The Safe Creative API can sometimes send your application different notifications through your callback URL, which you can enter when you request you API keys (or edit at any moment once your API key has been activated).

The callback is signed with the private key associated to your shared key and is ztime-stamped so you can verify the authenticity of the call. It's recommeded to define the callback url as https.

API callbacks have the following syntax:

{your callback URL}
?component=...
&ztime=...
&<callback parameters>
&signature=...

where component is the notification "type" or source.

Callback types

Notification of a work state change

{your callback URL}?code=0907240000817&component=workstate&date=1248523203872&state=REGISTERED&signature=b43f1942381b9ea77449932478e488e4ff43a244

• code: is the work code
• component: is the notification "type" or source
• date: serial timestamp, we'll change this to ztime on the next update
• state: can be PREREGISTERED or REGISTERED
• signature: is the sha1 of the sorted parameters (like the requests). The private key is the pair of the shared key.

User personal data modified ?authkey=5ykfbzoe5h6viy88texq7gay2 &component=user &date=20090709121016 &mail=sholmes%40baker.fake &state=modified &usercode=0907090000074 &signature=4a58bf48d67c67ed18bf1cff6a5208c060085938