Inbound Webhooks
The Nomba receiver that drives reconciliation.
This is the inbound receiver the bank provider posts to — it drives reconciliation. You don't call it; it's documented so you understand the flow. To receive events, register a webhook endpoint.
Always 200 for a valid signature
The receiver returns
200 even for duplicate, ignored, or unmatched events (so the provider stops retrying); the body says what happened. A bad/missing signature returns 401.HMAC-SHA256 verified
Requests are verified against your webhook secret over a canonical field string. Duplicates (same reference) are ignored — reconciliation is idempotent.
post
/webhooks/nombaNomba webhook receiver (HMAC-SHA256 verified).
Public
Responses
200Accepted (processed, duplicate, ignored, or unmatched).401Invalid or missing signature.
POST /webhooks/nomba
curl -X POST "https://api.xental.online/webhooks/nomba"post
/api/v1/webhooks/nombaNomba webhook receiver (HMAC-SHA256 verified).
Public
Responses
200Accepted (processed, duplicate, ignored, or unmatched).401Invalid or missing signature.
POST /api/v1/webhooks/nomba
curl -X POST "https://api.xental.online/api/v1/webhooks/nomba"