Webhooks
Passage Connect sends ES256-signed webhooks when a link completes or fails.
Webhook delivery
When an automation finishes, the Connect Service sends a POST request to the webhook_url specified when creating the link.
Payload format
The webhook body is a signed JWT containing the link result data.
Signature verification
Webhooks are signed with ES256 (ECDSA with P-256 and SHA-256). Verify signatures using the public key fetched from:
POST /webhook_verification_key/getThe response includes the public key identified by a kid (key ID) in the JWT header.
Retry policy
Details on webhook retry behavior.
Next steps
- Webhook Verification Guide — Step-by-step verification
- Webhook Key API — Fetch the verification key
Last updated on