Skip to main content
WEBHOOK
bookingConfirmed
{
  "id": "8c3f9a40-3b5d-4d52-9a2e-cc1f4b7d8e2a",
  "type": "booking.confirmed",
  "created_at": "2026-05-11T14:25:33Z",
  "test": false,
  "data": {
    "booking_number": "MV-AB7X92",
    "partner_reference": "BANK-2026-05-11-00342",
    "status": "CONFIRMED",
    "travel_date": "2026-07-12"
  }
}

Authorizations

Authorization
string
header
default:sk_test_DEMO0000_replace_with_your_sandbox_key
required

API key authentication. Issued by the Safariat admin or via the partner portal. The secret is shown only once at generation.

Production sk_live_* keys must additionally sign every write request (POST/PUT/DELETE) with the X-Timestamp and X-Signature headers. Sandbox sk_test_* keys are exempt from request signing: X-Signature and X-Timestamp are not required for writes in the sandbox (so the developer-portal "Try it" playground works end to end). The Idempotency-Key header remains required on writes in both environments.

Body

application/json
id
string<uuid>
required

Idempotent event ID (to deduplicate on the bank side).

type
enum<string>
required
Available options:
booking.confirmed,
booking.cancelled,
booking.completed,
settlement.issued,
adventure.unavailable,
review.moderated
created_at
string<date-time>
required
test
boolean
required

true if the event originates from an sk_test_* key or from POST /webhooks/{id}/test. The bank must ignore / label these events.

data
object
required

Payload specific to the event type. Stable schema in v1 but may gain new fields (never removed).

Response

2XX

The bank acknowledges receipt (any 2xx response closes the delivery).