Webhooks API (0.1)

Download OpenAPI specification:Download

Admin: developer-support@brex.com URL: https://brex.com

Brex uses webhooks to send real-time notifications when events happen in the accounts that you manage. Use webhook subscriptions to subscribe to different webhook events.

Webhook Subscriptions

Manage webhook subscriptions.

List Webhooks

List the webhooks you have registered

SecurityOAuth2
Request
query Parameters
cursor
string or null
limit
integer or null <int32>
Responses
200

Success

400

Bad request

401

Unauthorized

403

Forbidden

500

Internal server error

get/v1/webhooks
Request samples 
Response samples 
application/json
{
  • "next_cursor": "string",
  • "items": [
    ]
}
Register Webhook
Register an endpoint to start receiving selected webhook events


SecurityOAuth2 
Request 
header Parameters
Idempotency-Key
required
string
 
Request Body schema: application/json
url
required
string
The URL to which webhook events will be sent. Must be a valid HTTPS URL.


 
group_id
string or null
ID of the webhook group to which this subscription applies, if any. This is only available for partners.


 
event_types
required
Array of strings (WebhookEventType)   non-empty 
A list of the webhook event types this subscription will listen to.


Items Enum: "REFERRAL_CREATED" "REFERRAL_ACTIVATED" "REFERRAL_APPLICATION_STATUS_CHANGED" "TRANSFER_PROCESSED" "TRANSFER_FAILED" "EXPENSE_PAYMENT_UPDATED" "USER_UPDATED" "EMBEDDED_CARD_TRANSACTION_UPDATED" "EMBEDDED_CARD_UPDATED" "EMBEDDED_ACCOUNT_UPDATED" "EMBEDDED_CARD_SHIPPING_UPDATED" "EMBEDDED_DISPUTE_UPDATED" "PARTNERSHIP_INTEGRATION_CONNECTION_UPDATED" "EMBEDDED_CARD_AUTHORIZATION" "EMBEDDED_FRAUD_ALERT" "EMBEDDED_BILLING_GROUP_UPDATED" "EMBEDDED_LEGAL_ENTITY_UPDATED" "EMBEDDED_BILLING_STATEMENT_UPDATED"  
Responses 
200
Success


400
Bad request


401
Unauthorized


403
Forbidden


500
Internal server error


post/v1/webhooks
Request samples 
application/json
{}
Response samples 
application/json
{
  • "id": "wsub_123",
  • "group_id": "wg_123",
  • "url": "https://example.com/webhook",
  • "event_types": "[\"EXPENSE_PAYMENT_UPDATED\"]",
  • "status": "ACTIVE"
}
List Webhook Secrets
This endpoint returns a set of webhook signing secrets used to validate the webhook.
Usually only one key will be returned in the response. After key rotation, this endpoint will return two keys:
the new key, and the key that will be revoked soon. There will also be two signatures in the 'Webhook-Signature' request header.
Your application should use all keys available to validate the webhook request. If validation passes for any
of the keys returned, the webhook payload is valid.


SecurityOAuth2 
Responses 
200
Success


400
Bad request


401
Unauthorized


403
Forbidden


500
Internal server error


get/v1/webhooks/secrets
Request samples 
Response samples 
application/json
[
  • {
    }
]
Get Webhook
Get details of a webhook


SecurityOAuth2 
Request 
path Parameters
id
required
string
 
Responses 
200
Success


400
Bad request


401
Unauthorized


403
Forbidden


500
Internal server error


get/v1/webhooks/{id}
Request samples 
Response samples 
application/json
{
  • "id": "wsub_123",
  • "group_id": "wg_123",
  • "url": "https://example.com/webhook",
  • "event_types": "[\"EXPENSE_PAYMENT_UPDATED\"]",
  • "status": "ACTIVE"
}
Update Webhook
Update a webhook.
You can update the endpoint url, event types that the endpoint receives, or temporarily deactivate the webhook.


SecurityOAuth2 
Request 
path Parameters
id
required
string
 
Request Body schema: application/json
url
required
string
The URL to which webhook events will be sent. Must be a valid HTTPS URL.


 
group_id
string or null
ID of the webhook group to which this subscription applies, if any. This is only available for partners.


 
event_types
required
Array of strings (WebhookEventType) 
A list of the webhook event types this subscription will listen to.


Items Enum: "REFERRAL_CREATED" "REFERRAL_ACTIVATED" "REFERRAL_APPLICATION_STATUS_CHANGED" "TRANSFER_PROCESSED" "TRANSFER_FAILED" "EXPENSE_PAYMENT_UPDATED" "USER_UPDATED" "EMBEDDED_CARD_TRANSACTION_UPDATED" "EMBEDDED_CARD_UPDATED" "EMBEDDED_ACCOUNT_UPDATED" "EMBEDDED_CARD_SHIPPING_UPDATED" "EMBEDDED_DISPUTE_UPDATED" "PARTNERSHIP_INTEGRATION_CONNECTION_UPDATED" "EMBEDDED_CARD_AUTHORIZATION" "EMBEDDED_FRAUD_ALERT" "EMBEDDED_BILLING_GROUP_UPDATED" "EMBEDDED_LEGAL_ENTITY_UPDATED" "EMBEDDED_BILLING_STATEMENT_UPDATED"  
status
required
string
The status of a webhook subscription.


 Enum: Description
ACTIVE
The webhook subscription is active and the associated URL will receive the subscribed event types.


INACTIVE
The webhook subscription is no longer active.


 
Responses 
200
Success


400
Bad request


401
Unauthorized


403
Forbidden


500
Internal server error


put/v1/webhooks/{id}
Request samples 
application/json
{}
Response samples 
application/json
{
  • "id": "wsub_123",
  • "group_id": "wg_123",
  • "url": "https://example.com/webhook",
  • "event_types": "[\"EXPENSE_PAYMENT_UPDATED\"]",
  • "status": "ACTIVE"
}
Unregister Webhook
Unregister a webhook if you want to stop receiving webhook events


SecurityOAuth2 
Request 
path Parameters
id
required
string
 
Responses 
200
Success


400
Bad request


401
Unauthorized


403
Forbidden


500
Internal server error


delete/v1/webhooks/{id}
Request samples 
Webhook Groups
Manage webhook groups.


List Webhook Groups
Lists webhook groups.


SecurityOAuth2 
Request 
query Parameters
cursor
string or null
Cursor for pagination.


 
limit
integer <int32>   [ 0 .. 1000 ] 
 Default:  100
Limit for pagination. If not provided, defaults to 100. Cannot be greater than 1000.


 
Responses 
200
Success


400
Bad request


401
Unauthorized


403
Forbidden


500
Internal server error


get/v1/webhooks/groups
Request samples 
Response samples 
application/json
{
  • "next_cursor": "string",
  • "items": [
    ]
}
Create Webhook Group
Creates a webhook group.


SecurityOAuth2 
Request 
header Parameters
Idempotency-Key
required
string
 
Request Body schema: application/json
name
required
string
The name for the webhook group.


 
Responses 
200
Success


400
Bad request


401
Unauthorized


403
Forbidden


500
Internal server error


post/v1/webhooks/groups
Request samples 
application/json
{
  • "name": "Some Webhook Group"
}
Response samples 
application/json
{
  • "id": "wg_123",
  • "name": "Some Webhook Group"
}
Get Webhook Group
Gets a webhook group.


SecurityOAuth2 
Request 
path Parameters
id
required
string
The ID of the webhook group to retrieve.


 
Responses 
200
Success


400
Bad request


401
Unauthorized


403
Forbidden


500
Internal server error


get/v1/webhooks/groups/{id}
Request samples 
Response samples 
application/json
{
  • "id": "wg_123",
  • "name": "Some Webhook Group"
}
Delete Webhook Group
Deletes a webhook group and all its members.


SecurityOAuth2 
Request 
path Parameters
id
required
string
The ID of the webhook group to delete.


 
Responses 
200
Success


400
Bad request


401
Unauthorized


403
Forbidden


500
Internal server error


delete/v1/webhooks/groups/{id}
Request samples 
Add Webhook Group Members
Adds members to webhook groups.


SecurityOAuth2 
Request 
path Parameters
id
required
string
The ID of the webhook group to add members to.


 
Request Body schema: application/json
required
Array of objects (WebhookGroupMemberInput)   non-empty 
The list of webhook group members to add to the group.


 
Responses 
200
Success


400
Bad request


401
Unauthorized


403
Forbidden


500
Internal server error


post/v1/webhooks/groups/{id}/add_members
Request samples 
application/json
{
  • "members": [
    ]
}
List Webhook Group Members
Lists the members currently in the specified webhook group.


SecurityOAuth2 
Request 
path Parameters
id
required
string
The ID of the webhook group to retrieve members for.


 
query Parameters
cursor
string or null
Cursor for pagination.


 
limit
integer <int32>   [ 0 .. 1000 ] 
 Default:  100
Limit for pagination. If not provided, defaults to 100. Cannot be greater than 1000.


 
Responses 
200
Success


400
Bad request


401
Unauthorized


403
Forbidden


500
Internal server error


get/v1/webhooks/groups/{id}/members
Request samples 
Response samples 
application/json
{
  • "next_cursor": "string",
  • "items": [
    ]
}
Remove Webhook Group Members
Removes members from webhook groups.


SecurityOAuth2 
Request 
path Parameters
id
required
string
The ID of the webhook group to remove members from.


 
Request Body schema: application/json
required
Array of objects (WebhookGroupMemberInput)   non-empty 
The list of webhook group members to remove from the group.


 
Responses 
200
Success


400
Bad request


401
Unauthorized


403
Forbidden


500
Internal server error


post/v1/webhooks/groups/{id}/remove_members
Request samples 
application/json
{
  • "members": [
    ]
}
Schemas
Schemas.


Webhook Group
A webhook group, which can be used by webhook subscriptions to target only the webhook group members. When an event occurs and it belongs to a member of the group, the webhooks will be sent only to the subscriptions that are associated with the group. If there is no group associated with the event, then the webhook will be sent to all subscriptions that are not associated with any group. Webhook groups are only available for partners.


id
required
string  non-empty 
The ID of the webhook group.


 
name
required
string  non-empty 
The name for the webhook group.


 
{
  • "id": "wg_123",
  • "name": "Some Webhook Group"
}
Webhook Group Member
A member of a webhook group.


group_id
required
string  non-empty 
The ID of the webhook group this member belongs to.


 
member_type
required
string
The type of a webhook group member.


 Value: Description
ACCOUNT
The webhook group member is a customer account.


 
member_id
required
string  non-empty 
The ID of the webhook group member.


 
{
  • "group_id": "wg_123",
  • "member_type": "ACCOUNT",
  • "member_id": "cuacc_123"
}
Webhook Secret
A webhook secret, which can be used to validate that incoming webhook messages were sent by Brex.


secret
required
string  non-empty 
The payload of the secret to be used for webhook validation.


 
status
required
string
The status of a webhook secret.


 Enum: Description
ACTIVE
The webhook secret is active and can be used to validate webhooks from Brex.


PENDING_REVOKE
The webhook secret is still active, but it will soon be revoked. This may happen during key rotations.


REVOKED
The webhook secret is no longer active. It cannot be used to validate webhooks from Brex.


 
{
  • "secret": "whsec_123",
  • "status": "ACTIVE"
}
Webhook Subscription
A webhook subscription. When events of the specified event types occur, they will be sent to the given URL. If the subscription applies to a webhook group, then only events that apply to the members of that group will be sent. If it does not apply to any group, then only events that don't apply to any specific group will be sent. Webhook groups are only available for partners.


id
required
string  non-empty 
ID of the webhook subscription.


 
group_id
string or null
ID of the webhook group to which this subscription applies, if any.


 
url
required
string
The URL to which webhook events will be sent. Must be a valid HTTPS URL.


 
event_types
required
Array of strings (WebhookEventType) 
List of event types that this webhook subscription listens to.


Items Enum: "REFERRAL_CREATED" "REFERRAL_ACTIVATED" "REFERRAL_APPLICATION_STATUS_CHANGED" "TRANSFER_PROCESSED" "TRANSFER_FAILED" "EXPENSE_PAYMENT_UPDATED" "USER_UPDATED" "EMBEDDED_CARD_TRANSACTION_UPDATED" "EMBEDDED_CARD_UPDATED" "EMBEDDED_ACCOUNT_UPDATED" "EMBEDDED_CARD_SHIPPING_UPDATED" "EMBEDDED_DISPUTE_UPDATED" "PARTNERSHIP_INTEGRATION_CONNECTION_UPDATED" "EMBEDDED_CARD_AUTHORIZATION" "EMBEDDED_FRAUD_ALERT" "EMBEDDED_BILLING_GROUP_UPDATED" "EMBEDDED_LEGAL_ENTITY_UPDATED" "EMBEDDED_BILLING_STATEMENT_UPDATED"  
status
required
string
The status of a webhook subscription.


 Enum: Description
ACTIVE
The webhook subscription is active and the associated URL will receive the subscribed event types.


INACTIVE
The webhook subscription is no longer active.


 
{
  • "id": "wsub_123",
  • "group_id": "wg_123",
  • "url": "https://example.com/webhook",
  • "event_types": "[\"EXPENSE_PAYMENT_UPDATED\"]",
  • "status": "ACTIVE"
}
Webhook Events
Expense Payment Updated EventWebhook 
Expense activity on Brex Cards.


SecurityOAuth2 
Request 
Request Body schema: application/json
event_type
required
string (WebhookEventType) 
 Enum: "REFERRAL_CREATED" "REFERRAL_ACTIVATED" "REFERRAL_APPLICATION_STATUS_CHANGED" "TRANSFER_PROCESSED" "TRANSFER_FAILED" "EXPENSE_PAYMENT_UPDATED" "USER_UPDATED" "EMBEDDED_CARD_TRANSACTION_UPDATED" "EMBEDDED_CARD_UPDATED" "EMBEDDED_ACCOUNT_UPDATED" "EMBEDDED_CARD_SHIPPING_UPDATED" "EMBEDDED_DISPUTE_UPDATED" "PARTNERSHIP_INTEGRATION_CONNECTION_UPDATED" "EMBEDDED_CARD_AUTHORIZATION" "EMBEDDED_FRAUD_ALERT" "EMBEDDED_BILLING_GROUP_UPDATED" "EMBEDDED_LEGAL_ENTITY_UPDATED" "EMBEDDED_BILLING_STATEMENT_UPDATED"  
expense_id
required
string
Unique ID associated with the expense.


 
version
required
integer <int32>   >= 0 
Version of this expense. This value starts at 1 and is incremented by 1 with every update.


 
payment_status
required
string (ExpensePaymentStatus) 
PENDING:The transaction is yet to be captured. It may be approved, yet to be approved, or yet to be declined.


DECLINED: The transaction was declined.
    


 Enum: "PENDING" "DECLINED"  
payment_type
required
string (ExpensePaymentType) 
PURCHASE: A pending transaction for making a purchase.


REFUND: A pending transaction for a refund.


WITHDRAWAL: A pending transaction for a withdrawal.


DECLINED: A pending transaction that was declined and will not be completed.
    


 Enum: "PURCHASE" "REFUND" "WITHDRAWAL" "DECLINED"  
company_id
required
string
This is the id returned in the Get Company endpoint.
You can use the company_id to determine which access token to use when you get the details from our API endpoints.


 
purchased_at
string or null <date-time> 
The time the purchase was made.


 
object or null
 Deprecated 
Money fields can be signed or unsigned. Fields are signed (an unsigned value will be interpreted as positive). The amount of money will be represented in the smallest denomination
of the currency indicated. For example, USD 7.00 will be represented in cents with an amount of 700.


 
object or null
Money fields can be signed or unsigned. Fields are signed (an unsigned value will be interpreted as positive). The amount of money will be represented in the smallest denomination
of the currency indicated. For example, USD 7.00 will be represented in cents with an amount of 700.


 
object or null
Money fields can be signed or unsigned. Fields are signed (an unsigned value will be interpreted as positive). The amount of money will be represented in the smallest denomination
of the currency indicated. For example, USD 7.00 will be represented in cents with an amount of 700.


 
payment_description
required
string
 Deprecated 
Succeeded by the merchant::raw_descriptor field.


 
card_id
required
string
The ID of the card that is associated with the expense.


 
required
object
The merchant associated with the expense.


 
payment_status_reason
required
string (PaymentStatusReason) 
The reason for the payment's status.


 Enum: "OTHER" "APPROVED" "EXCEEDED_BUDGET_LIMIT" "BUDGET_EXPIRED" "NO_BUDGET" "BUDGET_NOT_YET_STARTED" "BUDGET_CATEGORY_RESTRICTION" "BUDGET_MERCHANT_RESTRICTION" "SUSPECTED_FRAUD" "EXCEEDED_GLOBAL_LIMIT" "EXCEEDED_USER_LIMIT" "EXCEEDED_CARD_LIMIT" "INVALID_EXPIRATION_DATE" "CARD_NOT_ACTIVE" "INVALID_CARD_CREDENTIALS" "INVALID_BILLING_ADDRESS" "CARD_SUSPENDED" "CARD_TERMINATED" "CARD_EXPIRED" "MCC_BLOCKED" "USER_SUSPENDED" "INVALID_PIN" "INVALID_CVV" "EXCEEDED_PIN_ATTEMPTS" "INSIDE_SANCTIONED_COUNTRY" "SOFT_EXPIRATION" "TRANSFERRED_CARD_NEW_MERCHANT" "EXCEEDED_ANCESTOR_BUDGET_LIMIT" "EXCEEDED_BUDGET_TRANSACTION_LIMIT" "TOS_BLOCKED" "COMPLIANCE_BLOCKED"  
payment_authorization_code
string or null
The authorization code of the associated card expense.


 
Responses 
200
Return this code if the callback was received and processed successfully


Request samples 
application/json
{
  • "event_type": "REFERRAL_CREATED",
  • "expense_id": "string",
  • "version": 1,
  • "payment_status": "PENDING",
  • "payment_type": "PURCHASE",
  • "company_id": "string",
  • "purchased_at": "2019-08-24T14:15:22Z",
  • "amount": {
    },
  • "original_amount": {
    },
  • "billing_amount": {
    },
  • "payment_description": "string",
  • "card_id": "string",
  • "merchant": {
    },
  • "payment_status_reason": "OTHER",
  • "payment_authorization_code": "string"
}
Referral Activated EventWebhook 
A referral was activated.


SecurityOAuth2 
Request 
Request Body schema: application/json
event_type
required
string (WebhookEventType) 
 Enum: "REFERRAL_CREATED" "REFERRAL_ACTIVATED" "REFERRAL_APPLICATION_STATUS_CHANGED" "TRANSFER_PROCESSED" "TRANSFER_FAILED" "EXPENSE_PAYMENT_UPDATED" "USER_UPDATED" "EMBEDDED_CARD_TRANSACTION_UPDATED" "EMBEDDED_CARD_UPDATED" "EMBEDDED_ACCOUNT_UPDATED" "EMBEDDED_CARD_SHIPPING_UPDATED" "EMBEDDED_DISPUTE_UPDATED" "PARTNERSHIP_INTEGRATION_CONNECTION_UPDATED" "EMBEDDED_CARD_AUTHORIZATION" "EMBEDDED_FRAUD_ALERT" "EMBEDDED_BILLING_GROUP_UPDATED" "EMBEDDED_LEGAL_ENTITY_UPDATED" "EMBEDDED_BILLING_STATEMENT_UPDATED"  
referral_id
required
string
The referral ID


 
Responses 
200
Return this code if the callback was received and processed successfully


Request samples 
application/json
{
  • "event_type": "REFERRAL_CREATED",
  • "referral_id": "string"
}
Referral Application Status Changed EventWebhook 
A referral's application status changed.


SecurityOAuth2 
Request 
Request Body schema: application/json
event_type
required
string (WebhookEventType) 
 Enum: "REFERRAL_CREATED" "REFERRAL_ACTIVATED" "REFERRAL_APPLICATION_STATUS_CHANGED" "TRANSFER_PROCESSED" "TRANSFER_FAILED" "EXPENSE_PAYMENT_UPDATED" "USER_UPDATED" "EMBEDDED_CARD_TRANSACTION_UPDATED" "EMBEDDED_CARD_UPDATED" "EMBEDDED_ACCOUNT_UPDATED" "EMBEDDED_CARD_SHIPPING_UPDATED" "EMBEDDED_DISPUTE_UPDATED" "PARTNERSHIP_INTEGRATION_CONNECTION_UPDATED" "EMBEDDED_CARD_AUTHORIZATION" "EMBEDDED_FRAUD_ALERT" "EMBEDDED_BILLING_GROUP_UPDATED" "EMBEDDED_LEGAL_ENTITY_UPDATED" "EMBEDDED_BILLING_STATEMENT_UPDATED"  
referral_id
required
string
The referral ID


 
required
object (ProductApplication) 
The product application details for the referral.


 
Responses 
200
Return this code if the callback was received and processed successfully


Request samples 
application/json
{
  • "event_type": "REFERRAL_CREATED",
  • "referral_id": "string",
  • "application": {
    }
}
Referral Created EventWebhook 
A referral was created.


SecurityOAuth2 
Request 
Request Body schema: application/json
event_type
required
string (WebhookEventType) 
 Enum: "REFERRAL_CREATED" "REFERRAL_ACTIVATED" "REFERRAL_APPLICATION_STATUS_CHANGED" "TRANSFER_PROCESSED" "TRANSFER_FAILED" "EXPENSE_PAYMENT_UPDATED" "USER_UPDATED" "EMBEDDED_CARD_TRANSACTION_UPDATED" "EMBEDDED_CARD_UPDATED" "EMBEDDED_ACCOUNT_UPDATED" "EMBEDDED_CARD_SHIPPING_UPDATED" "EMBEDDED_DISPUTE_UPDATED" "PARTNERSHIP_INTEGRATION_CONNECTION_UPDATED" "EMBEDDED_CARD_AUTHORIZATION" "EMBEDDED_FRAUD_ALERT" "EMBEDDED_BILLING_GROUP_UPDATED" "EMBEDDED_LEGAL_ENTITY_UPDATED" "EMBEDDED_BILLING_STATEMENT_UPDATED"  
referral_id
required
string
The referral ID


 
Responses 
200
Return this code if the callback was received and processed successfully


Request samples 
application/json
{
  • "event_type": "REFERRAL_CREATED",
  • "referral_id": "string"
}
Transfer Failed EventWebhook 
Transfer failed events for both incoming and outgoing Brex Cash transactions.


SecurityOAuth2 
Request 
Request Body schema: application/json
event_type
required
string (WebhookEventType) 
 Enum: "REFERRAL_CREATED" "REFERRAL_ACTIVATED" "REFERRAL_APPLICATION_STATUS_CHANGED" "TRANSFER_PROCESSED" "TRANSFER_FAILED" "EXPENSE_PAYMENT_UPDATED" "USER_UPDATED" "EMBEDDED_CARD_TRANSACTION_UPDATED" "EMBEDDED_CARD_UPDATED" "EMBEDDED_ACCOUNT_UPDATED" "EMBEDDED_CARD_SHIPPING_UPDATED" "EMBEDDED_DISPUTE_UPDATED" "PARTNERSHIP_INTEGRATION_CONNECTION_UPDATED" "EMBEDDED_CARD_AUTHORIZATION" "EMBEDDED_FRAUD_ALERT" "EMBEDDED_BILLING_GROUP_UPDATED" "EMBEDDED_LEGAL_ENTITY_UPDATED" "EMBEDDED_BILLING_STATEMENT_UPDATED"  
transfer_id
required
string
The transfer ID


 
payment_type
required
string (PaymentType) 
Only ACH, DOMESTIC_WIRE, CHEQUE, INTERNATIONAL_WIRE and BOOK_TRANSFER details can be retrieved from the Payments API.


 Enum: "ACH" "DOMESTIC_WIRE" "CHEQUE" "INTERNATIONAL_WIRE" "BOOK_TRANSFER" "ACH_RETURN" "WIRE_RETURN" "CHEQUE_RETURN"  
return_for_id
string or null
The original transaction ID that is returned when the payment type is ACH_RETURN, WIRE_RETURN and CHEQUE_RETURN.


 
company_id
required
string
This is the id returned in the Get Company endpoint. You can use the company_id to determine which access token to use when you get the details from our API endpoints.


 
Responses 
200
Return this code if the callback was received and processed successfully


Request samples 
application/json
{
  • "event_type": "REFERRAL_CREATED",
  • "transfer_id": "string",
  • "payment_type": "ACH",
  • "return_for_id": "string",
  • "company_id": "string"
}
Transfer Processed EventWebhook 
Transfer processed events for both incoming and outgoing Brex Cash transactions.


SecurityOAuth2 
Request 
Request Body schema: application/json
event_type
required
string (WebhookEventType) 
 Enum: "REFERRAL_CREATED" "REFERRAL_ACTIVATED" "REFERRAL_APPLICATION_STATUS_CHANGED" "TRANSFER_PROCESSED" "TRANSFER_FAILED" "EXPENSE_PAYMENT_UPDATED" "USER_UPDATED" "EMBEDDED_CARD_TRANSACTION_UPDATED" "EMBEDDED_CARD_UPDATED" "EMBEDDED_ACCOUNT_UPDATED" "EMBEDDED_CARD_SHIPPING_UPDATED" "EMBEDDED_DISPUTE_UPDATED" "PARTNERSHIP_INTEGRATION_CONNECTION_UPDATED" "EMBEDDED_CARD_AUTHORIZATION" "EMBEDDED_FRAUD_ALERT" "EMBEDDED_BILLING_GROUP_UPDATED" "EMBEDDED_LEGAL_ENTITY_UPDATED" "EMBEDDED_BILLING_STATEMENT_UPDATED"  
transfer_id
required
string
The transfer ID


 
payment_type
required
string (PaymentType) 
Only ACH, DOMESTIC_WIRE, CHEQUE, INTERNATIONAL_WIRE and BOOK_TRANSFER details can be retrieved from the Payments API.


 Enum: "ACH" "DOMESTIC_WIRE" "CHEQUE" "INTERNATIONAL_WIRE" "BOOK_TRANSFER" "ACH_RETURN" "WIRE_RETURN" "CHEQUE_RETURN"  
return_for_id
string or null
The original transaction ID that is returned when the payment type is ACH_RETURN, WIRE_RETURN and CHEQUE_RETURN.


 
company_id
required
string
This is the id returned in the Get Company endpoint. You can use the company_id to determine which access token to use when you get the details from our API endpoints.


 
Responses 
200
Return this code if the callback was received and processed successfully


Request samples 
application/json
{
  • "event_type": "REFERRAL_CREATED",
  • "transfer_id": "string",
  • "payment_type": "ACH",
  • "return_for_id": "string",
  • "company_id": "string"
}
User Updated EventWebhook 
Updates on Brex users.


SecurityOAuth2 
Request 
Request Body schema: application/json
event_type
required
string (WebhookEventType) 
 Enum: "REFERRAL_CREATED" "REFERRAL_ACTIVATED" "REFERRAL_APPLICATION_STATUS_CHANGED" "TRANSFER_PROCESSED" "TRANSFER_FAILED" "EXPENSE_PAYMENT_UPDATED" "USER_UPDATED" "EMBEDDED_CARD_TRANSACTION_UPDATED" "EMBEDDED_CARD_UPDATED" "EMBEDDED_ACCOUNT_UPDATED" "EMBEDDED_CARD_SHIPPING_UPDATED" "EMBEDDED_DISPUTE_UPDATED" "PARTNERSHIP_INTEGRATION_CONNECTION_UPDATED" "EMBEDDED_CARD_AUTHORIZATION" "EMBEDDED_FRAUD_ALERT" "EMBEDDED_BILLING_GROUP_UPDATED" "EMBEDDED_LEGAL_ENTITY_UPDATED" "EMBEDDED_BILLING_STATEMENT_UPDATED"  
user_id
required
string
 
company_id
required
string
 
updated_attributes
required
Array of strings (UserAttributes) 
Items Enum: "STATUS" "MANAGER_ID" "DEPARTMENT_ID" "LOCATION_ID"  
Responses 
200
Return this code if the callback was received and processed successfully


Request samples 
application/json
{
  • "event_type": "REFERRAL_CREATED",
  • "user_id": "string",
  • "company_id": "string",
  • "updated_attributes": [
    ]
}
Copyright © Brex 2019–2025. All rights reserved.