# Webhooks - Quickstart ## Introduction Lili offers a webhook mechanism, so that partners can receive updates on applicants activity in the Lili platform. A full set of APIs exist to manage the registration of a webhook. For more info, see [here](/apis/webhooks/webhooks) ## Flow img ## Security Lili offers 2 levels of webhooks security - 1. IP whitelistening - all webhook calls are made from one of those defined IP addresses 2. Token identification - all webhook calls contains an HTTP header that identifies them as being sent by Lili ### IP Whitelisting Lili will activate webhooks from a predefined list of IPs. Make sure to whitelist only this closed list of IPs to protect your application: | Environment | IPs | | --- | --- | | Sandbox | 18.213.104.31, 3.208.116.48, 34.202.116.80 | | Prod | 3.209.35.162, 52.202.86.146, 54.208.152.74 | ### Tokens Every creation of a webhook (using the following [api](/apis/webhooks/webhooks)) returns a token. Store this token in your records. Every webhook call includes an HTTP header called lili-secret. This header contains the same token, and can be used to verify calls made by the Lili server. ## Guaranteed delivery Each webhook that fails (i.e. server response is not HTTP 200) will be redelivered up to 4 times: | Retry | Delay (in seconds) | | --- | --- | | 1 | 60 | | 2 | 180 | | 3 | 600 | | 4 | 1800 | ## Webhook Http Request ### V2_0 #### Description A json body is sent to the webhook using the POST verb. #### HTTP Verb POST ### V1_0 (Deprecated) #### Description Each webhhook call has a different set of parameters, based on the "action" parameter. #### HTTP Verb GET ## Common parameters These parameters are passed by all webhooks | Parameter Name | Description | | --- | --- | | personId | The Person UUID, as received from the the Create Application API call | | action | The action type. Currently support values are submitApplication, onboardingComplete | | token | The webhook token, as returned in the webhook API create call | ## Supported Actions ### submitApplication Activated when the customer submits his onboarding application. No additional parameters are passed. ### idVerification Activated when id verification request was sent to the customer ### firstRequestedDocs Activated when the customer was asked for business documentation Additional parameters are: | Parameter Name | Description | | --- | --- | | missing_docs | The CSV list of requested documents, one or more of the following enum - IRS_EIN_LETTER, ARTICLES_OF_ORGANIZATION, LETTER_OF_REINSTATEMENT, GOVERNMENT_IDENTIFICATION, ARTICLES_OF_INCORPORATION, SIGNED_PARTNERSHIP_AGREEMENT, AMENDMENT_DOCUMENT, OPERATING_AGREEMENT, UTILITY_BILL | ### firstUploadDocs Activated when the customer uploaded his docs, and is now waiting for the Lili compliance team to review ### idVerificationAdditionalUbos Activated when id verification request was sent to the business additional UBOs ### resubmitDocs Activated when the customer was asked to resubmit the documents he uploaded to Lili ### applicationRejected Activated when the customer application was rejected by the Lili compliance team ### onboardingComplete Activated when the customer's application is approved, and his account opened Additional parameters are: | Parameter Name | Description | | --- | --- | | bankAccountNumber | The newly created bank account number | | routingNumber | The routing number of the newly created bank account | ### payment_reconciled Activated when the customer payment was reconcilied with the ACH file | Parameter Name | Description | | --- | --- | | paymentId | The payment ID, as received in the create payment API |