API Call Instructions
Event Callback Flow

API Format
The synchronous event callback API uses POST, UTF-8 encoding, and JSON format. If the URL for receiving event callbacks is https://{app_domain}/callback, when your enterprise experiences organization or user changes, IDaaS pushes the changed business data to this callback address.
| Parameter | Description |
|---|---|
| Request URL | https://{app_domain}/callback |
| Request Method | POST |
| Request Header | Authorization: Bearer |
Request Parameters
| Parameter Name | Type | Description |
|---|---|---|
| nonce | String | Random number, used together with timestamp to prevent replay attacks. |
| timestamp | Integer | Timestamp, used together with nonce to prevent replay attacks. |
| eventType | String | Event type; see the event type list below. |
| data | String | Message body. When encryption is disabled, the plaintext message body is sent. When encryption is enabled, the encrypted message body is sent. Decrypt it to obtain the message content; the decrypted result contains two fields, random and msg, where msg is the plaintext message content. |
| signature | String | Message signature. When signing is disabled, the signature is an empty string. When signing is enabled, the signature is generated using the enterprise application's signing salt (signatureSaltValue), the request timestamp, nonce, and encrypted message body. |
Response Parameters
| Parameter Name | Type | Description |
|---|---|---|
| code | String | Returned code; 200 indicates success. For failure error codes, see the common return code description. |
| message | String | Error reason description when processing fails. |
| data | String | Returned message body. Different business callbacks require different content, such as returning an empty string or required business data. - When encryption is disabled, return the plaintext message body. - When encryption is enabled, return the encrypted message body. Decrypt it to obtain the message content; the decrypted result contains two fields, random and msg, where msg is the plaintext message content. |
Request Example
- Request example without message signing and encryption
json
{
"nonce": "123456",
"timestamp": 1783610513,
"eventType": "eventType",
"data": "明文的消息",
"signature": ""
}- Request example with message signing and encryption enabled
json
{
"nonce": "123456",
"timestamp": 1783610513,
"eventType": "eventType",
"data": "1ojvw2WPvW7LijxS8UvISr8pdDP+rXpPbcLGOmIBNbWetRg7IP0vdhkl",
"signature": "111108bb8e6dbce3c9671d6fdb69d15066227608"
}Response Example
Status Code: 200
Request succeeded
- Response body without message signing and encryption
json
{
"code": "200",
"message": "success",
"data": "明文的消息"
}- Response body with message signing and encryption enabled
json
{
"code": "200",
"message": "success",
"data": "P+rXpWetRg7IP0vdhVgkVwSoZBJeQwY2zhROsJq/HJ+q6tp1qhl9L1+c"
}