> ## Documentation Index
> Fetch the complete documentation index at: https://docs.agribackup.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Receive a TRACES NT Clearance Status Webhook Event

> Inbound event from AgriBackup when TRACES NT posts a DDS clearance decision — validated, rejected, or pending — for a compliance declaration.

This endpoint describes an **inbound webhook event** that AgriBackup delivers to your registered callback URL when the TRACES NT system posts a clearance status update for a Due Diligence Statement (DDS) you submitted. You do not call this endpoint directly — AgriBackup calls your server.

When TRACES NT issues a clearance decision (e.g., `VALIDATED`, `REJECTED`, or `PENDING`), AgriBackup wraps the status update in a signed payload and delivers it to the URL you registered via [Register Webhook Endpoint](/sdks/enterprise-webhooks/register-webhook-endpoint). The payload is signed with `HMAC-SHA256` and included in the `X-AgriBackup-Signature` header — verify the signature before processing.

## Payload Shape

```json theme={null}
{
  "tracesReferenceNumber": "TRACES-2026-EU-000123",
  "status": "VALIDATED",
  "timestamp": "2026-06-12T14:30:00Z"
}
```

| Field                   | Type   | Required | Description                                                                  |
| ----------------------- | ------ | -------- | ---------------------------------------------------------------------------- |
| `tracesReferenceNumber` | string | ✅        | The official TRACES NT reference number for the DDS                          |
| `status`                | string | ✅        | Clearance decision from TRACES NT — e.g., `VALIDATED`, `REJECTED`, `PENDING` |
| `timestamp`             | string | —        | ISO-8601 timestamp of the clearance decision                                 |

## Handling the Event

Your endpoint must return HTTP `200 OK` to acknowledge receipt. A non-`2xx` response is treated as a delivery failure and triggers AgriBackup's standard retry policy. If retries are exhausted, the message is moved to the Dead-Letter Queue and can be retrieved via [Retrieve Permanently Failed Webhook Payloads](/sdks/enterprise-webhooks/retrieve-permanently-failed-webhook-payloads).

<CodeGroup>
  ```python Python theme={null}
  import hmac
  import hashlib
  from flask import Flask, request, abort

  app = Flask(__name__)
  SIGNING_SECRET = "whsec_YOUR_SIGNING_SECRET"

  @app.route("/agribackup-webhooks", methods=["POST"])
  def receive_clearance_webhook():
      raw_body = request.get_data()
      header_sig = request.headers.get("X-AgriBackup-Signature", "")

      computed = hmac.new(
          SIGNING_SECRET.encode("utf-8"),
          raw_body,
          hashlib.sha256,
      ).hexdigest()

      if not hmac.compare_digest(computed, header_sig):
          abort(401)

      payload = request.get_json()
      traces_ref = payload["tracesReferenceNumber"]
      status = payload["status"]

      # Update DDS record in your ERP
      print(f"DDS {traces_ref} is now {status}")
      return "", 200
  ```

  ```javascript Node.js theme={null}
  const crypto = require("crypto");
  const express = require("express");

  const app = express();
  const SIGNING_SECRET = "whsec_YOUR_SIGNING_SECRET";

  app.post(
    "/agribackup-webhooks",
    express.raw({ type: "application/json" }),
    (req, res) => {
      const headerSig = req.headers["x-agribackup-signature"] || "";
      const computed = crypto
        .createHmac("sha256", SIGNING_SECRET)
        .update(req.body)
        .digest("hex");

      if (!crypto.timingSafeEqual(Buffer.from(computed), Buffer.from(headerSig))) {
        return res.status(401).send("Invalid signature");
      }

      const payload = JSON.parse(req.body);
      const { tracesReferenceNumber, status } = payload;

      // Update DDS record in your ERP
      console.log(`DDS ${tracesReferenceNumber} is now ${status}`);
      res.sendStatus(200);
    }
  );
  ```
</CodeGroup>


## OpenAPI

````yaml post /api/v1/enterprise/eudr/clearance/webhook
openapi: 3.0.1
info:
  title: AgriBackup Enterprise EUDR API
  description: >-
    # Introduction


    AgriBackup is the cryptographic compliance engine for EU-bound commodity
    imports. Built on Deterministic Logic, Immutable Evidence, and
    High-Throughput Ingestion, our API provides Tier-1 enterprise routing for EU
    Deforestation Regulation (EUDR).


    ## The Integration Vector

    To integrate this Digital Trust Layer into your ERP, you must execute the
    following sequence:

    1. **Authentication:** Generate your `X-API-Key` from the client dashboard.

    2. **Telemetry:** Register your webhook URLs via `POST /webhooks`.

    3. **Ingestion:** Push your GeoJSON polygons via `POST /polygons`.

    4. **Logistics:** Lock the batch to a shipment via `POST /shipments/link`.


    ## Asynchronous Architecture

    Because satellite deforestation screening and Hedera DLT anchoring take
    time, ingestion endpoints return a `202 Accepted`. You must listen for the
    corresponding Webhook to confirm cryptographic execution.


    ## Base URLs

    * **Production:** `https://live.agribackup.com`

    * **Sandbox:** `https://sandbox.agribackup.com`
  contact:
    name: AgriBackup Architecture Team
    url: https://agribackup.com
    email: contact@agribackup.com
  license:
    name: Proprietary
    url: https://agribackup.com/terms
  version: v1.0
servers:
  - url: https://live.agribackup.com
    description: Production (Mainnet)
  - url: https://sandbox.agribackup.com
    description: Sandbox (Testnet)
security: []
tags:
  - name: Enterprise Risk Management
  - name: Enterprise Clearance Webhooks
    description: Asynchronous status receivers for TRACES NT
  - name: Enterprise Jobs
    description: Query status and metrics of asynchronous compliance jobs
  - name: Enterprise Suppliers
  - name: Enterprise Diagnostics
    description: Monitor API health, consensus ledger, and satellite systems availability
  - name: Enterprise Suppliers
    description: Map internal ERP vendor IDs to EU Operator UUIDs
  - name: Enterprise Webhooks
    description: Register endpoints for asynchronous compliance events
  - name: Enterprise Archival
    description: Endpoints for bulk compliance archiving and auditor extensibility
  - name: Enterprise Logistics
    description: Smart contract linking of batches to logistics shipments
  - name: Enterprise Declarations
    description: DDS generation with legal land tenure proofs
  - name: Enterprise Batches
  - name: Enterprise API Keys
  - name: Enterprise Diagnostics
  - name: Enterprise Logistics
  - name: Enterprise Jobs
  - name: Enterprise Evidence
    description: Cryptographic evidence ledger anchored on Hedera Hashgraph
  - name: Enterprise Declarations
  - name: Enterprise Credentials
  - name: Enterprise Evidence
  - name: Enterprise Risk Management
    description: Pre-assessment of country risk and satellite deforestation probabilities
  - name: Enterprise Batches
    description: Programmatic batch ingestion and management
  - name: Enterprise Polygons
  - name: Introduction
  - name: Enterprise Polygons
    description: Programmatic polygon ingestion and verification
  - name: Enterprise Archival
  - name: Enterprise Credentials
    description: Programmatic ingestion of vault-secured enterprise secrets
  - name: Enterprise API Keys
    description: Endpoints for managing B2B API Keys (Requires standard JWT login)
  - name: Enterprise Webhooks
paths:
  /api/v1/enterprise/eudr/clearance/webhook:
    post:
      tags:
        - Enterprise Clearance Webhooks
      summary: Receive TRACES NT Clearance Webhook
      operationId: handleClearanceWebhook
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/TracesWebhookPayload'
        required: true
      responses:
        '200':
          description: OK
          headers:
            X-RateLimit-Limit:
              description: >-
                The maximum number of requests you're permitted to make per
                hour.
              schema:
                type: integer
                format: int32
            X-RateLimit-Remaining:
              description: >-
                The number of requests remaining in the current rate limit
                window.
              schema:
                type: integer
                format: int32
            X-RateLimit-Reset:
              description: >-
                The time at which the current rate limit window resets in UTC
                epoch seconds.
              schema:
                type: integer
                format: int32
          content:
            '*/*':
              schema:
                type: object
                additionalProperties:
                  type: string
      x-codeSamples:
        - lang: Python
          source: >-
            import agribackup

            from agribackup.rest import ApiException


            # Initialize Client

            configuration =
            agribackup.Configuration(host="https://live.agribackup.com/api/v1")

            configuration.api_key['ApiKeyAuth'] = 'sk_live_YOUR_API_KEY'


            with agribackup.ApiClient(configuration) as api_client:
                try:
                    api_instance = agribackup.EnterpriseClearanceWebhooksApi(api_client)
                    response = api_instance.handle_clearance_webhook()
                    print(response)
                except ApiException as e:
                    print("Exception when calling API: %s\n" % e)
        - lang: Node.js
          source: |-
            import { AgriBackupClient } from '@agribackup/sdk';

            // Initialize Client
            const client = new AgriBackupClient({
              apiKey: 'sk_live_YOUR_API_KEY',
              baseUrl: 'https://live.agribackup.com/api/v1'
            });

            async function execute() {
              try {
                const response = await client.webhooks.handleClearanceWebhook();
                console.log(response);
              } catch (error) {
                console.error(error);
              }
            }
        - lang: Java
          source: |-
            import com.agribackup.client.*;
            import com.agribackup.client.api.*;
            import com.agribackup.client.model.*;

            public class Example {
                public static void main(String[] args) {
                    ApiClient defaultClient = Configuration.getDefaultApiClient();
                    defaultClient.setBasePath("https://live.agribackup.com/api/v1");
                    defaultClient.setApiKey("sk_live_YOUR_API_KEY");

                    EnterpriseClearanceWebhooksApi apiInstance = new EnterpriseClearanceWebhooksApi(defaultClient);
                    try {
                        Object result = apiInstance.handleClearanceWebhook();
                        System.out.println(result);
                    } catch (ApiException e) {
                        System.err.println("Exception when calling API: " + e.getResponseBody());
                    }
                }
            }
        - lang: C#
          source: |-
            using System;
            using System.Threading.Tasks;
            using AgriBackup.SDK.Api;
            using AgriBackup.SDK.Client;
            using AgriBackup.SDK.Model;

            class Program {
                static async Task Main() {
                    Configuration config = new Configuration();
                    config.BasePath = "https://live.agribackup.com/api/v1";
                    config.AddApiKey("ApiKeyAuth", "sk_live_YOUR_API_KEY");

                    var apiInstance = new EnterpriseClearanceWebhooksApi(config);
                    try {
                        var result = await apiInstance.HandleClearanceWebhookAsync();
                        Console.WriteLine(result);
                    } catch (ApiException e) {
                        Console.WriteLine("Exception when calling API: " + e.Message);
                    }
                }
            }
components:
  schemas:
    TracesWebhookPayload:
      required:
        - status
        - tracesReferenceNumber
      type: object
      properties:
        tracesReferenceNumber:
          type: string
        status:
          type: string
        timestamp:
          type: string

````