Guides
Start typing to search…

Webhooks

Webhooks allow your application to receive real-time notifications about events that take place within the platform. Instead of continuously polling our API for updates, webhooks push data to your application when events occur.

Delivery

Webhook events are delivered with a retry policy. After 3 attempts the event will be marked as a failed delivery.
Previous events can be queried by using the webhook/{webhookId}/events endpoint.

Webhook Signature Verification

When an event occurs, we'll send a POST request to your webhook URL with:

  • The event data in the request body
  • A signature in the X-Webhook-Signature header

To verify that the webhook came from our system and wasn't tampered with:

  • Get the signature from the X-Webhook-Signature header
  • Compute an HMAC-SHA256 signature using your webhook token and the raw request body
  • Compare the computed signature with the one in the header
/**
* Validates a webhook signature
* @param {string} payload - The raw request body as a string
* @param {string} signature - The signature from X-Webhook-Signature header 
* @param {string} webhookToken - Your webhook token 
* @returns {boolean} - Whether the signature is valid 
*/
function validateWebhookSignature(payload, signature, webhookToken) {
  const crypto = require('crypto'); 
  // Create HMAC using the webhook token
  const hmac = = crypto.createHmac('sha256', webhookToken);
  
  //Update with the payload
  hmac.update(payload);
  
  // Get the computed signature as hex
  const computedSignature = hmac.digest('hex');
  
  //// Compare signatures (using constant-time comparison to prevent timing attacks)
  return crypto.timingSafeEqual( 
    Buffer.from(computedSignature, 'hex'),
    Buffer.from(signature, 'hex')
  );
}
/// <summary>
/// Validates a webhook signature
/// </summary>
/// <param name="payload">The raw request body as a string</param> 
/// <param name="signature">The signature from X-Webhook-Signature header</param> 
/// <param name="webhookToken">Your webhook token</param>
/// <returns>Whether the signature is valid</returns> 
public bool ValidateWebhookSignature(string payload, string signature, string webhookToken)
{
  using (var hmac = new       System.Security.Cryptography.HMACSHA256(System.Text.Encoding.UTF8.GetBytes(webhookToken)))
  {
    // Compute the hash
    byte[] hash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(payload));
    
    // Convert to hex string
    string computedSignature = BitConverter.ToString(hash).Replace("-", "").ToLower();
    
    // Compare signatures
    return string.Equals(computedSignature, signature, StringComparison.OrdinalIgnoreCase);
    
  }
}

Events

PreIPOCompanySPVstatus: WAITING_MONARK_REVIEW FUND_ADMIN_REVIEW FUND_ADMIN_APPROVED PRIMARY_FUNDRAISE MONARK_DILIGENCE CLOSE_REQUESTED CLOSE_IN_PROGRESS FUNDS_SENT_TO_TARGET CLOSED

InvestorSubscription: PENDING PROCESSING COMPLETE REJECTED

Registered Fund Subscription: TEMPLATE TEMPLATEFILLED INVESTORSIGNED ADVISORSIGNED

PreIPOCompanySPV Updates

When a SPV is updated, or any other related entities you will receive one of the webhook updates described below. This will enable you to maintain synchronicity with our system as documents, details, and values associated with an SPV can change in real time. Changes can take place before or during the PRIMARY_FUNDRAISE stage of an SPV. Changes after the PRIMARY_FUNDRAISE stage can occur, but are rare. See below for a description of the different webhook updates provided.

PreIPOCompanySPVUpdate- An update to a SPV field, contains a list of key value pairs of changed properties.

{
  "eventType": "PreIPOCompanySPVUpdate",
  "data": {
    "preIPOCompanySPVId": "c86f07e9-bd5a-4632-86dd-071e96fb9518",
    "updatedFields": {
      "Valuation": 10000000,
			"GoLiveDate": "2025-10-29"
    },
    "changeType": "Update"
  }
}

PreIPOCompanySPVDocumentUpdate - An update to a document associated with a SPV.

{
  "eventType": "PreIPOCompanySPVDocumentUpdate",
  "data": {
    "preIPOCompanySPVId": "aee3f20e-527b-4f03-8c18-812d928d11e5",
    "documentId": "4b79e1ad-e14a-4c13-9805-20b09397fe2c",
    "documentType": "BUSINESS_FORMATION",
    "changeType": "Create"
  }
}

PreIPOCompanySPVSubscriptionActionDefinitionUpdate - Subscription Action Definitions for a SPV modified.

{
  "eventType": "PreIPOCompanySPVSubscriptionActionDefinitionUpdate",
  "data": {
    "preIPOCompanySPVId": "aee3f20e-527b-4f03-8c18-812d928d11e5",
    "actionName": "E sign",
    "actionType": "TextAcknowledge", 
    "changeType": "Delete"
  }
}

IP Whitelisting

For webhook IP whitelisting configuration, please ensure that the following IP addresses are added to your allowlist to enable proper communication with our webhook endpoints.

The sandbox environment webhook traffic will originate from

  • 5.161.56.181/32

while production webhook requests will be sent from

  • 107.20.245.176/32

These CIDR-formatted IP addresses should be configured in your firewall rules, security groups, or webhook endpoint access controls to allow inbound HTTPS traffic from Monark's systems.

Updated 1 day ago