Webhooks allow you to receive HTTP POST notifications when key events happen in your Klara applications. Instead of polling the API, configure a webhook endpoint and Klara will push events to you in real time.
Supported events
| Event | Trigger |
|---|
application.opened | End user opens the Klara portal for the first time |
application.submitted | End user submits their application |
webhook.test | Manually sent test ping from the dashboard |
{
"id": "evt_abc123",
"type": "application.submitted",
"timestamp": "2026-01-15T10:30:00Z",
"applicationId": "550e8400-e29b-41d4-a716-446655440000",
"organizationId": "org_123",
"data": {
// Event-specific fields
}
}
| Field | Type | Description |
|---|
id | string | Unique event ID (use for idempotency) |
type | string | Event type (e.g., application.submitted) |
timestamp | string | ISO 8601 timestamp of when the event occurred |
applicationId | string | UUID of the related application |
organizationId | string | UUID of your organization |
data | object | Event-specific payload (see below) |
application.opened
Fired when the end user opens their Klara portal link for the first time.
{
"id": "evt_abc123",
"type": "application.opened",
"timestamp": "2026-01-15T10:30:00Z",
"applicationId": "550e8400-e29b-41d4-a716-446655440000",
"organizationId": "org_123",
"data": {
"applicationRef": "APP-001",
"openedAt": "2026-01-15T10:30:00Z"
}
}
application.submitted
Fired when the end user submits their application.
{
"id": "evt_def456",
"type": "application.submitted",
"timestamp": "2026-01-16T14:20:00Z",
"applicationId": "550e8400-e29b-41d4-a716-446655440000",
"organizationId": "org_123",
"data": {
"applicationId": "550e8400-e29b-41d4-a716-446655440000",
"submittedAt": "2026-01-16T14:20:00Z",
"fields": {
"company_name": "Acme Ltd",
"company_number": "12345678",
"company_country": "GB",
"industry": "technology",
"expected_monthly_volume": 50000
// ... additional fields vary by client configuration.
// Sensitive fields are excluded.
},
"people": [
{
"full_name": "Jane Smith",
"nationality": "GB",
"roles": ["director", "ubo"]
}
]
}
}
data fields
| Field | Type | Description |
|---|
applicationId | string | UUID of the submitted application |
submittedAt | string | ISO 8601 submission timestamp |
fields | object | Non-sensitive application fields (see note below) |
people | array | Confirmed people — full_name, nationality, roles only |
webhook.test
Sent when you click Send test in the dashboard.
{
"id": "evt_test789",
"type": "webhook.test",
"timestamp": "2026-01-15T12:00:00Z",
"applicationId": null,
"organizationId": "org_123",
"data": {
"message": "This is a test webhook from Klara."
}
}
Configuring webhooks
- Go to Settings → Integrations → Webhooks in your Klara dashboard
- Click Add Endpoint
- Enter your HTTPS URL and select the events you want to receive
- Copy the signing secret — you’ll need it to verify payloads
You can configure up to 5 webhook endpoints per organization. Webhook URLs must use HTTPS.
Delivery & retries
Klara delivers webhooks asynchronously. If your endpoint is unavailable, delivery is retried automatically:
| Property | Value |
|---|
| Timeout | 30 seconds per attempt |
| Max attempts | 5 (1 initial + 4 retries) |
| Backoff | Exponential (~12s, 2.5m, 30m, 6h) |
| Success | Any HTTP 2xx response |
Auto-disable
If an endpoint fails 5 consecutive deliveries (across any events), it is automatically disabled. You must re-enable it manually from the dashboard. The failure counter resets on any successful delivery.
Verifying signatures
Every webhook includes HMAC-SHA256 signatures so you can verify payloads are genuinely from Klara. See the Webhook Signatures guide for implementation details.
Best practices
- Respond quickly — return a
200 response before processing the event. Use a queue for heavy work.
- Handle duplicates — use the
id field for idempotency. The same event may be delivered more than once.
- Verify signatures — always validate the
X-Klara-Signature header before trusting the payload.
- Use HTTPS — webhook URLs must use HTTPS. HTTP URLs are rejected.
