Comment on page
Webhook Overview
After the user passes the identity verification flow successfully, the system can notify you with the result details via your registered webhook.
To register your webhook, please sign in to the Customer Dashboard and specify the URL of your webhook on the API Keys page. There you also can get your client credentials.
On finish of the IDV flow, the system makes a POST request to your webhook with the results details in the request body represented as a MIME message where images are in separate parts.
To secure requests, the system sets the
X-CLIENT-ID
header to your Client ID
and the X-SIGNATURE
one to the hex-encoded SHA256 digest of the request body and your Client Secret
.To accept requests, please do the following:
- 1.Compare the
X-CLIENT-ID
header with yourClient ID
- 2.Access the request body before it's parsed
- 3.Calculate the SHA 256 digest of the request body and your
Client Secret
- 4.Compare the hex-encoded digest with the
X-SIGNATURE
header - 5.Parse and handle the request body if they are identical
- 6.Response with the
200
status code
When your webhook is not accessible or responses with the status code that is not
200
, the system retries an attempt in an hour and repeat attempts for a week, so you have time to fix issues on your side.Below is an example specification of such webhook endpoint.
post
https://example.com
/webhook
Webhook Endpoint Example
Last modified 3mo ago