Webhooks

Aleta follows the Standard Webhooks specification for propagating system events to external users.

An asymmetric signing scheme based on elliptic curve cryptography allows webhook consumers to verify the integrity of payloads originating from Aleta. The key type is P256, and public keys for verification are exposed as JSON Web Keys at GET /v2/webhooks/keys. For information on how the signature is constructed and verified, refer to the specification.

Events

Following Standard Webhooks, JSON payloads always contain the following fields:

• type (string, required): Determines the type of event that occurred.
• timestamp (string, required): The point in time at which the event occurred.
• data (object, required): Data describing the event itself (depends on the event type).

The following subsections describe the various events emitted from the system.

Calculated Data Created

• clientId (string, required): Identifier of the client for which data is ready.

Example

{
  "type": "calculated_data.created",
  "timestamp": "2024-10-17T07:05:18",
  "data": {
    "clientId": "6710efbc34673a0a646a45de"
  }
}

Endpoints

GET /webhooks/keys

Get active public keys for verifying webhook payload integrity.

info

Webhook signing keys are subject to occasional key rotation.

Example

# Request
GET /v2/webhooks/keys HTTP/1.1
Accept: application/json
Authorization: Bearer <access token>
Host: platform.aleta.io

# Response
HTTP/1.1 200 OK
Content-Type: application/json

{
  "keys": [
    {
      "kid": "98abecd03c00eb1d4fc7ed50c1286cafd80d1eb3d93603fe449e96d4291a76f5",
      "kty": "EC",
      "crv": "P-256",
      "x": "mgWOHCsiFfz8ejgVH/aMsvnIz4jQrKUYLVZ5ppu3sgo=",
      "y": "sbtaHcMfp3YXRo6syjv581qRJJ2KyCHXaF1m3PIVzEg="
    }
  ]
}