How it works
Register an endpoint
Tell Yoshi where to send events by creating a webhook endpoint via the API or the self-service portal. You provide an HTTPS URL and optionally choose which event types to receive.
Yoshi detects a change
When a user’s financial data changes — new transactions arrive from their bank, a balance refreshes, or an account is linked — Yoshi generates a webhook event.
Your server receives the event
Yoshi sends an HTTP POST to your endpoint with the event payload. Each request is signed so you can verify it came from Yoshi.
Event envelope
Every webhook event follows the same structure:| Field | Description |
|---|---|
id | Unique event identifier. Stable across retries — use it for idempotency. |
type | Dot-notation event type, e.g. transaction.created. See the full event catalog. |
created_at | ISO 8601 timestamp of when the event occurred. |
api_version | The API version that generated this event. Currently 2026-04-10. |
data | Event-specific payload. Contains resource IDs and non-sensitive metadata. |
Webhook payloads contain resource IDs and metadata, not full resource objects. To fetch complete details, call the corresponding API endpoint with the ID from the event. This keeps payloads small and minimizes sensitive data in transit.
Security
Every webhook request includes three headers for signature verification:| Header | Description |
|---|---|
webhook-id | Unique message identifier |
webhook-timestamp | Unix timestamp (seconds) when the webhook was sent |
webhook-signature | HMAC-SHA256 signature for verifying authenticity |
Consumer portal
Every API key holder has access to a self-service webhook portal for managing endpoints, viewing delivery logs, and replaying failed events. Generate a portal link via the API:- Create, edit, and delete webhook endpoints
- View delivery attempts with response codes
- Replay failed events with one click
- Browse the event log with full payloads
What’s next
Event catalog
Browse all available event types and their payloads.
Verify signatures
Ensure webhook requests are authentic.
Delivery and retries
Understand retry behavior and idempotency.
Manage endpoints
Register and configure webhook endpoints via the API.