Principles

When the loan application process is integrated in the application of a partner, some events in the partner application can have an influence on the corresponding loan application and mozzeno can be notified of these evens through webhooks.

Specifications

Request Method

HTTPS POST

Request URI

The webhook urls to be called are:

https://api.mozzeno.com/webhooks for production
https://api-dev.mozzeno.com/webhooks for development environment

Request headers

Header	Example value	Description
Content-Type	application/json
X-Signature	hmacsha256=04c47cc2f008201...349aa16b89a	HMAC signature of the JSON body with a secret (RFC 2104). The JSON used for signature is exactly the value sent in the Body, no manipulation/compression. We take the Hex representation of the signature, in lower case. the signature is prefixed with "hmacsha256=" Online tools can help to validate your implementation of hmac256, f.i https://www.devglan.com/online-tools/hmac-sha256-online The secret should be provided to the support team. (mandatory)
X-Request-ID	e654b4c2-7b3a-4245-a5ee-acd100c1d0bb	unique ID for idempotency and replay protection (optional)

Body

Example

{
  "event": "order.cancelled",
  "event_date": "2025-04-23T15:45:00Z",
  "version": "1.0",
  "branch_id": "09d5fe96-f046-46c9-bdef-b2ad01639422",
  "payload": {
  	"loan_application_id":"c3c0c86c-1886-4864-9022-b38b008ae988",
		"order_reference":"ABC123"
		}
  }

Documentation

Json field	Presence	Description
event	mandatory	Type of event, see table below. Each type of events needs to be enabled by the support team. Webhooks sent for disabled events for a given branch_id will return an HTTP 400 error.
event_date	mandatory	The timestamp of the event in UTC.
version	mandatory	Technical field to manage version of the webhook in case of evolution, 1.0 for now
branch_id	mandatory	Technical unique identifier of the partner
payload	mandatory	A string containing a valid JSON. The JSON is not just nested, but included as a string in order to keep this evolutive, and possibly pass dynamic/custom information.
loan_application_id	mandatory	Technical unique identifier of the loan_application, required to uniquely identity the loan application
order_reference	optional	Can be sent for context but can't be used to identify the loan_application (the loan_application_id should be sent)

List of possible events

Event	Description
order.cancelled	The order has been abandoned by the customer. This can happen before or after the event loan_application.completed, which influences the next event to be generated, respectively loan_application.cancelled or loan.cancelled
mock.completed	A specific event only possible in the development environment, used to simulate the completion of the loan application boarding with fake data. Should be called only after the event loan_application.registered has been triggered by mozzeno.
order.delivery_initiated	The delivery of the order has been initiated
order.delivery_confirmed	The delivery of the order has been confirmed, meaning the customer has effectively received the order. By default this confirmation comes from the client (signing a form), but in some use cases a confirmation from the merchant can be used as well, if measures are taken to guarantee the delivery or if merchant accepts the risk.
mock.declined	A specific event only possible in the development environment, used to simulate the decline decision by the mozzeno scoring system. Should be called only after the event loan_application.completed has been triggered by mozzeno.
mock.preapproved	A specific event only possible in the development environment, used to simulate the preapproval decision by the mozzeno scoring system. Should be called only after the event loan_application.completed has been triggered by mozzeno.
mock.cancelled	A specific event only possible in the development environment, used to simulate that the loan application or loan has been cancelled by the user directly on the mozzeno platform. Should be called only after the event loan_application.registered has been triggered by mozzeno. This can happen before or after the event loan_application.completed, which influences the next event to be generated, respectively loan_application.cancelled or loan.cancelled
mock.ready_to_grant	A specific event only possible in the development environment, used to simulate the evidences and signature steps (customer and agent work). Should be called only after the event loan.preapproved has been triggered by mozzeno.
mock.delivery_confirmed	A specific event only possible in the development environment, used to simulate the signature of the delivery confirmation statement by the customer on the mozzeno platform. Should be called only after the event loan.ready_to_grant has been triggered by mozzeno. _This event is specific to the tied credit use case, where a loan is used to finance a specific purchase.
mock.granted	A specific event only possible in the development environment, used to simulate the grant confirmation (agent work). Should be called only after the event loan.ready_to_grant has been triggered by mozzeno.
mock.withdrawn	A specific event only possible in the development environment, used to simulate the withdrawal of a loan applciation previously granted (customer and agent work). Should be called only after the event loan.granted has been triggered by mozzeno.