Webhook

This is an asynchronous mechanism where Monolay notifies a client about changes to a consent by sending a request to a client-provided endpoint. This allows clients to continue other tasks instead of waiting for a response or polling.

Configuration

Configuration of this is detailed in the System section of the documentation.

Notifications

We can call back your webhook when a consent is created and when it is approved by the Payment Service User.

Payload

When there is a change to the consent we make a callback using a POST. The payload can be configured to be a signed JWT or unsigned message, which you can decode to see the status of the consent.

claims decoded payload
{
"consent_id": "09f8b867-6dcb-48f2-9354-379460c80cc7",
"consent_status": "AWAU",
"timestamp": "2026-04-20T10:21:49+00:00"
}

The consent status values are:

Awaiting Authorisation (AWAU): The initial state where the user is in the process of, or has not yet completed, authorizing the request.
Authorised (AUTH): The user has successfully granted permission for the TPP to access account details or make payments.
Rejected/Revoked (RJCT): The user has withdrawn consent, or the request failed, meaning the TPP no longer has access.

Security

You can download our public key or the Monolay JSON web key set JWKS and use it to verify the signature of the JWT.

You can whitelist our IP address that we call from 13.135.40.61 and 35.176.65.111

Configuration​

Notifications​

Payload​

Security​

Configuration

Notifications

Payload

Security