Webhooks

Overview

Drive API can push updates to your backend using webhooks.

We currently support two webhook types:

• Session Events: charging session lifecycle updates (SESSION_STARTED, SESSION_STOPPED, SESSION_COMPLETE, etc.)
• CDR Forwarding: charging detail records for completed sessions (available only with external clearing)

Use this page as a starting point, then open the dedicated page for the payload details.

Delivery Behavior

All webhook requests are sent as HTTP POST.

General recommendations:

• Always ignore unknown fields (new fields may be added over time)
• Return a response quickly and process asynchronously if needed
• Make your processing idempotent

Delivery differences by webhook type:

• Session Events: sent once, without retries
• CDR Forwarding: retried nightly for up to 7 days if 200 is not returned in time

For CDR forwarding, the same requestId is reused across retries so you can detect duplicates.

Security (HMAC Signatures)

When HMAC is enabled, webhook requests include:

• X-HMAC-SHA512-Signature: base64 HMAC SHA-512 signature of the raw request body
• X-HMAC-SHA512-SignedAt: timestamp indicating when the payload was signed

To verify:

1. Read the raw request body exactly as received.
2. Compute HMAC SHA-512 using your CURRENT secret key.
3. If it does not match, verify again with NEXT (for key rotation compatibility).
4. Reject the request if both checks fail.

For implementation examples and key rotation details, see Verifying HMAC Signature.

Configuration

Webhook configuration is handled with your account manager. You typically need to provide:

• webhook URL
• any custom authorization headers your endpoint expects

Related Guides

• Session Events
• CDR Forwarding
• Verifying HMAC Signature