a decision minutes late). A webhook inverts the flow. You tell Credicorp where to reach you once, and we deliver each event within seconds of it happening.
Webhooks are delivered from the Credicorp platform to your HTTPS endpoint. Unlike the read-only /public/v1 ring, a webhook is an outbound push: Credicorp is the client and your server is the origin. Every request is signed so you can prove it came from us — see Webhook signature verification.
The event shape
Every webhook body is a JSON event envelope with a stable outer shape and a typed data payload. The envelope is identical across all event types, so one handler can route on type.
{
"id": "evt_7Q2M9X",
"type": "enquiry.created",
"created": "2026-07-04T09:15:22Z",
"livemode": true,
"api_version": "2026-07-01",
"data": {
"object": {
"id": "enq_9F3K2P",
"form": "contact-us",
"dept": "support",
"status": "new"
}
}
}See the event envelope reference for every field, and the event catalogue for the full list of type values.
What you must do
- Register an endpoint — a public HTTPS URL. See Register a webhook endpoint.
- Verify the signature on every request before trusting the body. See signature verification.
- Return
2xxfast — acknowledge receipt, then do the real work asynchronously. See delivery and retries. - Be idempotent — the same event may arrive more than once. See idempotency.
Frequently asked questions
Are webhooks part of the public /public/v1 ring?
Registration is a partner-plane action, but the concept mirrors the public ring: signed, versioned, at-least-once. The read APIs on the public ring are pull; webhooks are push.
How quickly are events delivered?
The first delivery attempt is made within a few seconds of the event occurring. If your endpoint is slow or down, the event is retried on backoff for up to 72 hours.
Can I use webhooks without writing a server?
No — a webhook needs a reachable HTTPS endpoint to receive the POST. If you cannot host one, poll the relevant read endpoint on the public ring instead.
Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.