Upon successful event/ticket action registration on the blockchain, a callback request (or multiple, depending on the action) will be issued to the URL given as callbackUrl at the time of event creation through the Stream step.
Due to the nature of blockchain, the process of writing transaction onto chain can sometimes be difficult to predict and because of that we treat it as an asynchronous process. By offering a webhook endpoint from within your own platform it makes it easy to receive updates on which promises are ready to be checked after an update (be it an error or a success processing on the blockchain) and which blockchain addresses have been created or added alongside the users in the Stream requests.
The callbackUrl must respond to secured communication over HTTPS.
The callback is considered successful if a 200 OK or 201 CREATED is returned. In any other case, the callback server will retry to deliver the message following an exponential backoff with up to 5 attempts.
The callbacks only contain ids to your records. This intentional. The callback will never contain any sensitive data. Secondly callbacks like these are susceptible to spoofing and replay attacks. Therefore you should retrieve the data yourself using the api.