Booking cancelled
Emitted when a booking moves to CANCELLED (via the partner or unilaterally by Safariat).
Authorizations
API key authentication. Issued by the Safariat admin or via the partner portal. The secret is shown only once at generation.
Production sk_live_* keys must additionally sign every write request
(POST/PUT/DELETE) with the X-Timestamp and X-Signature headers.
Sandbox sk_test_* keys are exempt from request signing: X-Signature and
X-Timestamp are not required for writes in the sandbox (so the developer-portal
"Try it" playground works end to end). The Idempotency-Key header remains
required on writes in both environments.
Body
Idempotent event ID (to deduplicate on the bank side).
booking.confirmed, booking.cancelled, booking.completed, settlement.issued, adventure.unavailable, review.moderated true if the event originates from an sk_test_* key or from
POST /webhooks/{id}/test. The bank must ignore / label these events.
Payload specific to the event type. Stable schema in v1 but may gain new fields (never removed).
Response
Acknowledgment of receipt.