Gemba Finance AsyncAPI 0.1.0 documentation

Gemba Finance AsyncAPI 0.1.0

Event-driven APIs for the Gemba Finance platform. This specification documents all Kafka-based event streams and message channels used across Gemba services.

#notifications
#company-status
#cdc
#identity
#card-payouts
#support

Servers

kafka://bootstrap.testing-kafka-cluster.europe-west2.managedkafka.identity-dev-433210.cloud.goog:9092/kafkatesting
Testing environment Kafka cluster

object
string
required
Environment name used in topic naming (e.g., testing-notifications)

Security:
security.protocol:PLAINTEXT
object
#environment
kafka://bootstrap.production-kafka-cluster.europe-west2.managedkafka.services-prod-437113.cloud.goog:9092/kafkaproduction
Production Kafka cluster

object
string
required
Environment name used in topic naming (e.g., production-notifications)

Security:
security.protocol:PLAINTEXT
object
#environment

Operations

SEND ${{environment}}-notifications
Channel for notification commands to be processed by the notifications service. Messages are consumed by the notifications service and sent via Courier.

Topic format: {environment}-notifications Examples:

testing-notifications

production-notifications Partition key: userId (when available) to ensure ordered processing per user.
Publish notification command
Published when a service needs to send a notification (email, SMS, push)

Operation IDpublishNotification
Available only on servers:
- testing
- production
object
- #notifications
Accepts one of the following messages:
- #0Client Notification Command
  Command to send notification to a client
  application/json
  Message IDclientNotification
  object
  #notifications
  Examples
  #1 Example - MacrobankOutgoingPaymentExample
  Example macrobank outgoing payment notification
  { "type": "CLIENT_NOTIFICATION", "payload": { "to": { "clientId": "bd73b0c9-5816-da4f-27e5-a9bd2736f41c", "userId": "4cdd598a-bc3f-64e7-1029-0bc4ef85a71d" }, "template": "OUTGOING_PAYMENT_SENT", "data": { "clientName": "John Doe", "amountWithCurrency": "1,234.56 GBP", "beneficiaryName": "ACME Corporation Ltd" } } }
- #1Applicant Notification Command
  Command to send notification to an applicant (pre-client)
  application/json
  Message IDapplicantNotification
  object
  #notifications
  Examples
  { "type": "APPLICANT_NOTIFICATION", "notificationId": "2d591c23-85b1-4e8c-a6bd-74d89f8955c5", "correlationId": "string", "expiresAt": "2019-08-24T14:15:22Z", "payload": { "to": { "email": "user@example.com" }, "template": "REMINDER_TO_COMPLETE_ONBOARDING", "data": {}, "whiteLabel": { "domain": "string" } } }
  
  This example has been generated automatically.
- #2Internal Notification Command
  Command to send internal notifications (admin, support, etc.)
  application/json
  Message IDinternalNotification
  object
  #notifications
  Examples
  { "type": "INTERNAL_NOTIFICATION", "notificationId": "2d591c23-85b1-4e8c-a6bd-74d89f8955c5", "correlationId": "string", "expiresAt": "2019-08-24T14:15:22Z", "payload": { "to": { "staffPerson": "user@example.com", "channels": [ "email" ] }, "template": "NEW_APPLICANT_IN_HOLD", "data": {} } }
  
  This example has been generated automatically.
RECEIVE ${{environment}}-notifications
Channel for notification commands to be processed by the notifications service. Messages are consumed by the notifications service and sent via Courier.

Topic format: {environment}-notifications Examples:

testing-notifications

production-notifications Partition key: userId (when available) to ensure ordered processing per user.
Subscribe to notification commands
Consume notification commands for processing and delivery via Courier

Operation IDsubscribeNotificationCommands
Available only on servers:
- testing
- production
object
- #notifications
Accepts one of the following messages:
- #0Client Notification Command
  Command to send notification to a client
  application/json
  Message IDclientNotification
  object
  #notifications
  Examples
  #1 Example - MacrobankOutgoingPaymentExample
  Example macrobank outgoing payment notification
  { "type": "CLIENT_NOTIFICATION", "payload": { "to": { "clientId": "bd73b0c9-5816-da4f-27e5-a9bd2736f41c", "userId": "4cdd598a-bc3f-64e7-1029-0bc4ef85a71d" }, "template": "OUTGOING_PAYMENT_SENT", "data": { "clientName": "John Doe", "amountWithCurrency": "1,234.56 GBP", "beneficiaryName": "ACME Corporation Ltd" } } }
- #1Applicant Notification Command
  Command to send notification to an applicant (pre-client)
  application/json
  Message IDapplicantNotification
  object
  #notifications
  Examples
  { "type": "APPLICANT_NOTIFICATION", "notificationId": "2d591c23-85b1-4e8c-a6bd-74d89f8955c5", "correlationId": "string", "expiresAt": "2019-08-24T14:15:22Z", "payload": { "to": { "email": "user@example.com" }, "template": "REMINDER_TO_COMPLETE_ONBOARDING", "data": {}, "whiteLabel": { "domain": "string" } } }
  
  This example has been generated automatically.
- #2Internal Notification Command
  Command to send internal notifications (admin, support, etc.)
  application/json
  Message IDinternalNotification
  object
  #notifications
  Examples
  { "type": "INTERNAL_NOTIFICATION", "notificationId": "2d591c23-85b1-4e8c-a6bd-74d89f8955c5", "correlationId": "string", "expiresAt": "2019-08-24T14:15:22Z", "payload": { "to": { "staffPerson": "user@example.com", "channels": [ "email" ] }, "template": "NEW_APPLICANT_IN_HOLD", "data": {} } }
  
  This example has been generated automatically.

SEND ${{environment}}-company-status

Channel for company registry status update to be processed. Messages are published by job-company service when a company's status is updated in the official registry and requires action on Macrobank's site. Topic format: {environment}-company-status Examples:

testing-company-status
production-company-status

Update company status

Published when a company's registry status updated and requires action on Macrobanks's site (blocking, freezing).

Operation IDpublishCompanyStatus

Available only on servers:

testing
production

object

#company-status

Accepts the following message:

Company Status Event

Event published when a company's registry status is updated and requires action

application/json

Message IDcompanyStatusMessage

object

#company-status

Examples

#1 Example - GBR Company in Liquidation

GBR company in liquidation requiring full freeze

{
  "clientId": "bd73b0c9-5816-da4f-27e5-a9bd2736f41c",
  "companyNumber": "12345678",
  "country": "GBR",
  "action": "fully_frozen",
  "registryStatus": "liquidation",
  "registryStatusDetail": "voluntary-liquidation",
  "companyName": "Example Ltd",
  "timestamp": "2025-11-24T14:30:00Z",
  "source": "job-company"
}

#2 Example - GBR Company in Administration

GBR company in administration requiring debit blocking

{
  "clientId": "4cdd598a-bc3f-64e7-1029-0bc4ef85a71d",
  "companyNumber": "87654321",
  "country": "GBR",
  "action": "blocked_on_debit",
  "registryStatus": "administration",
  "registryStatusDetail": "voluntary-arrangement",
  "companyName": "Another Company Ltd",
  "applicantId": "550e8400-e29b-41d4-a716-446655440000",
  "timestamp": "2025-11-24T14:35:00Z",
  "correlationId": "trace-123-abc",
  "source": "job-company"
}

#3 Example - IMN Company Dissolved

IMN company dissolved requiring blocking

{
  "clientId": "7f8d9e0a-1b2c-3d4e-5f6g-7h8i9j0k1l2m",
  "companyNumber": "123456C",
  "country": "IMN",
  "action": "block",
  "registryStatus": "dissolved",
  "companyName": "Isle of Man Company Ltd",
  "timestamp": "2025-11-24T14:40:00Z",
  "source": "job-company"
}

RECEIVE ${{environment}}-company-status

testing-company-status
production-company-status

Subscribe to company status events

Consume company status updates to process blocking actions on Macrobank's site.

Operation IDsubscribeCompanyStatus

Available only on servers:

testing
production

object

#company-status

Accepts the following message:

Company Status Event

Event published when a company's registry status is updated and requires action

application/json

Message IDcompanyStatusMessage

object

#company-status

Examples

#1 Example - GBR Company in Liquidation

GBR company in liquidation requiring full freeze

{
  "clientId": "bd73b0c9-5816-da4f-27e5-a9bd2736f41c",
  "companyNumber": "12345678",
  "country": "GBR",
  "action": "fully_frozen",
  "registryStatus": "liquidation",
  "registryStatusDetail": "voluntary-liquidation",
  "companyName": "Example Ltd",
  "timestamp": "2025-11-24T14:30:00Z",
  "source": "job-company"
}

#2 Example - GBR Company in Administration

GBR company in administration requiring debit blocking

{
  "clientId": "4cdd598a-bc3f-64e7-1029-0bc4ef85a71d",
  "companyNumber": "87654321",
  "country": "GBR",
  "action": "blocked_on_debit",
  "registryStatus": "administration",
  "registryStatusDetail": "voluntary-arrangement",
  "companyName": "Another Company Ltd",
  "applicantId": "550e8400-e29b-41d4-a716-446655440000",
  "timestamp": "2025-11-24T14:35:00Z",
  "correlationId": "trace-123-abc",
  "source": "job-company"
}

#3 Example - IMN Company Dissolved

IMN company dissolved requiring blocking

{
  "clientId": "7f8d9e0a-1b2c-3d4e-5f6g-7h8i9j0k1l2m",
  "companyNumber": "123456C",
  "country": "IMN",
  "action": "block",
  "registryStatus": "dissolved",
  "companyName": "Isle of Man Company Ltd",
  "timestamp": "2025-11-24T14:40:00Z",
  "source": "job-company"
}

SEND ${{environment}}-card-payouts-aml
Channel for card payout AML check results. Data originates from CheckMarble webhooks: when an AML analyst reviews a held card payout decision, CheckMarble sends a webhook to the transactions service, which produces the result to this topic. Only final statuses (approved/declined) are published; items still on hold are not sent. Topic format: {environment}-card-payouts-aml Examples:

testing-card-payouts-aml

production-card-payouts-aml
Publish card payout AML result
Published by the transactions service when a CheckMarble webhook is received after an AML analyst reviews a held card payout decision. Only final statuses (approved/declined) are published.

Operation IDpublishCardPayoutAMLResult
Available only on servers:
- testing
- production
object
- #card-payouts
Accepts the following message:
Card Payout AML Result
AML check result for a card payout item, published after an analyst reviews a held decision
application/json
Message IDcardPayoutAMLResult
object
object
#card-payouts
Examples
#1 Example - Card Payout Approved
Payout item approved after AML review
{ "payoutItemId": "550e8400-e29b-41d4-a716-446655440000", "payoutsBatchId": "6a7c2f1e-b8d3-4e5f-9a2b-c1d4e5f6a7b8", "status": "approved" }

#2 Example - Card Payout Declined
Payout item declined after AML review
{ "payoutItemId": "660e8400-e29b-41d4-a716-446655440111", "payoutsBatchId": "6a7c2f1e-b8d3-4e5f-9a2b-c1d4e5f6a7b8", "status": "declined" }
RECEIVE ${{environment}}-card-payouts-aml
Channel for card payout AML check results. Data originates from CheckMarble webhooks: when an AML analyst reviews a held card payout decision, CheckMarble sends a webhook to the transactions service, which produces the result to this topic. Only final statuses (approved/declined) are published; items still on hold are not sent. Topic format: {environment}-card-payouts-aml Examples:

testing-card-payouts-aml

production-card-payouts-aml
Subscribe to card payout AML results
Consume AML check results for card payout items to process approved/declined payouts.

Operation IDsubscribeCardPayoutAMLResult
Available only on servers:
- testing
- production
object
- #card-payouts
Accepts the following message:
Card Payout AML Result
AML check result for a card payout item, published after an analyst reviews a held decision
application/json
Message IDcardPayoutAMLResult
object
object
#card-payouts
Examples
#1 Example - Card Payout Approved
Payout item approved after AML review
{ "payoutItemId": "550e8400-e29b-41d4-a716-446655440000", "payoutsBatchId": "6a7c2f1e-b8d3-4e5f-9a2b-c1d4e5f6a7b8", "status": "approved" }

#2 Example - Card Payout Declined
Payout item declined after AML review
{ "payoutItemId": "660e8400-e29b-41d4-a716-446655440111", "payoutsBatchId": "6a7c2f1e-b8d3-4e5f-9a2b-c1d4e5f6a7b8", "status": "declined" }
SEND ${{environment}}-card-payouts-nuvei
Channel for card payout events to be processed by Nuvei. Data originates from Nuvei webhooks: incoming webhook payloads are produced to this topic for async processing. Topic format: {environment}-card-payouts-nuvei Examples:

testing-card-payouts-nuvei

production-card-payouts-nuvei
Publish card payout event to Nuvei
Published when a Nuvei webhook is received, forwarding the payload for async processing.

Operation IDpublishCardPayoutNuvei
Available only on servers:
- testing
- production
object
- #card-payouts
Accepts the following message:
Card Payout Nuvei Message
Card payout event forwarded to Nuvei for processing
application/json
Message IDcardPayoutNuveiMessage
object
Payload forwarded to Nuvei (schema varies by operation)

object
#card-payouts
Examples
#1 Example - Card Payout Nuvei Event
Example card payout event forwarded to Nuvei
{ "payoutItemId": "550e8400-e29b-41d4-a716-446655440000", "payoutsBatchId": "6a7c2f1e-b8d3-4e5f-9a2b-c1d4e5f6a7b8", "status": "approved" }
RECEIVE ${{environment}}-card-payouts-nuvei
Channel for card payout events to be processed by Nuvei. Data originates from Nuvei webhooks: incoming webhook payloads are produced to this topic for async processing. Topic format: {environment}-card-payouts-nuvei Examples:

testing-card-payouts-nuvei

production-card-payouts-nuvei
Subscribe to card payout Nuvei events
Consume card payout events for Nuvei processing.

Operation IDsubscribeCardPayoutNuvei
Available only on servers:
- testing
- production
object
- #card-payouts
Accepts the following message:
Card Payout Nuvei Message
Card payout event forwarded to Nuvei for processing
application/json
Message IDcardPayoutNuveiMessage
object
Payload forwarded to Nuvei (schema varies by operation)

object
#card-payouts
Examples
#1 Example - Card Payout Nuvei Event
Example card payout event forwarded to Nuvei
{ "payoutItemId": "550e8400-e29b-41d4-a716-446655440000", "payoutsBatchId": "6a7c2f1e-b8d3-4e5f-9a2b-c1d4e5f6a7b8", "status": "approved" }
SEND ${{environment}}-cdc-events
Channel for Change Data Capture (CDC) events from the Macrobank database.

The CDC service monitors SQL Server change tracking tables and publishes events when transfer statuses change. Events are published for:

Internal transfers (between Gemba accounts)

International transfers (SWIFT/SEPA)

UK transfers (Faster Payments/BACS/CHAPS)

Messages contain Base64-encoded JSON payloads with routing metadata in Kafka headers.

Topic format: {environment}-cdc-events Examples:

testing-cdc-events

production-cdc-events
Publish CDC transfer event
Published by the CDC service when a transfer status changes in the Macrobank database.

The CDC service monitors SQL Server change tracking tables for the following document classes:

IncomingPayment

Outgoing_Payment_FReq (International transfers)

Outgoing_SEPAPAY_FReq (SEPA payments)

Outgoing_British_FReq (UK transfers)

EP_TRANSFER (Internal transfers)

When a document's status changes to an API-visible state, the CDC service:

Retrieves the full transfer payload from the database

Base64-encodes the JSON payload

Publishes to Kafka with routing headers (clientId, accountId, type)

For internal transfers, two events are published:

transfer.outgoing.changed to the sender

transfer.incoming.created to the recipient
Operation IDpublishCDCEvent
Available only on servers:
- testing
- production
object
- #cdc
Accepts the following message:
CDC Event Message
Change Data Capture event published when transfer statuses change in Macrobank
application/json
Message IDcdcEventMessage
CDC events are published when transfer statuses change in the Macrobank database. The CDC service monitors SQL Server change tracking tables and publishes events to Kafka for downstream consumers.

Message Structure

The message consists of:

Value: Base64-encoded JSON payload containing the transfer details

Headers: Kafka headers with routing metadata (clientId, accountId, type)

Event Types

The type header indicates the event type:

transfer.outgoing.changed - Outgoing transfer status changed (sender perspective)

transfer.incoming.created - Incoming transfer created (recipient perspective, internal transfers only)

Payload Types

The Base64-decoded payload contains one of:

InternalTransfer - For transfers between Gemba accounts

InternationalTransfer - For SWIFT/SEPA transfers

UKTransfer - For UK Faster Payments/BACS/CHAPS transfers

Processing

Consumers should:

Read the type header to determine event type

Base64-decode the message value

Parse the JSON payload according to the transfer type

Use clientId and accountId headers for routing/filtering

string
Base64-encoded JSON payload containing the transfer details.

When decoded, the payload is a JSON object matching one of:

InternalTransfer schema (for internal transfers)

InternationalTransfer schema (for international transfers)

UKTransfer schema (for UK transfers)

The specific schema depends on the source document class in the CDC change.

object
object
#cdc
Examples
#1 Example - Internal Transfer - Outgoing Changed
Status change for an outgoing internal transfer
eyJpZCI6IjEyM2U0NTY3LWU4OWItMTJkMy1hNDU2LTQyNjYxNDE3NDAwMCIsInN0YXR1cyI6ImRvbmUiLCJhY2NvdW50SWQiOiIyMzRlNTY3OC1lODliLTEyZDMtYTQ1Ni00MjY2MTQxNzQwMDAiLCJhbW91bnQiOjEwMDAwMCwiZmVlIjo1MDAsInRvdGFsIjoxMDA1MDAsImN1cnJlbmN5Q29kZSI6IkVVUiIsImRlc2NyaXB0aW9uIjoiTW9udGhseSByZW50IHBheW1lbnQiLCJyZWNpcGllbnROYW1lIjoiSm9obiBEb2UiLCJyZWNpcGllbnRBY2NvdW50TnVtYmVyIjoiREU4OTM3MDQwMDQ0MDUzMjAxMzAwMCIsImNyZWF0ZWRBdCI6IjIwMjQtMDktMTZUMTQ6MzI6MDBaIn0=

#2 Example - Internal Transfer - Incoming Created
New incoming internal transfer for recipient
eyJpZCI6IjEyM2U0NTY3LWU4OWItMTJkMy1hNDU2LTQyNjYxNDE3NDAwMCIsInN0YXR1cyI6ImRvbmUiLCJhY2NvdW50SWQiOiIzNDVmNjc4OS1lODliLTEyZDMtYTQ1Ni00MjY2MTQxNzQwMDAiLCJhbW91bnQiOjEwMDAwMCwiZmVlIjo1MDAsInRvdGFsIjoxMDA1MDAsImN1cnJlbmN5Q29kZSI6IkVVUiIsImRlc2NyaXB0aW9uIjoiTW9udGhseSByZW50IHBheW1lbnQiLCJyZWNpcGllbnROYW1lIjoiSm9obiBEb2UiLCJyZWNpcGllbnRBY2NvdW50TnVtYmVyIjoiREU4OTM3MDQwMDQ0MDUzMjAxMzAwMCIsImNyZWF0ZWRBdCI6IjIwMjQtMDktMTZUMTQ6MzI6MDBaIn0=

#3 Example - International Transfer - Outgoing Changed
Status change for an outgoing international transfer
eyJpZCI6IjQ1NmE3ODkwLWU4OWItMTJkMy1hNDU2LTQyNjYxNDE3NDAwMCIsInN0YXR1cyI6Imlucm9ncmVzcyIsImFjY291bnRJZCI6IjQ1NmE3ODkwLWU4OWItMTJkMy1hNDU2LTQyNjYxNDE3NDAwMCIsImFtb3VudCI6NTAwMDAwLCJmZWUiOjI1MDAsInRvdGFsIjo1MDI1MDAsImN1cnJlbmN5Q29kZSI6IlVTRCIsImRlc2NyaXB0aW9uIjoiSW52b2ljZSBwYXltZW50IiwicmVjaXBpZW50TmFtZSI6IkFjbWUgQ29ycCIsInJlY2lwaWVudEFjY291bnROdW1iZXIiOiJVUzEyMzQ1Njc4OTAiLCJyZWNpcGllbnRBY2NvdW50VHlwZSI6ImNvbXBhbnkiLCJyZWNpcGllbnRBZGRyZXNzIjoiMTIzIE1haW4gU3QsIE5ldyBZb3JrIiwicmVjaXBpZW50Q291bnRyeSI6IlVTIiwicmVjaXBpZW50UmVnaXN0cmF0aW9uTnVtYmVyIjoiVVMxMjM0NTY3ODkiLCJjaGFyZ2VzVHlwZSI6InNoYXJlZCIsImJhbmtOYW1lIjoiQmFuayBvZiBBbWVyaWNhIiwiYmFua0FkZHJlc3MiOiIxMDAgTiBUcnlvbiBTdCIsImJhbmtDb3VudHJ5IjoiVVMiLCJiYW5rQklDIjoiQk9GQVVTMk4iLCJjcmVhdGVkQXQiOiIyMDI0LTA5LTE2VDE0OjMyOjAwWiJ9

#4 Example - UK Transfer - Outgoing Changed
Status change for an outgoing UK transfer
eyJpZCI6IjU2N2I4OTAxLWU4OWItMTJkMy1hNDU2LTQyNjYxNDE3NDAwMCIsInN0YXR1cyI6ImRvbmUiLCJhY2NvdW50SWQiOiI1NjdiODkwMS1lODliLTEyZDMtYTQ1Ni00MjY2MTQxNzQwMDAiLCJhbW91bnQiOjEwMDAwMCwiZmVlIjo1MCwidG90YWwiOjEwMDA1MCwiY3VycmVuY3lDb2RlIjoiR0JQIiwiZGVzY3JpcHRpb24iOiJNb250aGx5IHJlbnQiLCJyZWNpcGllbnROYW1lIjoiSmFuZSBTbWl0aCIsInJlY2lwaWVudEFjY291bnROdW1iZXIiOiIxMjM0NTY3OCIsInJlY2lwaWVudEFjY291bnRUeXBlIjoiaW5kaXZpZHVhbCIsInR5cGUiOiJmYXN0ZXJfcGF5bWVudHMiLCJzb3J0Q29kZSI6IjEyMzQ1NiIsImJhbmtOYW1lIjoiQmFyY2xheXMgQmFuayIsImJhbmtBZGRyZXNzIjoiMSBDaHVyY2hpbGwgUGxhY2UsIExvbmRvbiIsImNyZWF0ZWRBdCI6IjIwMjQtMDktMTZUMTQ6MzI6MDBaIn0=

#1 Example - Internal Transfer - Outgoing Changed
Status change for an outgoing internal transfer
{ "clientId": "bd73b0c9-5816-da4f-27e5-a9bd2736f41c", "accountId": "234e5678-e89b-12d3-a456-426614174000", "type": "transfer.outgoing.changed" }

#2 Example - Internal Transfer - Incoming Created
New incoming internal transfer for recipient
{ "clientId": "4cdd598a-bc3f-64e7-1029-0bc4ef85a71d", "accountId": "345f6789-e89b-12d3-a456-426614174000", "type": "transfer.incoming.created" }

#3 Example - International Transfer - Outgoing Changed
Status change for an outgoing international transfer
{ "clientId": "7f8d9e0a-1b2c-3d4e-5f6a-7b8c9d0e1f2a", "accountId": "456a7890-e89b-12d3-a456-426614174000", "type": "transfer.outgoing.changed" }

#4 Example - UK Transfer - Outgoing Changed
Status change for an outgoing UK transfer
{ "clientId": "8a9b0c1d-2e3f-4a5b-6c7d-8e9f0a1b2c3d", "accountId": "567b8901-e89b-12d3-a456-426614174000", "type": "transfer.outgoing.changed" }
RECEIVE ${{environment}}-cdc-events
Channel for Change Data Capture (CDC) events from the Macrobank database.

The CDC service monitors SQL Server change tracking tables and publishes events when transfer statuses change. Events are published for:

Internal transfers (between Gemba accounts)

International transfers (SWIFT/SEPA)

UK transfers (Faster Payments/BACS/CHAPS)

Messages contain Base64-encoded JSON payloads with routing metadata in Kafka headers.

Topic format: {environment}-cdc-events Examples:

testing-cdc-events

production-cdc-events
Subscribe to CDC transfer events
Consume CDC events to react to transfer status changes.

Use Cases

Mobile/Web Push Notifications: Send real-time notifications to users when their transfers complete

Webhook Delivery: Trigger webhook callbacks to client systems

Analytics/Reporting: Track transfer metrics and generate reports

Audit Logging: Maintain audit trail of transfer status changes

Processing Guidelines

Idempotency: Events may be delivered more than once. Use the transfer id for deduplication.

Ordering: Events for the same type are ordered within a partition. Different event types may arrive out of order.

Filtering: Use Kafka headers to filter events by clientId, accountId, or type.

Schema Handling: The payload type varies based on the source transfer. Handle InternalTransfer, InternationalTransfer, and UKTransfer schemas.
Operation IDsubscribeCDCEvent
Available only on servers:
- testing
- production
object
- #cdc
Accepts the following message:
CDC Event Message
Change Data Capture event published when transfer statuses change in Macrobank
application/json
Message IDcdcEventMessage
CDC events are published when transfer statuses change in the Macrobank database. The CDC service monitors SQL Server change tracking tables and publishes events to Kafka for downstream consumers.

Message Structure

The message consists of:

Value: Base64-encoded JSON payload containing the transfer details

Headers: Kafka headers with routing metadata (clientId, accountId, type)

Event Types

The type header indicates the event type:

transfer.outgoing.changed - Outgoing transfer status changed (sender perspective)

transfer.incoming.created - Incoming transfer created (recipient perspective, internal transfers only)

Payload Types

The Base64-decoded payload contains one of:

InternalTransfer - For transfers between Gemba accounts

InternationalTransfer - For SWIFT/SEPA transfers

UKTransfer - For UK Faster Payments/BACS/CHAPS transfers

Processing

Consumers should:

Read the type header to determine event type

Base64-decode the message value

Parse the JSON payload according to the transfer type

Use clientId and accountId headers for routing/filtering

string
Base64-encoded JSON payload containing the transfer details.

When decoded, the payload is a JSON object matching one of:

InternalTransfer schema (for internal transfers)

InternationalTransfer schema (for international transfers)

UKTransfer schema (for UK transfers)

The specific schema depends on the source document class in the CDC change.

object
object
#cdc
Examples
#1 Example - Internal Transfer - Outgoing Changed
Status change for an outgoing internal transfer
eyJpZCI6IjEyM2U0NTY3LWU4OWItMTJkMy1hNDU2LTQyNjYxNDE3NDAwMCIsInN0YXR1cyI6ImRvbmUiLCJhY2NvdW50SWQiOiIyMzRlNTY3OC1lODliLTEyZDMtYTQ1Ni00MjY2MTQxNzQwMDAiLCJhbW91bnQiOjEwMDAwMCwiZmVlIjo1MDAsInRvdGFsIjoxMDA1MDAsImN1cnJlbmN5Q29kZSI6IkVVUiIsImRlc2NyaXB0aW9uIjoiTW9udGhseSByZW50IHBheW1lbnQiLCJyZWNpcGllbnROYW1lIjoiSm9obiBEb2UiLCJyZWNpcGllbnRBY2NvdW50TnVtYmVyIjoiREU4OTM3MDQwMDQ0MDUzMjAxMzAwMCIsImNyZWF0ZWRBdCI6IjIwMjQtMDktMTZUMTQ6MzI6MDBaIn0=

#2 Example - Internal Transfer - Incoming Created
New incoming internal transfer for recipient
eyJpZCI6IjEyM2U0NTY3LWU4OWItMTJkMy1hNDU2LTQyNjYxNDE3NDAwMCIsInN0YXR1cyI6ImRvbmUiLCJhY2NvdW50SWQiOiIzNDVmNjc4OS1lODliLTEyZDMtYTQ1Ni00MjY2MTQxNzQwMDAiLCJhbW91bnQiOjEwMDAwMCwiZmVlIjo1MDAsInRvdGFsIjoxMDA1MDAsImN1cnJlbmN5Q29kZSI6IkVVUiIsImRlc2NyaXB0aW9uIjoiTW9udGhseSByZW50IHBheW1lbnQiLCJyZWNpcGllbnROYW1lIjoiSm9obiBEb2UiLCJyZWNpcGllbnRBY2NvdW50TnVtYmVyIjoiREU4OTM3MDQwMDQ0MDUzMjAxMzAwMCIsImNyZWF0ZWRBdCI6IjIwMjQtMDktMTZUMTQ6MzI6MDBaIn0=

#3 Example - International Transfer - Outgoing Changed
Status change for an outgoing international transfer
eyJpZCI6IjQ1NmE3ODkwLWU4OWItMTJkMy1hNDU2LTQyNjYxNDE3NDAwMCIsInN0YXR1cyI6Imlucm9ncmVzcyIsImFjY291bnRJZCI6IjQ1NmE3ODkwLWU4OWItMTJkMy1hNDU2LTQyNjYxNDE3NDAwMCIsImFtb3VudCI6NTAwMDAwLCJmZWUiOjI1MDAsInRvdGFsIjo1MDI1MDAsImN1cnJlbmN5Q29kZSI6IlVTRCIsImRlc2NyaXB0aW9uIjoiSW52b2ljZSBwYXltZW50IiwicmVjaXBpZW50TmFtZSI6IkFjbWUgQ29ycCIsInJlY2lwaWVudEFjY291bnROdW1iZXIiOiJVUzEyMzQ1Njc4OTAiLCJyZWNpcGllbnRBY2NvdW50VHlwZSI6ImNvbXBhbnkiLCJyZWNpcGllbnRBZGRyZXNzIjoiMTIzIE1haW4gU3QsIE5ldyBZb3JrIiwicmVjaXBpZW50Q291bnRyeSI6IlVTIiwicmVjaXBpZW50UmVnaXN0cmF0aW9uTnVtYmVyIjoiVVMxMjM0NTY3ODkiLCJjaGFyZ2VzVHlwZSI6InNoYXJlZCIsImJhbmtOYW1lIjoiQmFuayBvZiBBbWVyaWNhIiwiYmFua0FkZHJlc3MiOiIxMDAgTiBUcnlvbiBTdCIsImJhbmtDb3VudHJ5IjoiVVMiLCJiYW5rQklDIjoiQk9GQVVTMk4iLCJjcmVhdGVkQXQiOiIyMDI0LTA5LTE2VDE0OjMyOjAwWiJ9

#4 Example - UK Transfer - Outgoing Changed
Status change for an outgoing UK transfer
eyJpZCI6IjU2N2I4OTAxLWU4OWItMTJkMy1hNDU2LTQyNjYxNDE3NDAwMCIsInN0YXR1cyI6ImRvbmUiLCJhY2NvdW50SWQiOiI1NjdiODkwMS1lODliLTEyZDMtYTQ1Ni00MjY2MTQxNzQwMDAiLCJhbW91bnQiOjEwMDAwMCwiZmVlIjo1MCwidG90YWwiOjEwMDA1MCwiY3VycmVuY3lDb2RlIjoiR0JQIiwiZGVzY3JpcHRpb24iOiJNb250aGx5IHJlbnQiLCJyZWNpcGllbnROYW1lIjoiSmFuZSBTbWl0aCIsInJlY2lwaWVudEFjY291bnROdW1iZXIiOiIxMjM0NTY3OCIsInJlY2lwaWVudEFjY291bnRUeXBlIjoiaW5kaXZpZHVhbCIsInR5cGUiOiJmYXN0ZXJfcGF5bWVudHMiLCJzb3J0Q29kZSI6IjEyMzQ1NiIsImJhbmtOYW1lIjoiQmFyY2xheXMgQmFuayIsImJhbmtBZGRyZXNzIjoiMSBDaHVyY2hpbGwgUGxhY2UsIExvbmRvbiIsImNyZWF0ZWRBdCI6IjIwMjQtMDktMTZUMTQ6MzI6MDBaIn0=

#1 Example - Internal Transfer - Outgoing Changed
Status change for an outgoing internal transfer
{ "clientId": "bd73b0c9-5816-da4f-27e5-a9bd2736f41c", "accountId": "234e5678-e89b-12d3-a456-426614174000", "type": "transfer.outgoing.changed" }

#2 Example - Internal Transfer - Incoming Created
New incoming internal transfer for recipient
{ "clientId": "4cdd598a-bc3f-64e7-1029-0bc4ef85a71d", "accountId": "345f6789-e89b-12d3-a456-426614174000", "type": "transfer.incoming.created" }

#3 Example - International Transfer - Outgoing Changed
Status change for an outgoing international transfer
{ "clientId": "7f8d9e0a-1b2c-3d4e-5f6a-7b8c9d0e1f2a", "accountId": "456a7890-e89b-12d3-a456-426614174000", "type": "transfer.outgoing.changed" }

#4 Example - UK Transfer - Outgoing Changed
Status change for an outgoing UK transfer
{ "clientId": "8a9b0c1d-2e3f-4a5b-6c7d-8e9f0a1b2c3d", "accountId": "567b8901-e89b-12d3-a456-426614174000", "type": "transfer.outgoing.changed" }
SEND ${{environment}}-identity-commands
Channel for user identity events published by the Identity Service.

The Identity Service publishes user events after processing WorkOS webhooks. These events are consumed by Macrobank to create/update remote_user records.

Events include the gemba_services_user_id as the external ID for Macrobank.

Topic format: {environment}-identity-commands Examples:

identity-commands (development)

testing-identity-commands

production-identity-commands

Event Ordering: All user-related events (user.created, user.updated, user.deleted, user.suspended) are published to a single topic to maintain ordering guarantees. Events are partitioned by gemba_services_user_id to ensure all events for the same user are processed in order.

Partition key: gemba_services_user_id to ensure ordered processing per user.
Publish user.created event
Published by Identity Service when a WorkOS user is created. The event is triggered by a WorkOS webhook and includes the generated gemba_services_user_id for Macrobank consumption.

Operation IDpublishUserCreated
Available only on servers:
- testing
- production
object
- #identity
Accepts the following message:
User Created Event
Event published when a new user is created in WorkOS
application/json
Message IDuserCreated
Published by the Identity Service when a WorkOS user is created.

This event is triggered by a WorkOS user.created webhook. The Identity Service:

Generates a unique gemba_services_user_id (UUID)

Stores the mapping in the database

Enriches user profile data

Publishes this event to Kafka

Macrobank consumes this event to create the corresponding remote_user record using gemba_services_user_id as the external_id.

Profile Data Mapping

When creating the remote_user record, Macrobank should map the following fields:

email → remote_user.email (or remote_user.CliLogin if email not available)

first_name → DocDataRemoteAccount.Name (maps to remote_user.FirstName)

last_name → DocDataRemoteAccount.Surname (maps to remote_user.LastName)

Matching WorkOS User to Macrobank Client

The macrobank_client_id field in the event payload contains the Macrobank client UUID. This is the recommended way to determine which Macrobank client the user belongs to.

Alternative methods (if macrobank_client_id is not available):

Via WorkOS Organization:

Use workos_org_id from the event

Query WorkOS organization API to get the macrobank-client-id custom attribute

This gives you the Macrobank client UUID

Via Macrobank remote_user (After Creation):

After creating remote_user with external_id = gemba_services_user_id

Query Macrobank remote_users table by external_id

Get remote_user.client_id (INT) which links to Macrobank clients table

Note: The Identity Service looks up macrobank_client_id from the organization_mappings table using workos_org_id. This mapping is established when Identity Service provisions WorkOS organizations from Macrobank client.created events.

object
object
#identity
Examples
#1 Example - User Created Example
Example user.created event
{ "source": "identity-service", "event_type": "user.created", "gemba_services_user_id": "550e8400-e29b-41d4-a716-446655440000", "workos_user_id": "user_01HZJXKQ8N7X9Y2Z3A4B5C6D7", "workos_org_id": "org_01HZJXKQ8N7X9Y2Z3A4B5C6D7", "macrobank_client_id": "bd73b0c9-5816-da4f-27e5-a9bd2736f41c", "profile_data": { "email": "user@example.com", "first_name": "John", "last_name": "Doe", "created_via": "workos_webhook" }, "timestamp": "2024-01-15T10:30:00Z" }
SEND ${{environment}}-identity-commands
Channel for user identity events published by the Identity Service.

The Identity Service publishes user events after processing WorkOS webhooks. These events are consumed by Macrobank to create/update remote_user records.

Events include the gemba_services_user_id as the external ID for Macrobank.

Topic format: {environment}-identity-commands Examples:

identity-commands (development)

testing-identity-commands

production-identity-commands

Event Ordering: All user-related events (user.created, user.updated, user.deleted, user.suspended) are published to a single topic to maintain ordering guarantees. Events are partitioned by gemba_services_user_id to ensure all events for the same user are processed in order.

Partition key: gemba_services_user_id to ensure ordered processing per user.
Publish user.updated event
Published by Identity Service when a WorkOS user is updated. The event is triggered by a WorkOS webhook and includes updated profile data for Macrobank consumption.

Operation IDpublishUserUpdated
Available only on servers:
- testing
- production
object
- #identity
Accepts the following message:
User Updated Event
Event published when a user is updated in WorkOS
application/json
Message IDuserUpdated
Published by the Identity Service when a WorkOS user is updated.

This event is triggered by a WorkOS user.updated webhook. The Identity Service:

Retrieves the existing gemba_services_user_id mapping

Updates the profile data

Publishes this event to Kafka

Macrobank consumes this event to update the corresponding remote_user record.

Profile Data Updates

Users can update their profile information in WorkOS, including:

email - Email address

first_name - First name

last_name - Last name

Other metadata fields

When Macrobank receives a user.updated event:

Email Updates:

Update remote_user.email (or remote_user.CliLogin if email is not available)

Name Updates:

Update DocDataRemoteAccount.Name with first_name (maps to remote_user.FirstName)

Update DocDataRemoteAccount.Surname with last_name (maps to remote_user.LastName)

Compliance Considerations:

WorkOS is the source of truth for user identities, so Macrobank should update the fields

Name changes may require compliance/KYC review depending on regulatory requirements

Macrobank may need to flag significant name changes for manual review

Consider triggering re-verification workflows for substantial name changes (e.g., complete name replacement)

Matching WorkOS User to Macrobank Client

The macrobank_client_id field in the event payload contains the Macrobank client UUID. This is the recommended way to determine which Macrobank client the user belongs to.

Alternative methods (if macrobank_client_id is not available):

Via WorkOS Organization:

Use workos_org_id from the event

Query WorkOS organization API to get the macrobank-client-id custom attribute

Via Macrobank remote_user:

Query Macrobank remote_users by external_id = gemba_services_user_id

Get the existing remote_user.client_id (INT) which links to Macrobank clients table

object
object
#identity
Examples
#1 Example - User Updated Example
Example user.updated event
{ "source": "identity-service", "event_type": "user.updated", "gemba_services_user_id": "550e8400-e29b-41d4-a716-446655440000", "workos_user_id": "user_01HZJXKQ8N7X9Y2Z3A4B5C6D7", "workos_org_id": "org_01HZJXKQ8N7X9Y2Z3A4B5C6D7", "macrobank_client_id": "bd73b0c9-5816-da4f-27e5-a9bd2736f41c", "profile_data": { "email": "user.updated@example.com", "first_name": "Jane", "last_name": "Smith", "updated_via": "workos_webhook" }, "timestamp": "2024-01-15T11:45:00Z" }
SEND ${{environment}}-identity-commands
Channel for user identity events published by the Identity Service.

The Identity Service publishes user events after processing WorkOS webhooks. These events are consumed by Macrobank to create/update remote_user records.

Events include the gemba_services_user_id as the external ID for Macrobank.

Topic format: {environment}-identity-commands Examples:

identity-commands (development)

testing-identity-commands

production-identity-commands

Event Ordering: All user-related events (user.created, user.updated, user.deleted, user.suspended) are published to a single topic to maintain ordering guarantees. Events are partitioned by gemba_services_user_id to ensure all events for the same user are processed in order.

Partition key: gemba_services_user_id to ensure ordered processing per user.
Publish user.deleted event
Published by Identity Service when a WorkOS user is deleted. The event is triggered by a WorkOS webhook. Macrobank consumes this event to deactivate or remove the corresponding remote_user record.

Operation IDpublishUserDeleted
Available only on servers:
- testing
- production
object
- #identity
Accepts the following message:
User Deleted Event
Event published when a user is deleted in WorkOS
application/json
Message IDuserDeleted
Published by the Identity Service when a WorkOS user is deleted.

This event is triggered by a WorkOS user.deleted webhook. The Identity Service:

Looks up the existing gemba_services_user_id mapping

Publishes this event to Kafka

Macrobank consumes this event to deactivate or remove the corresponding remote_user record.

Note: The user mapping in user_profile_mappings table is not deleted to maintain audit trail and historical references. The gemba_services_user_id remains valid for historical data integrity.

Matching WorkOS User to Macrobank Client

The macrobank_client_id field in the event payload contains the Macrobank client UUID. This is the recommended way to determine which Macrobank client the user belonged to.

Alternative methods (if macrobank_client_id is not available):

Via WorkOS Organization:

Use workos_org_id from the event

Query WorkOS organization API to get the macrobank-client-id custom attribute

Via Macrobank remote_user:

Query Macrobank remote_users by external_id = gemba_services_user_id

Get the existing remote_user.client_id (INT) which links to Macrobank clients table

object
object
#identity
Examples
#1 Example - User Deleted Example
Example user.deleted event
{ "source": "identity-service", "event_type": "user.deleted", "gemba_services_user_id": "550e8400-e29b-41d4-a716-446655440000", "workos_user_id": "user_01HZJXKQ8N7X9Y2Z3A4B5C6D7", "workos_org_id": "org_01HZJXKQ8N7X9Y2Z3A4B5C6D7", "macrobank_client_id": "bd73b0c9-5816-da4f-27e5-a9bd2736f41c", "timestamp": "2024-01-15T12:00:00Z" }
SEND ${{environment}}-identity-commands
Channel for user identity events published by the Identity Service.

The Identity Service publishes user events after processing WorkOS webhooks. These events are consumed by Macrobank to create/update remote_user records.

Events include the gemba_services_user_id as the external ID for Macrobank.

Topic format: {environment}-identity-commands Examples:

identity-commands (development)

testing-identity-commands

production-identity-commands

Event Ordering: All user-related events (user.created, user.updated, user.deleted, user.suspended) are published to a single topic to maintain ordering guarantees. Events are partitioned by gemba_services_user_id to ensure all events for the same user are processed in order.

Partition key: gemba_services_user_id to ensure ordered processing per user.
Publish user.suspended event
Published by Identity Service when a WorkOS user is suspended. The event is triggered by a WorkOS webhook. Macrobank consumes this event to suspend or deactivate the corresponding remote_user record.

Operation IDpublishUserSuspended
Available only on servers:
- testing
- production
object
- #identity
Accepts the following message:
User Suspended Event
Event published when a user is suspended in WorkOS
application/json
Message IDuserSuspended
Published by the Identity Service when a WorkOS user is suspended.

This event is triggered by a WorkOS user.suspended webhook. The Identity Service:

Looks up the existing gemba_services_user_id mapping

Publishes this event to Kafka

Macrobank consumes this event to suspend or deactivate the corresponding remote_user record.

Note: Suspension is typically a temporary state. The user mapping remains active in the user_profile_mappings table. If the user is later unsuspended, a user.updated event will be published.

Matching WorkOS User to Macrobank Client

The macrobank_client_id field in the event payload contains the Macrobank client UUID. This is the recommended way to determine which Macrobank client the user belongs to.

Alternative methods (if macrobank_client_id is not available):

Via WorkOS Organization:

Use workos_org_id from the event

Query WorkOS organization API to get the macrobank-client-id custom attribute

Via Macrobank remote_user:

Query Macrobank remote_users by external_id = gemba_services_user_id

Get the existing remote_user.client_id (INT) which links to Macrobank clients table

object
object
#identity
Examples
#1 Example - User Suspended Example
Example user.suspended event
{ "source": "identity-service", "event_type": "user.suspended", "gemba_services_user_id": "550e8400-e29b-41d4-a716-446655440000", "workos_user_id": "user_01HZJXKQ8N7X9Y2Z3A4B5C6D7", "workos_org_id": "org_01HZJXKQ8N7X9Y2Z3A4B5C6D7", "macrobank_client_id": "bd73b0c9-5816-da4f-27e5-a9bd2736f41c", "timestamp": "2024-01-15T12:15:00Z" }
RECEIVE ${{environment}}-identity-events
Channel for Macrobank events consumed by the Identity Service.

The Identity Service consumes events from Macrobank to provision and synchronize WorkOS organizations and user permissions. Events are published by Macrobank CDC when client or permission changes occur.

Topic format: {environment}-identity-events Examples:

testing-identity-events

production-identity-events

Note: These events may be published to separate topics (client.created, client.updated, permissions.updated) depending on the Macrobank CDC configuration.
Subscribe to client.created events
Consumes Macrobank client.created events to provision WorkOS organizations. When a new client is created in Macrobank, the Identity Service provisions a corresponding WorkOS organization and stores the mapping.

Operation IDsubscribeClientCreated
Available only on servers:
- testing
- production
object
- #identity
Accepts the following message:
Client Created Event
Event published when a new client is created in Macrobank
application/json
Message IDclientCreated
Published by Macrobank CDC when a new client is created.

The Identity Service consumes this event to:

Provision a corresponding WorkOS organization

Store the mapping between Macrobank client_id and WorkOS org_id

Set WorkOS organization metadata with the Macrobank client ID

Macrobank is the source of truth for clients. This event is published via CDC when a new client record is created in the Macrobank database.

object
object
#identity
Examples
#1 Example - Client Created Example
Example client.created event
{ "event_type": "client.created", "client_id": "bd73b0c9-5816-da4f-27e5-a9bd2736f41c", "client_name": "Acme Corporation", "domain": "acme.example.com", "source": "macrobank-cdc", "timestamp": "2024-01-15T09:00:00Z" }
RECEIVE ${{environment}}-identity-events
Channel for Macrobank events consumed by the Identity Service.

The Identity Service consumes events from Macrobank to provision and synchronize WorkOS organizations and user permissions. Events are published by Macrobank CDC when client or permission changes occur.

Topic format: {environment}-identity-events Examples:

testing-identity-events

production-identity-events

Note: These events may be published to separate topics (client.created, client.updated, permissions.updated) depending on the Macrobank CDC configuration.
Subscribe to client.updated events
Consumes Macrobank client.updated events to update WorkOS organizations. When a client is updated in Macrobank, the Identity Service updates the corresponding WorkOS organization.

Operation IDsubscribeClientUpdated
Available only on servers:
- testing
- production
object
- #identity
Accepts the following message:
Client Updated Event
Event published when a client is updated in Macrobank
application/json
Message IDclientUpdated
Published by Macrobank CDC when a client is updated.

The Identity Service consumes this event to:

Look up the corresponding WorkOS organization using the mapping table

Update the WorkOS organization (name, domains, metadata)

Macrobank is the source of truth for clients. This event is published via CDC when a client record is updated in the Macrobank database.

object
object
#identity
Examples
#1 Example - Client Updated Example
Example client.updated event
{ "event_type": "client.updated", "client_id": "bd73b0c9-5816-da4f-27e5-a9bd2736f41c", "client_name": "Acme Corporation Ltd", "domain": "acme-new.example.com", "source": "macrobank-cdc", "timestamp": "2024-01-15T10:15:00Z" }
RECEIVE ${{environment}}-identity-events
Channel for Macrobank events consumed by the Identity Service.

The Identity Service consumes events from Macrobank to provision and synchronize WorkOS organizations and user permissions. Events are published by Macrobank CDC when client or permission changes occur.

Topic format: {environment}-identity-events Examples:

testing-identity-events

production-identity-events

Note: These events may be published to separate topics (client.created, client.updated, permissions.updated) depending on the Macrobank CDC configuration.
Subscribe to permissions.updated events
Consumes Macrobank permissions.updated events to sync permissions to WorkOS. When user permissions are updated in Macrobank, the Identity Service updates the corresponding WorkOS user metadata.

Operation IDsubscribePermissionsUpdated
Available only on servers:
- testing
- production
object
- #identity
Accepts the following message:
Permissions Updated Event
Event published when user permissions are updated in Macrobank
application/json
Message IDpermissionsUpdated
Published by Macrobank CDC when user permissions are updated.

The Identity Service consumes this event to:

Look up the WorkOS user ID from external_id (gemba_services_user_id)

Update WorkOS user metadata with permission data

User Identification:

Macrobank uses external_id field in remote_users table to store gemba_services_user_id

The Identity Service looks up workos_user_id from user_profile_mappings table using gemba_services_user_id

This provides a direct mapping without needing reverse lookups or additional tables

Macrobank is the source of truth for permissions. This event is published via CDC when permission records are updated in the Macrobank database.

object
object
#identity
Examples
#1 Example - Permissions Updated Example
Example permissions.updated event
{ "event_type": "permissions.updated", "external_id": "550e8400-e29b-41d4-a716-446655440000", "permission_set_id": "premium-user", "permissions": [ "transactions.view", "transactions.create", "accounts.view" ], "source": "macrobank-cdc", "timestamp": "2024-01-15T12:00:00Z" }
SEND ${{environment}}-frontapp-incoming
Channel for FrontApp incoming events consumed by the Support service. Events (e.g. team replies) are produced by a webhook ingress that receives FrontApp HTTP callbacks and publishes to this topic. The Support service consumes messages and sends team replies to customers via Resend. Topic format: {environment}-frontapp-incoming Examples:

testing-frontapp-incoming

production-frontapp-incoming
Publish FrontApp event to Support
Published by the webhook ingress when a FrontApp HTTP callback is received. Payload is the same as the former FrontApp webhook body. Support service consumes and processes team replies (sends to customer via Resend).

Operation IDpublishFrontappIncoming
Available only on servers:
- testing
- production
object
- #support
Accepts the following message:
FrontApp Incoming Message
FrontApp webhook payload (direct message or wrapped event) forwarded for Support processing
application/json
Message IDfrontappIncomingMessage
oneOf
Same as former FrontApp webhook body. Exactly one of: direct message (message_uid required) or wrapped event (type, emitted_at, payload required). Support processes direct messages with type "custom" and !is_inbound as team replies (sends to customer via Resend).

object
#support
Examples
#1 Example - FrontApp team reply (direct message)
Team reply event processed by Support to send email via Resend
{ "message_uid": "msg_abc123", "type": "custom", "is_inbound": false, "subject": "Re: Your inquiry", "body": "<p>Thank you for your message.</p>", "recipients": [ { "role": "to", "handle": "customer@example.com" } ], "_links": { "related": { "conversation": "https://api2.frontapp.com/conversations/cnv_xyz" } } }
RECEIVE ${{environment}}-frontapp-incoming
Channel for FrontApp incoming events consumed by the Support service. Events (e.g. team replies) are produced by a webhook ingress that receives FrontApp HTTP callbacks and publishes to this topic. The Support service consumes messages and sends team replies to customers via Resend. Topic format: {environment}-frontapp-incoming Examples:

testing-frontapp-incoming

production-frontapp-incoming
Subscribe to FrontApp incoming events
Support service consumes from this topic. Team replies (type custom, is_inbound=false) are sent to customers via Resend.

Operation IDsubscribeFrontappIncoming
Available only on servers:
- testing
- production
object
- #support
Accepts the following message:
FrontApp Incoming Message
FrontApp webhook payload (direct message or wrapped event) forwarded for Support processing
application/json
Message IDfrontappIncomingMessage
oneOf
Same as former FrontApp webhook body. Exactly one of: direct message (message_uid required) or wrapped event (type, emitted_at, payload required). Support processes direct messages with type "custom" and !is_inbound as team replies (sends to customer via Resend).

object
#support
Examples
#1 Example - FrontApp team reply (direct message)
Team reply event processed by Support to send email via Resend
{ "message_uid": "msg_abc123", "type": "custom", "is_inbound": false, "subject": "Re: Your inquiry", "body": "<p>Thank you for your message.</p>", "recipients": [ { "role": "to", "handle": "customer@example.com" } ], "_links": { "related": { "conversation": "https://api2.frontapp.com/conversations/cnv_xyz" } } }
SEND ${{environment}}-resend-incoming
Channel for Resend incoming events consumed by the Support service. Events (e.g. email.received) are produced by a webhook ingress that receives Resend HTTP callbacks and publishes to this topic. The Support service consumes messages and forwards inbound emails to FrontApp. Topic format: {environment}-resend-incoming Examples:

testing-resend-incoming

production-resend-incoming
Publish Resend event to Support
Published by the webhook ingress when a Resend HTTP callback is received (e.g. email.received). Support service consumes and forwards inbound emails to FrontApp.

Operation IDpublishResendIncoming
Available only on servers:
- testing
- production
object
- #support
Accepts the following message:
Resend Incoming Message
Resend webhook payload (e.g. email.received) forwarded for Support processing
application/json
Message IDresendIncomingMessage
object
object
#support
Examples
#1 Example - Resend email.received
Inbound email event; Support retrieves full email and forwards to FrontApp
{ "type": "email.received", "created_at": "2026-02-25T10:00:00Z", "data": { "email_id": "em_abc123", "from": "customer@example.com", "to": [ "support@domain.com" ], "subject": "Question about my account" } }
RECEIVE ${{environment}}-resend-incoming
Channel for Resend incoming events consumed by the Support service. Events (e.g. email.received) are produced by a webhook ingress that receives Resend HTTP callbacks and publishes to this topic. The Support service consumes messages and forwards inbound emails to FrontApp. Topic format: {environment}-resend-incoming Examples:

testing-resend-incoming

production-resend-incoming
Subscribe to Resend incoming events
Support service consumes from this topic. email.received events are processed: full email is retrieved from Resend and forwarded to the FrontApp channel for the domain.

Operation IDsubscribeResendIncoming
Available only on servers:
- testing
- production
object
- #support
Accepts the following message:
Resend Incoming Message
Resend webhook payload (e.g. email.received) forwarded for Support processing
application/json
Message IDresendIncomingMessage
object
object
#support
Examples
#1 Example - Resend email.received
Inbound email event; Support retrieves full email and forwards to FrontApp
{ "type": "email.received", "created_at": "2026-02-25T10:00:00Z", "data": { "email_id": "em_abc123", "from": "customer@example.com", "to": [ "support@domain.com" ], "subject": "Question about my account" } }

Messages

#1Client Notification Command
Command to send notification to a client
- application/json
Message IDClientNotification
object
#notifications
#2Applicant Notification Command
Command to send notification to an applicant (pre-client)
- application/json
Message IDApplicantNotification
object
#notifications
#3Internal Notification Command
Command to send internal notifications (admin, support, etc.)
- application/json
Message IDInternalNotification
object
#notifications
#4Company Status Event
Event published when a company's registry status is updated and requires action
- application/json
Message IDCompanyStatus
object
#company-status
#5Card Payout AML Result
AML check result for a card payout item, published after an analyst reviews a held decision
- application/json
Message IDCardPayoutAMLResult
object
object
#card-payouts
#6Card Payout Nuvei Message
Card payout event forwarded to Nuvei for processing
- application/json
Message IDCardPayoutNuveiMessage
object
Payload forwarded to Nuvei (schema varies by operation)

object
#card-payouts
#7CDC Event Message
Change Data Capture event published when transfer statuses change in Macrobank
- application/json
Message IDCDCEvent
CDC events are published when transfer statuses change in the Macrobank database. The CDC service monitors SQL Server change tracking tables and publishes events to Kafka for downstream consumers.

Message Structure

The message consists of:

Value: Base64-encoded JSON payload containing the transfer details

Headers: Kafka headers with routing metadata (clientId, accountId, type)

Event Types

The type header indicates the event type:

transfer.outgoing.changed - Outgoing transfer status changed (sender perspective)

transfer.incoming.created - Incoming transfer created (recipient perspective, internal transfers only)

Payload Types

The Base64-decoded payload contains one of:

InternalTransfer - For transfers between Gemba accounts

InternationalTransfer - For SWIFT/SEPA transfers

UKTransfer - For UK Faster Payments/BACS/CHAPS transfers

Processing

Consumers should:

Read the type header to determine event type

Base64-decode the message value

Parse the JSON payload according to the transfer type

Use clientId and accountId headers for routing/filtering
string
Base64-encoded JSON payload containing the transfer details.

When decoded, the payload is a JSON object matching one of:

InternalTransfer schema (for internal transfers)

InternationalTransfer schema (for international transfers)

UKTransfer schema (for UK transfers)

The specific schema depends on the source document class in the CDC change.
object
object
#cdc
#8User Created Event
Event published when a new user is created in WorkOS
- application/json
Message IDUserCreated
Published by the Identity Service when a WorkOS user is created.

This event is triggered by a WorkOS user.created webhook. The Identity Service:

Generates a unique gemba_services_user_id (UUID)

Stores the mapping in the database

Enriches user profile data

Publishes this event to Kafka

Macrobank consumes this event to create the corresponding remote_user record using gemba_services_user_id as the external_id.

Profile Data Mapping

When creating the remote_user record, Macrobank should map the following fields:

email → remote_user.email (or remote_user.CliLogin if email not available)

first_name → DocDataRemoteAccount.Name (maps to remote_user.FirstName)

last_name → DocDataRemoteAccount.Surname (maps to remote_user.LastName)

Matching WorkOS User to Macrobank Client

The macrobank_client_id field in the event payload contains the Macrobank client UUID. This is the recommended way to determine which Macrobank client the user belongs to.

Alternative methods (if macrobank_client_id is not available):

Via WorkOS Organization:

Use workos_org_id from the event

Query WorkOS organization API to get the macrobank-client-id custom attribute

This gives you the Macrobank client UUID

Via Macrobank remote_user (After Creation):

After creating remote_user with external_id = gemba_services_user_id

Query Macrobank remote_users table by external_id

Get remote_user.client_id (INT) which links to Macrobank clients table

Note: The Identity Service looks up macrobank_client_id from the organization_mappings table using workos_org_id. This mapping is established when Identity Service provisions WorkOS organizations from Macrobank client.created events.
object
object
#identity
#9User Updated Event
Event published when a user is updated in WorkOS
- application/json
Message IDUserUpdated
Published by the Identity Service when a WorkOS user is updated.

This event is triggered by a WorkOS user.updated webhook. The Identity Service:

Retrieves the existing gemba_services_user_id mapping

Updates the profile data

Publishes this event to Kafka

Macrobank consumes this event to update the corresponding remote_user record.

Profile Data Updates

Users can update their profile information in WorkOS, including:

email - Email address

first_name - First name

last_name - Last name

Other metadata fields

When Macrobank receives a user.updated event:

Email Updates:

Update remote_user.email (or remote_user.CliLogin if email is not available)

Name Updates:

Update DocDataRemoteAccount.Name with first_name (maps to remote_user.FirstName)

Update DocDataRemoteAccount.Surname with last_name (maps to remote_user.LastName)

Compliance Considerations:

WorkOS is the source of truth for user identities, so Macrobank should update the fields

Name changes may require compliance/KYC review depending on regulatory requirements

Macrobank may need to flag significant name changes for manual review

Consider triggering re-verification workflows for substantial name changes (e.g., complete name replacement)

Matching WorkOS User to Macrobank Client

The macrobank_client_id field in the event payload contains the Macrobank client UUID. This is the recommended way to determine which Macrobank client the user belongs to.

Alternative methods (if macrobank_client_id is not available):

Via WorkOS Organization:

Use workos_org_id from the event

Query WorkOS organization API to get the macrobank-client-id custom attribute

Via Macrobank remote_user:

Query Macrobank remote_users by external_id = gemba_services_user_id

Get the existing remote_user.client_id (INT) which links to Macrobank clients table
object
object
#identity
#10User Deleted Event
Event published when a user is deleted in WorkOS
- application/json
Message IDUserDeleted
Published by the Identity Service when a WorkOS user is deleted.

This event is triggered by a WorkOS user.deleted webhook. The Identity Service:

Looks up the existing gemba_services_user_id mapping

Publishes this event to Kafka

Macrobank consumes this event to deactivate or remove the corresponding remote_user record.

Note: The user mapping in user_profile_mappings table is not deleted to maintain audit trail and historical references. The gemba_services_user_id remains valid for historical data integrity.

Matching WorkOS User to Macrobank Client

The macrobank_client_id field in the event payload contains the Macrobank client UUID. This is the recommended way to determine which Macrobank client the user belonged to.

Alternative methods (if macrobank_client_id is not available):

Via WorkOS Organization:

Use workos_org_id from the event

Query WorkOS organization API to get the macrobank-client-id custom attribute

Via Macrobank remote_user:

Query Macrobank remote_users by external_id = gemba_services_user_id

Get the existing remote_user.client_id (INT) which links to Macrobank clients table
object
object
#identity
#11User Suspended Event
Event published when a user is suspended in WorkOS
- application/json
Message IDUserSuspended
Published by the Identity Service when a WorkOS user is suspended.

This event is triggered by a WorkOS user.suspended webhook. The Identity Service:

Looks up the existing gemba_services_user_id mapping

Publishes this event to Kafka

Macrobank consumes this event to suspend or deactivate the corresponding remote_user record.

Note: Suspension is typically a temporary state. The user mapping remains active in the user_profile_mappings table. If the user is later unsuspended, a user.updated event will be published.

Matching WorkOS User to Macrobank Client

The macrobank_client_id field in the event payload contains the Macrobank client UUID. This is the recommended way to determine which Macrobank client the user belongs to.

Alternative methods (if macrobank_client_id is not available):

Via WorkOS Organization:

Use workos_org_id from the event

Query WorkOS organization API to get the macrobank-client-id custom attribute

Via Macrobank remote_user:

Query Macrobank remote_users by external_id = gemba_services_user_id

Get the existing remote_user.client_id (INT) which links to Macrobank clients table
object
object
#identity
#12Client Created Event
Event published when a new client is created in Macrobank
- application/json
Message IDClientCreated
Published by Macrobank CDC when a new client is created.

The Identity Service consumes this event to:

Provision a corresponding WorkOS organization

Store the mapping between Macrobank client_id and WorkOS org_id

Set WorkOS organization metadata with the Macrobank client ID

Macrobank is the source of truth for clients. This event is published via CDC when a new client record is created in the Macrobank database.
object
object
#identity
#13Client Updated Event
Event published when a client is updated in Macrobank
- application/json
Message IDClientUpdated
Published by Macrobank CDC when a client is updated.

The Identity Service consumes this event to:

Look up the corresponding WorkOS organization using the mapping table

Update the WorkOS organization (name, domains, metadata)

Macrobank is the source of truth for clients. This event is published via CDC when a client record is updated in the Macrobank database.
object
object
#identity
#14Permissions Updated Event
Event published when user permissions are updated in Macrobank
- application/json
Message IDPermissionsUpdated
Published by Macrobank CDC when user permissions are updated.

The Identity Service consumes this event to:

Look up the WorkOS user ID from external_id (gemba_services_user_id)

Update WorkOS user metadata with permission data

User Identification:

Macrobank uses external_id field in remote_users table to store gemba_services_user_id

The Identity Service looks up workos_user_id from user_profile_mappings table using gemba_services_user_id

This provides a direct mapping without needing reverse lookups or additional tables

Macrobank is the source of truth for permissions. This event is published via CDC when permission records are updated in the Macrobank database.
object
object
#identity
#15FrontApp Incoming Message
FrontApp webhook payload (direct message or wrapped event) forwarded for Support processing
- application/json
Message IDFrontappIncomingMessage
oneOf
Same as former FrontApp webhook body. Exactly one of: direct message (message_uid required) or wrapped event (type, emitted_at, payload required). Support processes direct messages with type "custom" and !is_inbound as team replies (sends to customer via Resend).

object
#support
#16Resend Incoming Message
Resend webhook payload (e.g. email.received) forwarded for Support processing
- application/json
Message IDResendIncomingMessage
object
object
#support

Servers

Security:

Security:

Operations

SEND ${{environment}}-notifications

Examples

#1 Example - MacrobankOutgoingPaymentExample

Examples

This example has been generated automatically.

Examples

This example has been generated automatically.

RECEIVE ${{environment}}-notifications

Examples

#1 Example - MacrobankOutgoingPaymentExample

Examples

This example has been generated automatically.

Examples

This example has been generated automatically.

SEND ${{environment}}-company-status

Examples

#1 Example - GBR Company in Liquidation

#2 Example - GBR Company in Administration

#3 Example - IMN Company Dissolved

RECEIVE ${{environment}}-company-status

Examples

#1 Example - GBR Company in Liquidation

#2 Example - GBR Company in Administration

#3 Example - IMN Company Dissolved

SEND ${{environment}}-card-payouts-aml

Examples

#1 Example - Card Payout Approved

#2 Example - Card Payout Declined

RECEIVE ${{environment}}-card-payouts-aml

Examples

#1 Example - Card Payout Approved

#2 Example - Card Payout Declined

SEND ${{environment}}-card-payouts-nuvei

Examples

#1 Example - Card Payout Nuvei Event

RECEIVE ${{environment}}-card-payouts-nuvei

Examples

#1 Example - Card Payout Nuvei Event

SEND ${{environment}}-cdc-events

Message Structure

Event Types

Payload Types

Processing

Examples

#1 Example - Internal Transfer - Outgoing Changed

#2 Example - Internal Transfer - Incoming Created

#3 Example - International Transfer - Outgoing Changed

#4 Example - UK Transfer - Outgoing Changed

#1 Example - Internal Transfer - Outgoing Changed

#2 Example - Internal Transfer - Incoming Created

#3 Example - International Transfer - Outgoing Changed

#4 Example - UK Transfer - Outgoing Changed

RECEIVE ${{environment}}-cdc-events

Use Cases

Processing Guidelines

Message Structure

Event Types

Payload Types

Processing

Examples

#1 Example - Internal Transfer - Outgoing Changed

#2 Example - Internal Transfer - Incoming Created

#3 Example - International Transfer - Outgoing Changed

#4 Example - UK Transfer - Outgoing Changed

#1 Example - Internal Transfer - Outgoing Changed

#2 Example - Internal Transfer - Incoming Created

#3 Example - International Transfer - Outgoing Changed

#4 Example - UK Transfer - Outgoing Changed

SEND ${{environment}}-identity-commands

Profile Data Mapping

Matching WorkOS User to Macrobank Client

Examples

#1 Example - User Created Example

SEND ${{environment}}-identity-commands

Profile Data Updates

Matching WorkOS User to Macrobank Client