Webhooks API (0.1)

Download OpenAPI specification:Download

Admin: developer-access@brex.com URL: https://brex.com

Brex uses webhooks to send real-time notifications when events happen in the accounts that you manage. Use webhook subscriptions to subscribe to different webhook events.

Authentication

OAuth2

OAuth2 security scheme

Security Scheme Type	OAuth2
clientCredentials OAuth Flow	Token URL: https://accounts.brex.com/oauth2/v1/token Scopes: `openid` - openid `offline_access` - offline access
authorizationCode OAuth Flow	Authorization URL: https://accounts.brex.com/oauth2/v1/auth Token URL: https://accounts.brex.com/oauth2/v1/token Scopes: `openid` - openid `offline_access` - offline access

Webhook Subscriptions

Manage webhook subscriptions.

List Webhooks

List the webhooks you have registered

Request

Security:

OAuth2

query Parameters

cursor	string or null
limit	integer or null <int32>

Responses

200

listSubscription 200 response

400

Bad request

401

Unauthorized

403

Forbidden

500

Internal server error

get/v1/webhooks

Request samples

curl
JavaScript
Node.js
Python

curl -i -X GET \
  https://platform.brexapis.com/v1/webhooks \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Response samples

application/json

{"next_cursor": "string",
"items": [{"id": "string",
"url": "string",
"event_types": ["REFERRAL_CREATED"
],
"status": "ACTIVE"
}
]
}

Register Webhook

Request

Security:

OAuth2

header Parameters

Idempotency-Key

required

string

Request Body schema: application/json

url required	string
event_types required	Array of strings (WebhookEventType) The Brex API sends webhooks for the events listed below. For more details, see the webhook guide and webhook events API reference. Items Enum: "REFERRAL_CREATED" "REFERRAL_ACTIVATED" "REFERRAL_APPLICATION_STATUS_CHANGED" "TRANSFER_PROCESSED" "TRANSFER_FAILED" "EXPENSE_PAYMENT_UPDATED" "USER_UPDATED"

Responses

200

createSubscription 200 response

400

Bad request

401

Unauthorized

403

Forbidden

500

Internal server error

post/v1/webhooks

Request samples

Payload
curl
JavaScript
Node.js
Python

application/json

{"url": "string",
"event_types": ["REFERRAL_CREATED"
]
}

Response samples

application/json

{"id": "string",
"url": "string",
"event_types": ["REFERRAL_CREATED"
],
"status": "ACTIVE"
}

List Webhook Secrets

This endpoint returns a set of webhook signing secrets used to validate the webhook. Usually only one key will be returned in the response. After key rotation, this endpoint will return two keys: the new key, and the key that will be revoked soon. There will also be two signatures in the 'Webhook-Signature' request header. Your application should use all keys available to validate the webhook request. If validation passes for any of the keys returned, the webhook payload is valid.

Request

Security:

OAuth2

Responses

200

listSecrets 200 response

400

Bad request

401

Unauthorized

403

Forbidden

500

Internal server error

get/v1/webhooks/secrets

Request samples

curl
JavaScript
Node.js
Python

curl -i -X GET \
  https://platform.brexapis.com/v1/webhooks/secrets \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Response samples

application/json

[{"secret": "string",
"status": "ACTIVE"
}
]

Get Webhook

Get details of a webhook

Request

Security:

OAuth2

path Parameters

required

string

Responses

200

getSubscriptionById 200 response

400

Bad request

401

Unauthorized

403

Forbidden

500

Internal server error

get/v1/webhooks/{id}

Request samples

curl
JavaScript
Node.js
Python

curl -i -X GET \
  'https://platform.brexapis.com/v1/webhooks/{id}' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Response samples

application/json

{"id": "string",
"url": "string",
"event_types": ["REFERRAL_CREATED"
],
"status": "ACTIVE"
}

Update Webhook

Update a webhook. You can update the endpoint url, event types that the endpoint receives, or temporarily deactivate the webhook.

Request

Security:

OAuth2

path Parameters

required

string

Request Body schema: application/json

url required	string
event_types required	Array of strings (WebhookEventType) Items Enum: "REFERRAL_CREATED" "REFERRAL_ACTIVATED" "REFERRAL_APPLICATION_STATUS_CHANGED" "TRANSFER_PROCESSED" "TRANSFER_FAILED" "EXPENSE_PAYMENT_UPDATED" "USER_UPDATED"
status required	string (UpdateWebhookSubscriptionStatus) Enum: "ACTIVE" "INACTIVE"

Responses

200

updateSubscription 200 response

400

Bad request

401

Unauthorized

403

Forbidden

500

Internal server error

put/v1/webhooks/{id}

Request samples

Payload
curl
JavaScript
Node.js
Python

application/json

{"url": "string",
"event_types": ["REFERRAL_CREATED"
],
"status": "ACTIVE"
}

Response samples

application/json

{"id": "string",
"url": "string",
"event_types": ["REFERRAL_CREATED"
],
"status": "ACTIVE"
}

Unregister Webhook

Unregister a webhook if you want to stop receiving webhook events

Request

Security:

OAuth2

path Parameters

required

string

Responses

200

deleteSubscription 200 response

400

Bad request

401

Unauthorized

403

Forbidden

500

Internal server error

delete/v1/webhooks/{id}

Request samples

curl
JavaScript
Node.js
Python

curl -i -X DELETE \
  'https://platform.brexapis.com/v1/webhooks/{id}' \
  -H 'Authorization: Bearer <YOUR_TOKEN_HERE>'

Webhook Events

Expense Payment EventsWebhook

Expense Payment Events. Transaction activity for expenses made on Brex Card.

Account must be on Brex Empower to receive these events. Webhook subscription must be registered using a token from a user with Card Admin role.

Request

Security:

OAuth2 (expenses.card.readonly)

Request Body schema: application/json

event_type required	string (WebhookEventType) EXPENSE_PAYMENT_UPDATED
expense_id required	string
payment_status required	string (ExpensePaymentStatus) `PENDING`:The transaction is yet to be captured. It may be approved, yet to be approved, or yet to be declined. `DECLINED`: The transaction was declined. Enum: "PENDING" "DECLINED"
payment_type required	string (ExpensePaymentType) `PURCHASE`: A pending transaction for making a purchase. `REFUND`: A pending transaction for a refund. `WITHDRAWAL`: A pending transaction for a withdrawal. `DECLINED`: A pending transaction that was declined and will not be completed. Enum: "PURCHASE" "REFUND" "WITHDRAWAL" "DECLINED"
company_id	string This is the `id` returned in the Get Company endpoint. You can use the `company_id` to determine which access token to use when you get the details from our API endpoints.
	object or null Money fields can be signed or unsigned. Fields are signed (an unsigned value will be interpreted as positive). The amount of money will be represented in the smallest denomination of the currency indicated. For example, USD 7.00 will be represented in cents with an amount of 700.
payment_description	string The name of the card acceptor.

Responses

200

Return this code if the callback was received and processed successfully

Request samples

Payload

application/json

{"event_type": "EXPENSE_PAYMENT_UPDATED",
"expense_id": "string",
"payment_status": "PENDING",
"payment_type": "PURCHASE",
"company_id": "string",
"amount": {"amount": 0,
"currency": "string"
},
"payment_description": "string"
}

Referral EventsWebhook

Referral Events. Reference the Onboarding API for event details.

Request

Security:

OAuth2 (https://onboarding.brexapis.com/referrals)

Request Body schema: application/json

event_type required	string (WebhookEventType) REFERRAL_ACTIVATED
referral_id required	string

Responses

200

Return this code if the callback was received and processed successfully

Request samples

Payload

application/json

{"event_type": "REFERRAL_ACTIVATED",
"referral_id": "string"
}

Transfer EventsWebhook

Transfer Events for both incoming and outgoing Brex Cash transactions. Reference the Payments API for event details.

Request

Security:

OAuth2 (transfers.readonlytransfers)

Request Body schema: application/json

event_type required	string (WebhookEventType) TRANSFER_FAILED
transfer_id required	string
payment_type required	string (PaymentType) Only ACH, DOMESTIC_WIRE, CHEQUE, INTERNATIONAL_WIRE and BOOK_TRANSFER details can be retrieved from the Payments API. Enum: "ACH" "DOMESTIC_WIRE" "CHEQUE" "INTERNATIONAL_WIRE" "BOOK_TRANSFER" "ACH_RETURN" "WIRE_RETURN" "CHEQUE_RETURN"
return_for_id	string or null The original transaction ID that is returned when the payment type is ACH_RETURN, WIRE_RETURN and CHEQUE_RETURN.
company_id	string This is the `id` returned in the Get Company endpoint. You can use the `company_id` to determine which access token to use when you get the details from our API endpoints.

Responses

200

Return this code if the callback was received and processed successfully

Request samples

Payload

application/json

{"event_type": "TRANSFER_FAILED",
"transfer_id": "string",
"payment_type": "ACH",
"return_for_id": "string",
"company_id": "string"
}

User Updated EventsWebhook

User Updated Events. All accounts can receive user status update while only accounts on Brex Empower can receive non-user-status updates.

Request

Security:

OAuth2 (users.readonlyusers)

Request Body schema: application/json

object (UserEvent)

Responses

200

Return this code if the callback was received and processed successfully

Request samples

Payload

application/json

{ }