# Webhooks

### Auth Set-up

To ensure that a webhook is being called by imin, we'll set up an API key that imin will use to call your API.

{% hint style="warning" %}
**Note**: This won't be the same as the API key that you use to call imin's API.
{% endhint %}

We'll pre-arrange this API key and then use it in our webhooks.

Please only allow calls with the known API Key.

## Customer Detail Change

<mark style="color:green;">`POST`</mark> `https://yourapihere.com/path/of/your/choosing`

#### Headers

| Name      | Type   | Description                       |
| --------- | ------ | --------------------------------- |
| X-Api-Key | string | imin's API Key for using your API |

#### Request Body

| Name       | Type   | Description                                                |
| ---------- | ------ | ---------------------------------------------------------- |
| @id        | string | URL of the GET Customer Account endpoint for this customer |
| identifier | string | Customer Identifier                                        |

{% tabs %}
{% tab title="204 Webhook has been successfully received" %}

```
```

{% endtab %}
{% endtabs %}

Example request:

```javascript
{
  "@context": "https://openactive.io/",
  "@type": "CustomerAccount",
  "@id": "https://book.imin.co/api/v2/customer-accounts/abc",
  "identifier": "abc"
}
```

This webhook will be called in the following cases:

* [Seller Account](https://docs.imin.co/incorporating-book-and-pay/imin-booking-platform/customer-management/linked-accounts) has been disconnected.
* Customer details updated in a Seller Account.
* [Access Pass](https://docs.imin.co/incorporating-book-and-pay/imin-booking-platform/customer-management/access-pass-beta) updated in a Seller Account.
* [Hidden Entitlement](https://docs.imin.co/incorporating-book-and-pay/imin-booking-platform/customer-management/linked-accounts) change in a Seller Account
* Entitlement removal following rejected [Evidence Request](https://docs.imin.co/incorporating-book-and-pay/imin-booking-platform/customer-management/entitlement/dynamic-entitlements)

When this webhook is received, call [Get Customer Account](https://docs.imin.co/incorporating-book-and-pay/imin-booking-platform/customer-management/get-customer) in order to find out what has changed. A single webhook can indicate any number of the changes listed above, so it is recommended that all notifications are processed every time a webhook is received.

{% hint style="danger" %}
Webhooks that trigger user interaction are vulnerable to replay attacks. We advise, when processing a webhook request, storing the `@id` of customer update notifications to prevent this.&#x20;
{% endhint %}