Skip to content

Sandbox Notify Enrollment

Enrollment webhooks allow you to be notified of enrollment for your users. Your marketplace should expose an HTTPS endpoint that accepts a POST of a JSON document encoded in the UTF-8 character encoding. Cardlytics will publish an enrollment notification to this endpoint each time an enrollment changes state. You can go to Notify Enrollment to have more information about the notifyEnrollment process. This endpoint allows you to emulate that behavior in the sandbox environment.

Endpoint

  • Base Url: https://poweredby.dosh.com
  • Path: /api/notify-enrollment/test
  • Method: POST
  • Content-Type: application/json; charset=UTF-8

Sandbox Notify Enrollment Request Body Format

If the optional fields are not provided, they will be populated with random values.

Field Required Example Description
sandboxCallbackUrl Yes https://my-webhook.host.com Your sandbox webhook endpoint we will call to pass the enrollment information.
eventId No 1111111-1111-1111-1111-111111111111 The unique id of the event. Each event will have a unique event id.
userId No 00000000-0000-0000-0000-00000000000 This is your marketplaceā€™s unique identifier for your user. Supports an id up to 36 characters.
cardLastFour No 1234 This is the last 4 digits of the card that was enrolled.
eventType No One of:
ENROLL,
UNENROLL		 The enrollment event type.
paymentNetworkId No One of:
VISA,
MASTERCARD,
AMEX,
DISCOVER,
PAYPAL		 The payment network of the enrolled card.

Examples:

Request body with sandboxCallbackUrl the only required field. 

1
2
3
{
  "sandboxCallbackUrl": "https://my-webhook.host.com"
}

Request body with all fields provided

1
2
3
4
5
6
7
8
{
    "sandboxCallbackUrl": "https://my-webhook.host.com",
    "eventId": "11111111-1111-1111-1111-111111111111",
    "userId": "00000000-0000-0000-0000-000000000000",
    "cardId": "22222222-2222-2222-2222-222222222222",
    "paymentNetworkId": "",
    "eventType": "UNENROLL"
}

Responses

When the event is correctly processed

1
2
3
4
5
{
    "success": true,
    "environment": "SANDBOX",
    "requestId": "398ef3ce-2946-43f4-b68a-8927b2e39ccf"
}

When you do not provide sandboxCallbackUrl

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
{
  "success": false,
  "environment": "SANDBOX",
  "requestId": "92a7da4e-85f0-4745-a781-9e2086efe584",
  "error": {
    "category": "SERVICE_ERROR",
    "message": "Service error",
    "violations": [
        "Input failed validation"
    ]
  }
}

Webhook responses

When you only provides sandboxCallbackUrl

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
{
  "eventId": "25f9fcf2-7a52-4dc7-a700-ce2f13033786",
  "event": "ENROLLMENT_CONFIRMED",
  "eventTimestamp": "2021-04-27T18:43:29.459Z",
  "notificationTimestamp": "2021-04-27T18:43:32.355Z",
  "userId": "29e39c9d-6130-49c9-ba5a-8865a40a00c2",
  "cardId": "6a873ee9-b74e-4ed2-a846-04ffc5793079",
  "paymentNetworkId": "VISA",
  "cardLastFour": "1234"
}

When you fill other fields

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
{
  "eventId": "11111111-1111-1111-1111-111111111111",
  "event": "ENROLLMENT_TERMINATED",
  "eventTimestamp": "2021-04-28T19:31:04.623Z",
  "notificationTimestamp": "2021-04-28T19:31:04.768Z",
  "userId": "00000000-0000-0000-0000-000000000000",
  "cardId": "22222222-2222-2222-2222-222222222222",
  "paymentNetworkId": "",
  "cardLastFour": "1234"
}

Security

The endpoints you expose and that Cardlytics exposes are available over the public internet. To validate that the request originated from an authenticated client, all requests include a JWT which attests to the authenticity of the request. For more details, see: the API Reference: Overview: Cardlytics JWT Authorization Token.

HTTP Conventions

Cardlytics's API endpoints and webhooks all try to adhere to and honor standard HTTP status codes. Below are the response codes that you may see when calling Cardlytics's endpoints and webhooks.

  • 200 OK - Success. The request is understood and acknowledged. The body of the response may indicate additional context or error conditions.
  • 301 and 302 - Cardlytics does not currently require clients to handle redirects. For future proofing, following 1 redirect for a request to Cardlytics is recommended.
  • 401 Unauthorized - Will be returned when the request does not include required credentials.
  • 403 Forbidden - Will be returned when the caller is not allowed to invoke the endpoint.
  • 404 Not Found - Will be returned when Cardlytics cannot locate the resource requested.
  • 405 Method Not Allowed - Will be returned when Cardlytics does not support the HTTP method requested. Note that most Cardlytics endpoints support POST only.
  • 415 Unsupported Media Type - Will be returned when Cardlytics does not understand the body of the request. Note that most Cardlytics endpoints support application/json only.
  • 429 Too Many Requests - Will be returned when Cardlytics is throttling requests from your client. Note that Cardlytics tries to never respond with this response code but may under extreme circumstances.
  • 500 Internal Server Error - Will be returned when Cardlytics emits an unknown or not-handled error.
  • 501 Not Implemented - Will be returned when Cardlytics completely does not understand the request passed.
  • 503 Service Unavailable - Will be returned if the specific service is down for maintenance or other reasons.

Originating IP Addresses

Cardlytics requests will always originate from the following IP addresses:

  • 34.200.22.120
  • 54.144.103.20
  • 54.235.87.177