Using webhooks to receive notifications about events that occur with Apple Wallet and Google Wallet cards

Webhooks serve to notify your service about changes that have occurred with Apple Wallet and Google Wallet cards

When an event occurs, such as saving a card to Apple Wallet, an object is created that an HTTP POST request is sent to the address you specified. This object contains relevant information, including the event type and information related to the event.

Webhook verification

Before using a webhook, we first need to check the URL that will accept webhooks. To do this, we send a webhook.verify event with a token to your URL.

For a successful verification, you need to return the received token in response with a status of 200.

Getting a webhook

These webhooks are sent in JSON format in the body of the POST request with the HTTP header x-loyal: event.

The event is digitally signed so you can verify that it really came from our server

The string-converted request body is signed by HMAC-SHA1 using the token you will receive when you activate the webhooks.
The signature is added as an HTTP header with the name x-loyal-signature.

Types of events:

  • webhook.verify - Webhook verification
  • pass.aw.created - Apple Wallet card created
  • pass.gp.created - Google Wallet card created
  • pass.aw.updated - The Apple Wallet card has been changed
  • pass.gp.updated - The Google Wallet card has been changed
  • registration.aw.created - The Apple Wallet card is installed on the phone
  • registration.gp.created - The Google Wallet card is installed on the phone
  • registration.aw.deleted - Apple Wallet card deleted from phone or messages disabled
  • registration.gp.deleted - The Google Wallet card has been deleted from the phone