Skip to main content
WEBHOOK
reviewModerated
{
  "id": "5a1b22e0-71c4-4e1c-9b22-9f3c0e2d77aa",
  "type": "review.moderated",
  "created_at": "2026-05-26T12:34:56Z",
  "test": false,
  "data": {
    "review_id": "1e8a47e0-2b3c-4d5e-8f10-7d6c5b4a3210",
    "reviewable_type": "EXPERIENCE",
    "reviewable_id": "ad000002-0000-4000-8000-0000000000d2",
    "booking_id": "bk000123-0000-4000-8000-0000000000a1",
    "booking_number": "MV-AB7X92",
    "partner_reference": "BANK-2026-05-11-00342",
    "action": "HIDDEN",
    "moderated_at": "2026-05-26T12:34:55Z"
  }
}

Authorizations

Authorization
string
header
default:sk_test_DEMO0000_replace_with_your_sandbox_key
required

API key authentication. Issued by the Safariat admin or via the partner portal. The secret is shown only once at generation.

Production sk_live_* keys must additionally sign every write request (POST/PUT/DELETE) with the X-Timestamp and X-Signature headers. Sandbox sk_test_* keys are exempt from request signing: X-Signature and X-Timestamp are not required for writes in the sandbox (so the developer-portal "Try it" playground works end to end). The Idempotency-Key header remains required on writes in both environments.

Body

application/json
id
string<uuid>
required

Idempotent event ID (to deduplicate on the bank side).

type
enum<string>
required
Available options:
booking.confirmed,
booking.cancelled,
booking.completed,
settlement.issued,
adventure.unavailable,
review.moderated
created_at
string<date-time>
required
test
boolean
required

true if the event originates from an sk_test_* key or from POST /webhooks/{id}/test. The bank must ignore / label these events.

data
object
required

Payload specific to the event type. Stable schema in v1 but may gain new fields (never removed).

Response

2XX

Acknowledgment of receipt.