Enabling webhook

To enable webhooks, please access the Developer Tab from your dashboard and add your webhook URL. A webhook secret will be generated and displayed for security purposes; please ensure you store it securely.

PaymentWebhookData

FieldName	Type	Description	Required
eventType	Enum	Payment \| Account \| Plan	Yes
paymentEntryType	Enum	RECEIVED_PAYMENT \| CREATED_PAYMENT	Yes
paymentReferenceId	String	This field is present when payment was executed successfully. In some cases where payment is failed upon submission, there is no paymentReferenceId assigned	No
paymentType	Enum	LOCAL \| INTERNATIONAL	No
status	Enum	PENDING \| SCHEDULED \| UNCLAIMED \| REQUESTED \| PROCESSING \| IN_TRANSIT \| COMPLETE \| CANCELED \| DECLINED \| FAILED \| RETURNED	No
payer	String	Payer handle (or email if handle doesn’t exist)	No
description	String	Description of the payment	Yes
amount	Number	If payment entry type is RECEIVED_PAYMENT the value of the field will be amount received in beneficiary bank currency before fee (if beneficiary pays the fee) If payment entry type is CREATED_PAYMENT, amount is the payment amount before fees (if payer pays the fee)	Yes
totalAmount	Number	If payment entry type is RECEIVED_PAYMENT the value of the field will be totalAmount received after the fee (if beneficiary pays the fee) If payment entry type is CREATED_PAYMENT, the value of the field will be totalAmount paid after the fee (if payer pays the fee)	No
fee	Number	If payment entry type is RECEIVED_PAYMENT the value of the field will be fee amount of beneficiary (if beneficiary pays the fee) If payment entry type is CREATED_PAYMENT, the value of the field will be fee amount of payer (if payer pays the fee)	No
currency	Enum	3-letter currency code If payment entry type is RECEIVED_PAYMENT currency field reflects beneficiary bank currency If payment entry type is CREATED_PAYMENT currency field reflects payer payment currency	No
beneficiary	String	Beneficiary handle (if exists) or email	No
beneficiaryAmount	Number	This field appears only when payment entry type is CREATED_PAYMENT. This field indicates beneficiary amount before fee (if beneficiary pays the fee)	No
beneficiaryFee	Number	This field appears only when payment entry type is CREATED_PAYMENT. This field indicates beneficiary fee amount (if beneficiary pays the fee)	No
beneficiaryTotalAmount	Number	This field appears only when payment entry type is CREATED_PAYMENT. This field indicates beneficiary total amount after fee (if beneficiary pays the fee)	No
beneficiaryCurrency	Enum	This field appears only when payment entry type is CREATED_PAYMENT. This field indicates beneficiary 3 letter currency	No
batchId	String	If payment was executed via mass payout, batchId of the payout will be assigned	No
estimatedArrival	String	ISO Date string of estimated arrival	No
paymentMethod	Enum	BANK_ACCOUNT \| FUNDING_BALANCE \| WIRE_TRANSFER \| PAYPAL	No
receiveMethod	Enum	BANK_ACCOUNT \| FUNDING_BALANCE \| PAYPAL \| VENMO \| CARD	No
clientPaymentRef	String	If payment was executed via api and unique identifier of clientPaymentRef was provided then it will reflect in this field	No
createdAt	String	ISO Date string of when payment was created	No
senderName	String	The name of who sent the funds (specific for incoming wire payments)	No

Contact Webhook Data

This webhook is only sent when contact is being created via Widget. Learn more about borderless Widget

FieldName	Type	Description	Required
eventType	Enum	Contact	Yes
entryType	Enum	CREATED \	UPDATED
id	String	Unique identifier of created contact account.	No
country	Enum	2-letter country code	Yes
currency	Enum	3-letter currency code	Yes
handle	String	Unique identifier for borderless™ contact (Handles overview)	Yes
externalContactId	String	Unique identifier for borderless™ contact	Yes
accountType	Enum	PERSONAL \	BUSINESS
status	Enum	APPROVED \	REJECTED \
contactType	Enum	INTERNAL \	EXTERNAL
displayName	String	Display name of a contact	Yes
email	String	Contact's email	Yes
receiveMethod	Enum	BANK_ACCOUNT \	PAYPAL \
clientInternalReference	String	Client reference to the contact provided by client	No
createdAt	String	ISO Date string of contact creation	No

Card Webhook Data

This webhook is being sent when card status of the contact changes.

FieldName	Type	Description	Required
eventType	Enum	Card	Yes
entryType	Enum	CREATED \	DELETED \
id	String	Unique identifier of contact's card.	No
status	Enum	VERIFIED \	REJECTED \
handle	String	Unique identifier for borderless™ contact (Handles overview)	Yes
externalContactId	String	Unique identifier for borderless™ contact	No
last4Digits	String	Last 4 digits of contact's card number	Yes
expirationDate	String	Card expiration date (format MM/YYYY)	Yes
contactType	Enum	INTERNAL \	EXTERNAL
accountType	Enum	PERSONAL \	BUSINESS
clientInternalReference	String	Client reference to the contact provided by client	No
createdAt	String	ISO Date string of card creation	No

Webhook Examples

Examples of webhook bodies shown below.

Successfully executed payment (CREATED_PAYMENT)
(this webhook will be sent to payer if payer have webhooks enabled)

{
  "eventType": "Payment",
  "paymentEntryType": "CREATED_PAYMENT",
  "status": "COMPLETE",
  "paymentReferenceId": "UATPYXYZ",
  "amount": 7,
  "fee": 0,
  "totalAmount": 7,
  "currency": "GBP",
  "description": "test pay",
  "beneficiary": "US-Buziness",
  "beneficiaryAmount": 8.5,
  "beneficiaryFee": 0.75,
  "beneficiaryTotalAmount": 7.75,
  "beneficiaryCurrency": "USD",
  "clientPaymentRef": null,
  "paymentMethod": "FUNDING_BALANCE",
  "paymentType": "INTERNATIONAL",
  "estimatedArrival": "2023-10-05T00:00:00.000Z",
  "batchId": null,
  "createdAt": "2023-10-05T15:09:33.187Z"
}

Received Payment webhook (RECEIVED_PAYMENT) 
(this webhook will be sent to beneficiary if beneficiary have webhooks enabled)

{
  "eventType": "Payment",
  "paymentEntryType": "RECEIVED_PAYMENT",
  "status": "PROCESSING",
  "paymentReferenceId": "97230",
  "payer": "US-Buziness",
  "description": "test with attachment",
  "amount": 5.76,
  "fee": 0.51,
  "totalAmount": 5.25,
  "currency": "GBP",
  "clientPaymentRef": null,
  "paymentMethod": "BANK_ACCOUNT",
  "paymentType": "INTERNATIONAL",
  "estimatedArrival": "2023-10-06T00:00:00.000Z",
  "batchId": null,
  "createdAt": "2023-10-05T15:06:06.438Z"
}

Payment webhook of failed payment (Failed upon submission) will have very minimal 
set of fields because there is no tracking for this payment created:

{
  "eventType": "Payment",
  "paymentEntryType": "CREATED_PAYMENT",
  "beneficiary": "^b5dd1",
  "amount": 100,
  "reason": "Financial Institution Request Error",
  "description": "demo pay to LT",
  "status": "FAILED",
  "batchId": "3b738307-7"
}


{
  "batchId": "3b738307-7",
  "successfulPayments": 1,
  "failedPayments": 1,
  "totalSubmittedPayments": 2,
  "paymentsReport": [
    {
      "id": 1,
      "handle": "^b5dd1",
      "amount": 100,
      "submissionStatus": "FAILED",
      "cause": "Financial Institution Request Error"
      "clientPaymentRef": "client-payment-ref"
    },
    {
      "id": 2,
      "handle": "^4456d",
      "amount": 12,
      "paymentReferenceId": "P4323540901",
      "submissionStatus": "SUCCESS",
      "clientPaymentRef": "client-payment-ref2"
    }
  ]
}

{
  "eventType": "Contact",
  "entryType": "CREATED",
  "id": "cm7cesvn10001e6ac7f3ppimx",
  "country": "US",
  "currency": "USD",
  "status": "APPROVED",
  "handle": "^817ee",
  "externalContactId": "^817ee",
  "displayName": "Johny Doe",
  "email": "example@example.com",
  "contactType": "EXTERNAL",
  "accountType": "PERSONAL",
  "clientInternalReference": "some-reference",
  "receiveMethod": "BANK_ACCOUNT"
  "createdAt": "2025-01-19T21:12:22.573Z",
}

{
  "eventType": "Card",
  "entryType": "UPDATED",
  "id": "aaa0aaa0000aaaa00aa0000aa",
  "status": "REJECTED",
  "handle": "^12345",
  "externalContactId": "^12345",
  "last4Digits": "9999",
  "expirationDate": "07/2029",
  "contactType": "EXTERNAL",
  "accountType": "PERSONAL",
  "clientInternalReference": "internal_ref_12345",
  "createdAt": "2025-01-01T13:32:47.625Z"
}

Verify Webhooks

Webhooks have the following structure:

Webhook body in json format
Custom header x-borderless-webhook where we send hashed signature
Custom header x-borderless-webhook-timestamp where we send timestamp

HOW TO VERIFY

To verify that a request is coming from an expected source (borderless) and that the request has not been tampered with in transit borderless uses Hash-based Message Authentication Code (HMAC). This method is a cryptographic authentication technique that uses a hash function and a shared secret key (webhook secret).

To verify that a webhook is coming from borderless, create HMAC signature using incoming request parameters and your webhooks secret key and cmapre created hash signature with the one received in the header. The verification process and steps can be found below. Please note that the step order DOES matter.

Create HMAC from invoming request:

Create signature (using hash 512 algorithm and using your webhookSecret);
Create a message to be hashed from current timestamp (x-borderless-webhook-timestamp) + webhook body (as string) (First goes timestamp and then attach body to it to create one string);
Note that the decoding algorithm (digest) is 'hex';

Compare 2 signatures:
Compare x-borderless-webhook and the created one. If the signatures match then the webhook signature is VERIFIED and that the request came from borderless.