Skip to main content
POST
/
v1
/
discovery
/
webhooks
/
{provider}
/
{webhookToken}
Receive an aggregator webhook
curl --request POST \
  --url https://matcher.sandbox.lerian.net/v1/discovery/webhooks/{provider}/{webhookToken} \
  --header 'Content-Type: application/octet-stream' \
  --header 'X-Webhook-Signature: <api-key>' \
  --data '"<string>"'
{
  "code": "<string>",
  "detail": "<string>",
  "errors": [
    {
      "location": "<string>",
      "message": "<string>",
      "value": "<unknown>"
    }
  ],
  "instance": "<string>",
  "status": 123,
  "title": "<string>",
  "type": "about:blank"
}

Authorizations

X-Webhook-Signature
string
header
required

Hex HMAC-SHA256 of the raw request body, proving an inbound aggregator webhook originated from the configured provider.

Headers

X-Webhook-Signature
string

Hex HMAC-SHA256 of the raw body for signing providers; omitted by IP-allowlist providers

Path Parameters

provider
string
required

Aggregator provider the token was minted for (pluggy or belvo)

Example:

"pluggy"

webhookToken
string
required

Opaque webhook token minted for the connection; hashed and resolved to a tenant binding server-side

Body

application/octet-stream

The body is of type file.

Response

Accepted