{ "openapi": "3.0.1", "info": { "title": "Webhooks API", "description": "\nBrex uses webhooks to send real-time notifications when events happen in the accounts that you manage.\nUse webhook subscriptions to subscribe to different webhook events.\n", "contact": { "name": "Admin", "url": "https://brex.com", "email": "developer-access@brex.com" }, "version": "0.1" }, "servers": [ { "url": "https://platform.brexapis.com", "description": "Production" }, { "url": "https://platform.staging.brexapps.com", "description": "Staging (Note: This is not a sandbox. It will not work with customer tokens.)" } ], "security": [ { "OAuth2": [] } ], "tags": [ { "name": "Webhook Subscriptions", "description": "Manage webhook subscriptions." } ], "paths": { "/v1/webhooks": { "get": { "tags": [ "Webhook Subscriptions" ], "summary": "List Webhooks", "description": "List the webhooks you have registered", "operationId": "listSubscription", "parameters": [ { "name": "cursor", "in": "query", "required": false, "schema": { "type": "string", "nullable": true } }, { "name": "limit", "in": "query", "required": false, "schema": { "type": "integer", "format": "int32", "nullable": true } } ], "responses": { "200": { "description": "listSubscription 200 response", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Page_WebhookSubscription_" } } } }, "400": { "description": "Bad request" }, "401": { "description": "Unauthorized" }, "403": { "description": "Forbidden" }, "500": { "description": "Internal server error" } }, "security": [ { "OAuth2": [] } ] }, "post": { "tags": [ "Webhook Subscriptions" ], "summary": "Register Webhook", "description": "Register an endpoint to start receiving selected webhook events", "operationId": "createSubscription", "parameters": [ { "name": "Idempotency-Key", "in": "header", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateWebhookSubscriptionRequest" } } }, "required": true }, "responses": { "200": { "description": "createSubscription 200 response", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookSubscription" } } } }, "400": { "description": "Bad request" }, "401": { "description": "Unauthorized" }, "403": { "description": "Forbidden" }, "500": { "description": "Internal server error" } }, "security": [ { "OAuth2": [] } ] } }, "/v1/webhooks/secrets": { "get": { "tags": [ "Webhook Subscriptions" ], "summary": "List Webhook Secrets", "description": "\nThis endpoint returns a set of webhook signing secrets used to validate the webhook.\nUsually only one key will be returned in the response. After key rotation, this endpoint will return two keys:\nthe new key, and the key that will be revoked soon. There will also be two signatures in the 'Webhook-Signature' request header.\nYour application should use all keys available to validate the webhook request. If validation passes for any\nof the keys returned, the webhook payload is valid.\n", "operationId": "listSecrets", "parameters": [], "responses": { "200": { "description": "listSecrets 200 response", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/WebhookSecret" } } } } }, "400": { "description": "Bad request" }, "401": { "description": "Unauthorized" }, "403": { "description": "Forbidden" }, "500": { "description": "Internal server error" } }, "security": [ { "OAuth2": [] } ] } }, "/v1/webhooks/{id}": { "get": { "tags": [ "Webhook Subscriptions" ], "summary": "Get Webhook", "description": "Get details of a webhook", "operationId": "getSubscriptionById", "parameters": [ { "name": "id", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "getSubscriptionById 200 response", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookSubscription" } } } }, "400": { "description": "Bad request" }, "401": { "description": "Unauthorized" }, "403": { "description": "Forbidden" }, "500": { "description": "Internal server error" } }, "security": [ { "OAuth2": [] } ] }, "put": { "tags": [ "Webhook Subscriptions" ], "summary": "Update Webhook", "description": "Update a webhook.\nYou can update the endpoint url, event types that the endpoint receives, or temporarily deactivate the webhook.\n", "operationId": "updateSubscription", "parameters": [ { "name": "id", "in": "path", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateWebhookSubscriptionRequest" } } }, "required": true }, "responses": { "200": { "description": "updateSubscription 200 response", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookSubscription" } } } }, "400": { "description": "Bad request" }, "401": { "description": "Unauthorized" }, "403": { "description": "Forbidden" }, "500": { "description": "Internal server error" } }, "security": [ { "OAuth2": [] } ] }, "delete": { "tags": [ "Webhook Subscriptions" ], "summary": "Unregister Webhook", "description": "Unregister a webhook if you want to stop receiving webhook events", "operationId": "deleteSubscription", "parameters": [ { "name": "id", "in": "path", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "deleteSubscription 200 response" }, "400": { "description": "Bad request" }, "401": { "description": "Unauthorized" }, "403": { "description": "Forbidden" }, "500": { "description": "Internal server error" } }, "security": [ { "OAuth2": [] } ] } } }, "x-webhooks": { "x-webhooks/expensePayments": { "post": { "tags": [ "Webhook Events" ], "summary": "Expense Payment Events", "description": "Expense Payment Events. Transaction activity for expenses made on Brex Card.\n\nAccount must be on Brex Empower to receive these events. Webhook subscription must be registered using a token from a user with Card Admin role.", "operationId": "expensePaymentUpdatedEvents", "parameters": [], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ExpensePaymentEvent" } } } }, "responses": { "200": { "description": "Return this code if the callback was received and processed successfully" } }, "security": [ { "OAuth2": [ "expenses.card.readonly", "expenses.card" ] } ] } }, "x-webhooks/referrals": { "post": { "tags": [ "Webhook Events" ], "summary": "Referral Events", "description": "Referral Events. Reference the [Onboarding API](/openapi/onboarding_api/) for event details.", "operationId": "referralEvent", "parameters": [], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ReferralEvent" } } } }, "responses": { "200": { "description": "Return this code if the callback was received and processed successfully" } }, "security": [ { "OAuth2": [ "https://onboarding.brexapis.com/referrals" ] } ] } }, "x-webhooks/transfers": { "post": { "tags": [ "Webhook Events" ], "summary": "Transfer Events", "description": "Transfer Events for both incoming and outgoing Brex Cash transactions. Reference the [Payments API](/openapi/payments_api/) for event details.", "operationId": "transferEvents", "parameters": [], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TransferEvent" } } } }, "responses": { "200": { "description": "Return this code if the callback was received and processed successfully" } }, "security": [ { "OAuth2": [ "transfers.readonly", "transfers" ] } ] } }, "x-webhooks/users": { "post": { "tags": [ "Webhook Events" ], "summary": "User Updated Events", "description": "User Updated Events. All accounts can receive user status update while only accounts on Brex Empower can receive non-user-status updates.", "operationId": "userEvent", "parameters": [], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserEvent" } } } }, "responses": { "200": { "description": "Return this code if the callback was received and processed successfully" } }, "security": [ { "OAuth2": [ "users.readonly", "users" ] } ] } } }, "components": { "schemas": { "ApplicationStatus": { "type": "string", "description": "Application status of a product.\n\n`NO_ACCOUNT` - There is no active application, and the product account is not provisioned.\n\n`ACTIVE` - The application is approved, and the product account is provisioned.\n\n`NOT_SUBMITTED` - The application is started but not yet submitted.\n\n`INFORMATION_PENDING` - The application is submitted and additional information is requested.\n\n`MANUAL_REVIEW` - The application is under manual review.\n\n`PROCESSING` - The application is submitted and is under review.\n\n`REJECTED` - The application is rejected.\n\n`CLOSED` - The product account is closed.\n", "enum": [ "NO_ACCOUNT", "ACTIVE", "NOT_SUBMITTED", "INFORMATION_PENDING", "MANUAL_REVIEW", "PROCESSING", "REJECTED", "CLOSED" ] }, "CreateWebhookSubscriptionRequest": { "required": [ "event_types", "url" ], "type": "object", "properties": { "url": { "type": "string" }, "event_types": { "required": [ "true" ], "type": "array", "description": "The Brex API sends webhooks for the events listed below.\nFor more details, see the [webhook guide](/docs/webhooks/#webhook-event-catalog) and\n[webhook events API reference](/openapi/webhooks_api/#tag/Webhook-Events).", "items": { "$ref": "#/components/schemas/WebhookEventType" } } } }, "ExpensePaymentEvent": { "type": "object", "discriminator": { "propertyName": "event_type", "mapping": { "EXPENSE_PAYMENT_UPDATED": "#/components/schemas/ExpensePaymentStatusUpdatedEvent" } }, "oneOf": [ { "$ref": "#/components/schemas/ExpensePaymentStatusUpdatedEvent" } ] }, "ExpensePaymentStatus": { "type": "string", "description": "`PENDING`:The transaction is yet to be captured. It may be approved, yet to be approved, or yet to be declined.\n\n`DECLINED`: The transaction was declined.\n", "enum": [ "PENDING", "DECLINED" ] }, "ExpensePaymentStatusReason": { "type": "string", "description": "The reason for the payment's status.", "enum": [ "OTHER", "APPROVED", "EXCEEDED_BUDGET_LIMIT", "BUDGET_EXPIRED", "NO_BUDGET", "BUDGET_NOT_YET_STARTED", "BUDGET_CATEGORY_RESTRICTION", "BUDGET_MERCHANT_RESTRICTION", "SUSPECTED_FRAUD", "EXCEEDED_GLOBAL_LIMIT", "EXCEEDED_USER_LIMIT", "EXCEEDED_CARD_LIMIT", "INVALID_EXPIRATION_DATE", "CARD_NOT_ACTIVE", "INVALID_CARD_CREDENTIALS", "INVALID_BILLING_ADDRESS", "CARD_SUSPENDED", "CARD_TERMINATED", "CARD_EXPIRED", "MCC_BLOCKED", "USER_SUSPENDED", "INVALID_PIN", "INVALID_CVV", "EXCEEDED_PIN_ATTEMPTS", "INSIDE_SANCTIONED_COUNTRY", "SOFT_EXPIRATION", "TRANSFERRED_CARD_NEW_MERCHANT", "EXCEEDED_ANCESTOR_BUDGET_LIMIT", "EXCEEDED_BUDGET_TRANSACTION_LIMIT", "TOS_BLOCKED", "COMPLIANCE_BLOCKED" ] }, "ExpensePaymentStatusUpdatedEvent": { "required": [ "event_type", "expense_id", "payment_status", "payment_type", "payment_status_reason" ], "type": "object", "properties": { "event_type": { "$ref": "#/components/schemas/WebhookEventType" }, "expense_id": { "type": "string", "description": "Unique ID associated with the expense." }, "payment_status": { "$ref": "#/components/schemas/ExpensePaymentStatus" }, "payment_status_reason": { "$ref": "#/components/schemas/ExpensePaymentStatusReason" }, "payment_type": { "$ref": "#/components/schemas/ExpensePaymentType" }, "company_id": { "type": "string", "description": "\nThis is the `id` returned in the [Get Company](/openapi/team_api/#operation/getCompany) endpoint.\nYou can use the `company_id` to determine which access token to use when you get the details from our API endpoints.\n" }, "purchased_at": { "type": "string", "description": "The time the purchase was made.", "format": "date-time" }, "original_amount": { "allOf": [ { "$ref": "#/components/schemas/Money" }, { "nullable": true } ], "description": "The original amount of the expense is the amount that the employee submitted or incurred for reimbursements or card spends." }, "billing_amount": { "allOf": [ { "$ref": "#/components/schemas/Money" }, { "nullable": true } ], "description": "The billing amount of the expense is the amount that the entity is charged, on the entity's currency, for reimbursements or card spends." }, "card_id": { "type": "string", "description": "The ID of the card that is associated with the expense." }, "merchant": { "allOf": [ { "$ref": "#/components/schemas/Merchant" }, { "nullable": true } ], "description": "The merchant associated with the expense." }, "payment_authorization_code": { "type": "string", "description": "The authorization code of the associated card expense." }, "amount": { "allOf": [ { "$ref": "#/components/schemas/Money" }, { "nullable": true } ], "description": "Succeeded by the billing_amount field.", "deprecated": true }, "payment_description": { "type": "string", "description": "Succeeded by the merchant::raw_descriptor field.", "deprecated": true } }, "description": "The webhook will be sent when an expense payment changes status.\nAccount must be on Brex Empower to receive these events. Subscription must be registered with a user with the CARD_ADMIN role." }, "ExpensePaymentType": { "type": "string", "description": "`PURCHASE`: A pending transaction for making a purchase.\n\n`REFUND`: A pending transaction for a refund.\n\n`WITHDRAWAL`: A pending transaction for a withdrawal.\n\n`DECLINED`: A pending transaction that was declined and will not be completed.\n", "enum": [ "PURCHASE", "REFUND", "WITHDRAWAL", "DECLINED" ] }, "Merchant": { "required": [ "mcc", "raw_descriptor", "country" ], "type": "object", "properties": { "raw_descriptor": { "required": [ "true" ], "type": "string", "description": "Merchant descriptor, it can be the merchant name." }, "mcc": { "required": [ "true" ], "type": "string", "description": "A four-digit number listed in ISO 18245 for retail financial services, e.g. 4121 for Taxicabs and Rideshares. Please refer to https://en.wikipedia.org/wiki/Merchant_category_code for more details." }, "country": { "required": [ "true" ], "type": "string", "description": "Merchant's country, in ISO 3166-1 alpha-3 format." } } }, "Money": { "type": "object", "properties": { "amount": { "type": "integer", "description": "The amount of money, in the smallest denomination of the currency indicated by currency. For example, when currency is USD, amount is in cents.", "format": "int64" }, "currency": { "type": "string", "description": "The type of currency, in ISO 4217 format. Default to USD if not specified", "nullable": true } }, "description": "\nMoney fields can be signed or unsigned. Fields are signed (an unsigned value will be interpreted as positive). The amount of money will be represented in the smallest denomination\nof the currency indicated. For example, USD 7.00 will be represented in cents with an amount of 700.\n" }, "Page_WebhookSubscription_": { "required": [ "items" ], "type": "object", "properties": { "next_cursor": { "type": "string", "nullable": true }, "items": { "type": "array", "items": { "$ref": "#/components/schemas/WebhookSubscription" } } } }, "PaymentType": { "type": "string", "description": "Only ACH, DOMESTIC_WIRE, CHEQUE, INTERNATIONAL_WIRE and BOOK_TRANSFER details can be retrieved from the Payments API.", "enum": [ "ACH", "DOMESTIC_WIRE", "CHEQUE", "INTERNATIONAL_WIRE", "BOOK_TRANSFER", "ACH_RETURN", "WIRE_RETURN", "CHEQUE_RETURN" ] }, "ProductApplication": { "required": [ "cash" ], "type": "object", "properties": { "cash": { "$ref": "#/components/schemas/ApplicationStatus" } } }, "ReferralActivatedEvent": { "required": [ "event_type", "referral_id" ], "type": "object", "properties": { "event_type": { "$ref": "#/components/schemas/WebhookEventType" }, "referral_id": { "type": "string" } }, "description": "The webhook will be sent when a user signs up with the referral link." }, "ReferralApplicationStatusChangedEvent": { "required": [ "application", "event_type", "referral_id" ], "type": "object", "properties": { "event_type": { "$ref": "#/components/schemas/WebhookEventType" }, "referral_id": { "type": "string" }, "application": { "$ref": "#/components/schemas/ProductApplication" } }, "description": "The webhook will be sent when the application status is changed." }, "ReferralCreatedEvent": { "required": [ "event_type", "referral_id" ], "type": "object", "properties": { "event_type": { "$ref": "#/components/schemas/WebhookEventType" }, "referral_id": { "type": "string" } }, "description": "The webhook will be sent when a referral is created." }, "ReferralEvent": { "type": "object", "discriminator": { "propertyName": "event_type", "mapping": { "REFERRAL_ACTIVATED": "#/components/schemas/ReferralActivatedEvent", "REFERRAL_CREATED": "#/components/schemas/ReferralCreatedEvent", "REFERRAL_APPLICATION_STATUS_CHANGED": "#/components/schemas/ReferralApplicationStatusChangedEvent" } }, "oneOf": [ { "$ref": "#/components/schemas/ReferralCreatedEvent" }, { "$ref": "#/components/schemas/ReferralActivatedEvent" }, { "$ref": "#/components/schemas/ReferralApplicationStatusChangedEvent" } ] }, "TransferEvent": { "required": [ "company_id", "payment_type" ], "type": "object", "properties": { "company_id": { "type": "string" }, "payment_type": { "$ref": "#/components/schemas/PaymentType" }, "return_for_id": { "type": "string", "nullable": true } }, "discriminator": { "propertyName": "event_type", "mapping": { "TRANSFER_FAILED": "#/components/schemas/TransferFailedEvent", "TRANSFER_PROCESSED": "#/components/schemas/TransferProcessedEvent" } }, "oneOf": [ { "$ref": "#/components/schemas/TransferProcessedEvent" }, { "$ref": "#/components/schemas/TransferFailedEvent" } ] }, "TransferFailedEvent": { "required": [ "event_type", "payment_type", "transfer_id" ], "type": "object", "properties": { "event_type": { "$ref": "#/components/schemas/WebhookEventType" }, "transfer_id": { "type": "string" }, "payment_type": { "$ref": "#/components/schemas/PaymentType" }, "return_for_id": { "type": "string", "description": "The original transaction ID that is returned when the payment type is ACH_RETURN, WIRE_RETURN and CHEQUE_RETURN.", "nullable": true }, "company_id": { "type": "string", "description": "\nThis is the `id` returned in the [Get Company](/openapi/team_api/#operation/getCompany) endpoint.\nYou can use the `company_id` to determine which access token to use when you get the details from our API endpoints.\n" } }, "description": "The webhook will be sent when a transfer failed." }, "TransferProcessedEvent": { "required": [ "event_type", "payment_type", "transfer_id" ], "type": "object", "properties": { "event_type": { "$ref": "#/components/schemas/WebhookEventType" }, "transfer_id": { "type": "string" }, "payment_type": { "$ref": "#/components/schemas/PaymentType" }, "return_for_id": { "type": "string", "description": "The original transaction ID that is returned when the payment type is ACH_RETURN, WIRE_RETURN and CHEQUE_RETURN.", "nullable": true }, "company_id": { "type": "string", "description": "\nThis is the `id` returned in the [Get Company](/openapi/team_api/#operation/getCompany) endpoint.\nYou can use the `company_id` to determine which access token to use when you get the details from our API endpoints.\n" } }, "description": "The webhook will be sent when a transfer is processed." }, "UpdateWebhookSubscriptionRequest": { "required": [ "event_types", "status", "url" ], "type": "object", "properties": { "url": { "type": "string" }, "event_types": { "type": "array", "items": { "$ref": "#/components/schemas/WebhookEventType" } }, "status": { "$ref": "#/components/schemas/UpdateWebhookSubscriptionStatus" } } }, "UpdateWebhookSubscriptionStatus": { "type": "string", "enum": [ "ACTIVE", "INACTIVE" ] }, "UserAttributes": { "type": "string", "enum": [ "STATUS", "MANAGER_ID", "DEPARTMENT_ID", "LOCATION_ID" ] }, "UserEvent": { "type": "object", "discriminator": { "propertyName": "event_type", "mapping": { "USER_UPDATED": "#/components/schemas/UserUpdatedEvent" } }, "oneOf": [ { "$ref": "#/components/schemas/UserUpdatedEvent" } ] }, "UserUpdatedEvent": { "required": [ "company_id", "event_type", "updated_attributes", "user_id" ], "type": "object", "properties": { "event_type": { "$ref": "#/components/schemas/WebhookEventType" }, "user_id": { "type": "string" }, "company_id": { "type": "string" }, "updated_attributes": { "type": "array", "items": { "$ref": "#/components/schemas/UserAttributes" } } }, "description": "The webhook will be sent when a user is updated." }, "WebhookEventType": { "type": "string", "enum": [ "REFERRAL_CREATED", "REFERRAL_ACTIVATED", "REFERRAL_APPLICATION_STATUS_CHANGED", "TRANSFER_PROCESSED", "TRANSFER_FAILED", "EXPENSE_PAYMENT_UPDATED", "USER_UPDATED" ] }, "WebhookSecret": { "required": [ "secret", "status" ], "type": "object", "properties": { "secret": { "type": "string" }, "status": { "$ref": "#/components/schemas/WebhookSecretStatus" } } }, "WebhookSecretStatus": { "type": "string", "enum": [ "ACTIVE", "PENDING_REVOKE" ] }, "WebhookSubscription": { "required": [ "event_types", "id", "status", "url" ], "type": "object", "properties": { "id": { "type": "string" }, "url": { "type": "string" }, "event_types": { "type": "array", "items": { "$ref": "#/components/schemas/WebhookEventType" } }, "status": { "$ref": "#/components/schemas/WebhookSubscriptionStatus" } } }, "WebhookSubscriptionStatus": { "type": "string", "enum": [ "ACTIVE", "INACTIVE", "ERROR" ] } }, "securitySchemes": { "OAuth2": { "type": "oauth2", "description": "OAuth2 security scheme", "flows": { "clientCredentials": { "tokenUrl": "https://accounts-api.brex.com/oauth2/default/v1/token", "scopes": { "openid": "openid", "offline_access": "offline access" } }, "authorizationCode": { "authorizationUrl": "https://accounts-api.brex.com/oauth2/default/v1/authorize", "tokenUrl": "https://accounts-api.brex.com/oauth2/default/v1/token", "scopes": { "openid": "openid", "offline_access": "offline access" } } } } } }, "x-explorer-enabled": false }