Webhooks

Subscribe to our webhooks to be notified on changes.

Intro

This page will guide you through managing and consuming webhooks sent by Travel Connection.

Subscriptions

To receive webhook events sent from Travel Connection, you must first create a subscription. You may create as many subscriptions as required, and each subscription can include any number of event types.

Each subscription must have a name and a valid, secure URL set. A secret key will be automatically generated upon subscription creation, which can be used for signature verification.

Subscriptions can be managed from the My Account area of the Agent Booking Hub.

URL validation

The subscription URL must be validated before the subscription becomes active. The URL simply needs to respond with a 2** status code to be marked as validated.

Payload signature

Each event payload will be signed with the subscription's secret key. As the webhook consumer, you should verify the payload signature at the subscription URL. You can do this by inspecting the X-Signature request header sent along with the payload.

An example of how to verify a payload signature is included below.

Payload structure

Each event type will dispatch a payload with the following structure:

{
  "subscription": 1,
  "event": {
    "type": "event.type.code",
    "data": {
      // ...
    }
  },
  "timestamp": "2025-05-30T11:47:32Z"
}

This contains the subscription ID, event type code, event data and the timestamp. The event data will change depending on the event type.## Event types

Event types

The following event types are sent from Travel Connection. Each event can be subscribed to within a subscription.

Football match kickoff changes

Code: football_match.kickoff.updated

This event is triggered when the kickoff date or time of a football match is changed. Football match kickoff times change for many reasons, including TV rescheduling and cup competitions.

This event is only triggered when a football match kickoff date or time changes. It will not trigger if the match did not previously have a date or time set.

Payload data:

{
  "product": {
    "id": 15655,
    "name": "Arsenal v Brighton & Hove Albion",
    "type": "football_match",
    "slug": "arsenal-v-brighton-hove-albion",
    "match": {
      "start": {
        "tz": "Europe/London",
        "local": "2025-05-31T22:30:00+01:00",
        "utc": "2025-05-31T21:30:00+00:00",
        "epoch": 1748727000
      },
      "time_confirmed": false,
      "home": 1001,
      "away": 1003,
      "competition": 401,
      "status": "Upcoming"
    },
    "event": null,
    "min_order": 1,
    "max_order": 99,
    "venue": 1003,
    "event_dates": [],
    "images": {
      "main": null,
      "thumb": null
    }
  }
}

Examples

Signature verification

$requestSignature = $request->getHeader('X-Signature');
$generatedSignature = hash_hmac('sha256', $request->getContent(), $secret);

if ($requestSignature === $generatedSignature) {
  // perform logic as expected
  
  return response(null, 204);
}

// do not treat request as safe and ignore

return response(null, 204);