Principles
When the loan application process is integrated in the application of a partner, some events in the partner application can have an influence on the corresponding loan application and mozzeno can be notified of these evens through webhooks.
Specifications
Request Method
HTTPS POST
Request URI
The webhook urls to be called are:
- https://api.mozzeno.com/webhooks for production
- https://api-dev.mozzeno.com/webhooks for development environment
Request headers
Header | Example value | Description |
|---|---|---|
Content-Type | application/json | |
X-Signature | hmacsha256=04c47cc2f008201...349aa16b89a | HMAC signature of the JSON body with a secret (RFC 2104). The JSON used for signature is exactly the value sent in the Body, no manipulation/compression. We take the Hex representation of the signature, in lower case. the signature is prefixed with "hmacsha256=" Online tools can help to validate your implementation of hmac256, f.i https://www.devglan.com/online-tools/hmac-sha256-online The secret should be provided to the support team. (mandatory) |
X-Request-ID | e654b4c2-7b3a-4245-a5ee-acd100c1d0bb | unique ID for idempotency and replay protection (optional) |
Body
Example
{
"event": "order.cancelled",
"event_date": "2025-04-23T15:45:00Z",
"version": "1.0",
"branch_id": "09d5fe96-f046-46c9-bdef-b2ad01639422",
"payload": {
"loan_application_id":"c3c0c86c-1886-4864-9022-b38b008ae988",
"order_reference":"ABC123"
}
}
Documentation
| Json field | Presence | Description |
|---|---|---|
| event | mandatory | Type of event, see table below. Each type of events needs to be enabled by the support team. Webhooks sent for disabled events for a given branch_id will return an HTTP 400 error. |
| event_date | mandatory | The timestamp of the event in UTC. |
| version | mandatory | Technical field to manage version of the webhook in case of evolution, 1.0 for now |
| branch_id | mandatory | Technical unique identifier of the partner |
| payload | mandatory | A string containing a valid JSON. The JSON is not just nested, but included as a string in order to keep this evolutive, and possibly pass dynamic/custom information. |
| loan_application_id | mandatory | Technical unique identifier of the loan_application, required to uniquely identity the loan application |
| order_reference | optional | Can be sent for context but can't be used to identify the loan_application (the loan_application_id should be sent) |
List of possible events
| Event | Description |
|---|---|
| order.cancelled | The order has been abandoned by the customer. This can happen before or after the event loan_application.completed, which influences the next event to be generated, respectively loan_application.cancelled or loan.cancelled |
| mock.completed | A specific event only possible in the development environment, used to simulate the completion of the loan application boarding with fake data. Should be called only after the event loan_application.registered has been triggered by mozzeno. |
| order.delivery_initiated | The delivery of the order has been initiated |
| order.delivery_confirmed | The delivery of the order has been confirmed, meaning the customer has effectively received the order. By default this confirmation comes from the client (signing a form), but in some use cases a confirmation from the merchant can be used as well, if measures are taken to guarantee the delivery or if merchant accepts the risk. |
| mock.declined | A specific event only possible in the development environment, used to simulate the decline decision by the mozzeno scoring system. Should be called only after the event loan_application.completed has been triggered by mozzeno. |
| mock.preapproved | A specific event only possible in the development environment, used to simulate the preapproval decision by the mozzeno scoring system. Should be called only after the event loan_application.completed has been triggered by mozzeno. |
| mock.cancelled | A specific event only possible in the development environment, used to simulate that the loan application or loan has been cancelled by the user directly on the mozzeno platform. Should be called only after the event loan_application.registered has been triggered by mozzeno. This can happen before or after the event loan_application.completed, which influences the next event to be generated, respectively loan_application.cancelled or loan.cancelled |
| mock.ready_to_grant | A specific event only possible in the development environment, used to simulate the evidences and signature steps (customer and agent work). Should be called only after the event loan.preapproved has been triggered by mozzeno. |
| mock.delivery_confirmed | A specific event only possible in the development environment, used to simulate the signature of the delivery confirmation statement by the customer on the mozzeno platform. Should be called only after the event loan.ready_to_grant has been triggered by mozzeno. _This event is specific to the tied credit use case, where a loan is used to finance a specific purchase. |
| mock.granted | A specific event only possible in the development environment, used to simulate the grant confirmation (agent work). Should be called only after the event loan.ready_to_grant has been triggered by mozzeno. |
| mock.withdrawn | A specific event only possible in the development environment, used to simulate the withdrawal of a loan applciation previously granted (customer and agent work). Should be called only after the event loan.granted has been triggered by mozzeno. |