Download OpenAPI specification:Download
Brex uses webhooks to send real-time notifications when events happen in the accounts that you manage. Use webhook subscriptions to subscribe to different webhook events.
List the webhooks you have registered
listSubscription 200 response
Bad request
Unauthorized
Forbidden
Internal server error
{- "next_cursor": "string",
- "items": [
- {
- "id": "string",
- "url": "string",
- "event_types": [
- "REFERRAL_CREATED"
], - "status": "ACTIVE"
}
]
}Register an endpoint to start receiving selected webhook events
| url required | string |
| event_types required | Array of strings (WebhookEventType) The Brex API sends webhooks for the events listed below. For more details, see the webhook guide and webhook events API reference. |
createSubscription 200 response
Bad request
Unauthorized
Forbidden
Internal server error
{- "url": "string",
- "event_types": [
- "REFERRAL_CREATED"
]
}{- "id": "string",
- "url": "string",
- "event_types": [
- "REFERRAL_CREATED"
], - "status": "ACTIVE"
}This endpoint returns a set of webhook signing secrets used to validate the webhook. Usually only one key will be returned in the response. After key rotation, this endpoint will return two keys: the new key, and the key that will be revoked soon. There will also be two signatures in the 'Webhook-Signature' request header. Your application should use all keys available to validate the webhook request. If validation passes for any of the keys returned, the webhook payload is valid.
listSecrets 200 response
Bad request
Unauthorized
Forbidden
Internal server error
[- {
- "secret": "string",
- "status": "ACTIVE"
}
]Get details of a webhook
getSubscriptionById 200 response
Bad request
Unauthorized
Forbidden
Internal server error
{- "id": "string",
- "url": "string",
- "event_types": [
- "REFERRAL_CREATED"
], - "status": "ACTIVE"
}Update a webhook. You can update the endpoint url, event types that the endpoint receives, or temporarily deactivate the webhook.
updateSubscription 200 response
Bad request
Unauthorized
Forbidden
Internal server error
{- "url": "string",
- "event_types": [
- "REFERRAL_CREATED"
], - "status": "ACTIVE"
}{- "id": "string",
- "url": "string",
- "event_types": [
- "REFERRAL_CREATED"
], - "status": "ACTIVE"
}Expense Payment Events. Transaction activity for expenses made on Brex Card.
Account must be on Brex Empower to receive these events. Webhook subscription must be registered using a token from a user with Card Admin role.
| event_type required | string (WebhookEventType) |
| expense_id required | string Unique ID associated with the expense. |
| payment_status required | string (ExpensePaymentStatus)
|
| payment_status_reason required | string (ExpensePaymentStatusReason) The reason for the payment's status. |
| payment_type required | string (ExpensePaymentType)
|
| company_id | string This is the |
| purchased_at | string <date-time> The time the purchase was made. |
object or null The original amount of the expense is the amount that the employee submitted or incurred for reimbursements or card spends. | |
object or null The billing amount of the expense is the amount that the entity is charged, on the entity's currency, for reimbursements or card spends. | |
| card_id | string The ID of the card that is associated with the expense. |
object or null The merchant associated with the expense. | |
| payment_authorization_code | string The authorization code of the associated card expense. |
object or null Deprecated Succeeded by the billing_amount field. | |
| payment_description | string Deprecated Succeeded by the merchant::raw_descriptor field. |
Return this code if the callback was received and processed successfully
{- "event_type": "EXPENSE_PAYMENT_UPDATED",
- "expense_id": "string",
- "payment_status": "PENDING",
- "payment_status_reason": "OTHER",
- "payment_type": "PURCHASE",
- "company_id": "string",
- "purchased_at": "2019-08-24T14:15:22Z",
- "original_amount": {
- "amount": 0,
- "currency": "string"
}, - "billing_amount": {
- "amount": 0,
- "currency": "string"
}, - "card_id": "string",
- "merchant": {
- "raw_descriptor": "string",
- "mcc": "string",
- "country": "string"
}, - "payment_authorization_code": "string",
- "amount": {
- "amount": 0,
- "currency": "string"
}, - "payment_description": "string"
}Referral Events. Reference the Onboarding API for event details.
Return this code if the callback was received and processed successfully
{- "event_type": "REFERRAL_ACTIVATED",
- "referral_id": "string"
}Transfer Events for both incoming and outgoing Brex Cash transactions. Reference the Payments API for event details.
| event_type required | string (WebhookEventType) |
| transfer_id required | string |
| payment_type required | string (PaymentType) Only ACH, DOMESTIC_WIRE, CHEQUE, INTERNATIONAL_WIRE and BOOK_TRANSFER details can be retrieved from the Payments API. |
| return_for_id | string or null The original transaction ID that is returned when the payment type is ACH_RETURN, WIRE_RETURN and CHEQUE_RETURN. |
| company_id | string This is the |
Return this code if the callback was received and processed successfully
{- "event_type": "TRANSFER_FAILED",
- "transfer_id": "string",
- "payment_type": "ACH",
- "return_for_id": "string",
- "company_id": "string"
}User Updated Events. All accounts can receive user status update while only accounts on Brex Empower can receive non-user-status updates.
Return this code if the callback was received and processed successfully
{- "event_type": "USER_UPDATED",
- "user_id": "string",
- "company_id": "string",
- "updated_attributes": [
- "STATUS"
]
}