Nepex Travel API DocsGo to Profile

Webhooks

Submission update webhook delivery model and signature verification.

When an application’s status changes in Nepex, your registered webhook endpoint can receive a `submission.updated` (or similarly named) event so your systems stay in sync.

Each environment (Development, Staging, Production) can have its own callback URL, configured next to your API keys on the Nepex travel website.

When signature verification is enabled for your integration, Nepex includes an `X-Platform-Signature` header you can use to confirm the payload was sent by Nepex before processing it.

Webhook payload shape is stable for all statuses, and when status is `VISA_GRANTED` the payload also includes feedbackDocsUrl, remarks, and visaExpiryDate.

Webhook Payload: VISA_GRANTED

POST /your/webhook/endpoint HTTP/1.1
Host: partner.example.com
Content-Type: application/json
X-Platform-Event: submission.updated
X-Platform-Signature: sha256=8f6d6c3e9f6c0f6cc8d71cb6c4c1a9f93ad0d8f9b78d5d11f8dd0e35d8e8a111

{
  "event": "submission.updated",
  "timestamp": "2026-04-13T08:42:44.887Z",
  "agent": {
    "uuid": "b66aba1a-3f4c-4d80-ab05-a18dfe363776",
    "companyName": "My Travel Comp"
  },
  "submission": {
    "uuid": "e2bc3053-260c-4330-95f5-966839e036ef",
    "status": "VISA_GRANTED",
    "contactStatus": "NOT_CONTACTED",
    "visa": {
      "uuid": "dc012be3-e44a-4d82-92c3-154fb58f0d0a",
      "name": "Tourist Visa (Single Entry 30 Days)",
      "destinationCountry": "Ethiopia"
    },
    "applicant": {
      "firstName": "John",
      "lastName": "Doe",
      "email": "applicant@example.com",
      "phone": "+1234567890"
    },
    "feedbackDocsUrl": [
      "https://example.com/feedback-doc-1.pdf",
      "https://example.com/feedback-doc-2.pdf"
    ],
    "remarks": "Some Message",
    "visaExpiryDate": "2026-04-30T00:00:00.000Z"
  }
}

Includes `feedbackDocsUrl`, `remarks`, and `visaExpiryDate` when `submission.status` is `VISA_GRANTED`.

Webhook Payload: Other Status (RETURNED)

POST /your/webhook/endpoint HTTP/1.1
Host: partner.example.com
Content-Type: application/json
X-Platform-Event: submission.updated
X-Platform-Signature: sha256=8f6d6c3e9f6c0f6cc8d71cb6c4c1a9f93ad0d8f9b78d5d11f8dd0e35d8e8a111

{
  "event": "submission.updated",
  "timestamp": "2026-04-13T08:42:18.209Z",
  "agent": {
    "uuid": "b66aba1a-3f4c-4d80-ab05-a18dfe363776",
    "companyName": "My Travel Comp"
  },
  "submission": {
    "uuid": "e2bc3053-260c-4330-95f5-966839e036ef",
    "status": "RETURNED",
    "contactStatus": "NOT_CONTACTED",
    "visa": {
      "uuid": "dc012be3-e44a-4d82-92c3-154fb58f0d0a",
      "name": "Tourist Visa (Single Entry 30 Days)",
      "destinationCountry": "Ethiopia"
    },
    "applicant": {
      "firstName": "Ram",
      "lastName": "Magar",
      "email": "ram@mail.com"
    }
    "remarks": "Some Message",
  }
}

For non-`VISA_GRANTED` statuses, `feedbackDocsUrl`, `remarks`, and `visaExpiryDate` are omitted.

  • Event type is indicated via X-Platform-Event (or equivalent) — refer to the payload body for details
  • Verify signatures when provided; reject or quarantine payloads that fail verification
  • Endpoints should respond quickly; Nepex may retry failed deliveries with backoff