# Webhook Payload Schema Reference
This reference describes each of the properties of the webhook payload schema.
The payload schema defines the structure of the data that you can pass in the webhook payload. Apono uses the [Handlebars](https://handlebarsjs.com/guide/) templating language to format expressions for certain data fields.
```json
{
"event_type": "string",
"event_time": "{seconds}.{nanos}",
"data": {
"id": "string",
"friendly_id": "string",
"requester": {
"id": "string",
"name": "string",
"email": "string"
},
"grantee": {
"id": "string",
"source_id": "string",
"name": "string",
"type": "string"
},
"justification": "string",
"creation_date": "{seconds}.{nanos}",
"revocation_date": "number",
"access_flow": {
"id": "string",
"name": "string"
},
"access_bundle": {
"id": "string",
"name": "string"
},
"access_duration_in_seconds": "number",
"access_groups": [
{
"integration": {
"id": "string",
"type": "string",
"name": "string"
},
"resource_types": [
{
"id": "string",
"name": "string",
"display_path": "string"
}
],
"access_units": [
{
"resource": {
"id": "string",
"name": "string",
"path": "string",
"type": {
"id": "string",
"name": "string",
"display_path": "string"
}
},
"permission": {
"id": "string",
"name": "string"
}
}
]
}
],
"approvals_logical_relation": "string",
"approvals": [
{
"name": "string",
"type": "string",
"status": "string",
"approver": {
"id": "string",
"name": "string",
"email": "string"
}
}
],
"custom_fields": {}
}
}
```
| Property | Description |
| ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **event\_type** string | Webhook trigger, corresponding to different [access request statuses](https://docs.apono.io/docs/access-requests-and-approvals/web-portal/requesting-access-with-web-portal#access-statuses) |
| **event\_time** float | Time of the event occurrence in epoch seconds.milliseconds |
| **data** object | Field containing an embedded object with contextual information about the triggering event
See data object.
|
### data object
| Property | Description |
| --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **id** string | Apono request ID |
| **friendly\_id** string | Human-readable ID that also appears in the Apono UI |
| **grantee** object | Metadata about the recipient of requested access
See data.grantee object
|
| **requester** object | Metadata about the user requesting access
See data.requester object
|
| **justification** string | Reason provided by requester for needing access |
| **creation\_date** float | Date the access request was created in epoch seconds.milliseconds |
| **revocation\_date** float | Date the access request was [revoked](https://docs.apono.io/docs/access-flows/revoking-access) in epoch seconds.milliseconds |
| **access\_flow** object | Metadata about a related access flow
See data.access\_flow object
|
| **access\_bundle** object | Metadata about a related access bundle
See data.access\_bundle object
|
| **access\_groups** object | Metadata about related integrations and resources that the requester wants to access
See data.access\_groups object
|
| **approvals\_logical\_relation** string | Whether the request requires one approver (`AnyOf` value) or all approvers within a group (`AllOf` value) |
| **approvals** object | Metadata about approved access requests
See data.approvals object
|
#### **data.grantee object**
| Property | Description |
| --------------------- | --------------------------------------------------------- |
| **id** string | Grantee's Apono ID |
| **source\_id** string | Grantee's ID, such as email or cloud provider ID like ARN |
| **name** string | Grantee's Apono username |
| **type** string | Identifies if the grantee is a human or machine |
#### **data.requester object**
| Property | Description |
| ---------------- | -------------------------- |
| **id** string | Requester's Apono ID |
| **name** string | Requester’s Apono username |
| **email** string | Requester’s email address |
#### **data.access\_flow object**
| Property | Description |
| --------------- | ----------------------------------------- |
| **id** string | Apono ID for the access flow |
| **name** string | Customer-created name for the access flow |
#### **data.access\_bundle object**
| Property | Description |
| --------------- | ------------------------------------------- |
| **id** string | Apono ID for the access bundle |
| **name** string | Customer-created name for the access bundle |
#### **data.access\_groups object**
| Property | Description |
| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **integration** object | Metadata about the integration that the requester wants to access
See data.access\_groups.integration object
|
| **resource\_types** object | Metadata about the resource types that the requester wants to access
See data.access\_groups.resource\_types object
|
| **access\_units** object | Metadata about the requested access unit, which is a pairing of a resource and a permission
See data.access\_groups.access\_units object
|
#### **data.access\_groups.integration object**
| Property | Description |
| --------------- | -------------------------------------------------------------------- |
| **id** string | Apono ID of the integration |
| **type** string | Type of resource the requester wants to access, such as *Postgresql* |
| **name** string | Customer-created resource name |
#### **data.access\_groups.resource\_types object**
| Property | Description |
| ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **id** string | Apono ID of the integration |
| **name** string | Display name for the resource |
| **display\_path** string | Logical, hierarchical container for the resource
For example, the display path for an AWS bucket resource type might be AWS-account/us-east/bucket/E2
|
#### **data.access\_groups.access\_units object**
| Property | Description |
| ---------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **resource** object | Metadata about the resource the requester wants to access
See data.access\_groups.access\_units.resource object
|
| **permissions** object | Metadata about resource permission granted to the requester
See data.access\_groups.access\_units.permissions object
|
#### **data.access\_groups.access\_units.resource object**
| Property | Description |
| --------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **id** string | Apono ID of the resource |
| **name** string | Customer-created name for the resource |
| **path** string | Physical path of the resource
For example, the path of a database would be database-name/table-name
|
| **type** object | Metadata about the resource type the requester wants to access
See data.access\_groups.access\_units.resource.type object
|
#### **data.access\_groups.access\_units.resource.type object**
| Property | Description |
| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **id** string | Apono ID of the resource type |
| **name** string | Name of the resource type |
| **display\_path** string | Logical, hierarchical container for the resource
For example, the display path for an AWS bucket resource type might be AWS-account/us-east/bucket/E2.
|
#### **data.access\_groups.access\_units.permissions object**
| Property | Description |
| --------------- | --------------------------------------------------------------------- |
| **id** string | Apono ID for the permission |
| **name** string | Name of the permission granted to the requester, such as **ReadOnly** |
#### **data.approvals object**
| Property | Description |
| ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **name** string | Name of the entity approving the request, which could be:
- A person
- A group, such as an Okta group
- A work shift
- The word Manager
|
| **type** string | Type of approver
Possible values:
- Person
- Group, such as an Okta group
- Shift, such as an on-call shift
- Manager
|
| **status** string | Status of the request
Possible values:
|
| **approver** object | Metadata about the person approving the access request
See data.approvals.approver object
|
#### **data.approvals.approver object**