Webhook Overview

Last updated 1 year ago

Was this helpful?

Webhook Overview

After the user passes the identity verification flow successfully, the system can notify you with the result details via your registered webhook.

To register your webhook, please sign in to the and specify the URL of your webhook on the API Keys page. There you also can get your client credentials.

On finish of the IDV flow, the system makes a POST request to your webhook with the results details in the request body represented as a MIME message where images are in separate parts.

To secure requests, the system sets the X-CLIENT-ID header to your Client ID and the X-SIGNATURE one to the hex-encoded SHA256 digest of the request body and your Client Secret.

To accept requests, please do the following:

Compare the X-CLIENT-ID header with your Client ID
Access the request body before it's parsed
Calculate the SHA 256 digest of the request body and your Client Secret
Compare the hex-encoded digest with the X-SIGNATURE header
Parse and handle the request body if they are identical
Response with the 200 status code

When your webhook is not accessible or responses with the status code that is not 200, the system retries an attempt in an hour and repeat attempts for a week, so you have time to fix issues on your side.

Below is an example specification of such webhook endpoint.

Webhook Endpoint Example

POST https://example.com/webhook

An example of a webhook endpoint.

Headers

Name

Type

Description

X-CLIENT-ID*

string

Your Client ID.

X-SIGNATURE*

string

The hex-encoded SHA256 digest of the request body and your Client Secret.

Content-Type*

string

Always multipart/form-data.

Request Body

Name

Type

Description

result*

string

The result details without images that are in separate parts.

croppedFrontImage*

object

The cropped image of the front document side of the first scanned document.

croppedBackImage*

object

The cropped image of the back document side of the first scanned document.

faceImage*

object

The portrait extracted from the first scanned document.

livenessFaceImage*

object

The face image taken on the liveness check.

croppedFrontImage2

object

The cropped image of the front document side of the second scanned document.

croppedBackImage2

object

The cropped image of the back document side of the second scanned document.

faceImage2

object

The portrait extracted from the second scanned document.

croppedFrontImage3

object

The cropped image of the front document side of the third scanned document.

croppedBackImage3

object

The cropped image of the back document side of the third scanned document.

faceImage3

object

The portrait extracted from the third scanned document.

addressProofDocument

object

The address proof document provided by the user.

PreviousAPI Reference NextAML Overview

Last updated 1 year ago

Was this helpful?

After the user passes the identity verification flow successfully, the system can notify you with the result details via your registered webhook.

To register your webhook, please sign in to the and specify the URL of your webhook on the API Keys page. There you also can get your client credentials.

On finish of the IDV flow, the system makes a POST request to your webhook with the results details in the request body represented as a MIME message where images are in separate parts.

To secure requests, the system sets the X-CLIENT-ID header to your Client ID and the X-SIGNATURE one to the hex-encoded SHA256 digest of the request body and your Client Secret.

To accept requests, please do the following:

Compare the X-CLIENT-ID header with your Client ID
Access the request body before it's parsed
Calculate the SHA 256 digest of the request body and your Client Secret
Compare the hex-encoded digest with the X-SIGNATURE header
Parse and handle the request body if they are identical
Response with the 200 status code

Below is an example specification of such webhook endpoint.

Webhook Endpoint Example

POST https://example.com/webhook

An example of a webhook endpoint.

Headers

Name

Type

Description

X-CLIENT-ID*

string

Your Client ID.

X-SIGNATURE*

string

The hex-encoded SHA256 digest of the request body and your Client Secret.

Content-Type*

string

Always multipart/form-data.

Request Body

Name

Type

Description

result*

string

The result details without images that are in separate parts.

croppedFrontImage*

object

The cropped image of the front document side of the first scanned document.

croppedBackImage*

object

The cropped image of the back document side of the first scanned document.

faceImage*

object

The portrait extracted from the first scanned document.

livenessFaceImage*

object

The face image taken on the liveness check.

croppedFrontImage2

object

The cropped image of the front document side of the second scanned document.

croppedBackImage2

object

The cropped image of the back document side of the second scanned document.

faceImage2

object

The portrait extracted from the second scanned document.

croppedFrontImage3

object

The cropped image of the front document side of the third scanned document.

croppedBackImage3

object

The cropped image of the back document side of the third scanned document.

faceImage3

object

The portrait extracted from the third scanned document.

addressProofDocument

object

The address proof document provided by the user.