Webhooks Overview

IDWise uses webhooks as a tool for real-time communication between IDWise's backend and customer backend. They provide a way for applications to get real-time data without polling, which can be inefficient and resource-draining. Webhooks can push data immediately when a specific event occurs on the IDWise backend.

Types of Webhooks

There are different types of webhooks designed to serve various purposes depending on the event that triggers them. Below is a table providing details of different types of webhooks and their descriptions:

Webhook TypeDescription
Finished JourneyTriggered when the journey is finalized and all processing on the IDWise backend is complete. At this point, the journey is ready and can be retrieved from IDWise's backend using the corresponding API.
Manually ReviewedThis webhook is triggered when the client's compliance team has completed a manual review using the IDWise dashboard, during which they may confirm or override the system's decision.
AML Monitor UpdateThe webhook is triggered whenever there is an update to a monitored AML record. For instance, if a person has been added to a sanctions list or is no longer considered politically exposed, the webhook will be activated.
Finished User StepsThis webhook is triggered when a user completes their ID verification journey, with all required elements (such as ID and Selfie) submitted to the IDWise backend. This webhook notifies the customer backend that the user steps have been completed, If any custom steps are necessary, the customer backend can initiate them at this point, such as submitting the face from the government database to compare it with the user’s selfie face.
Finished spot CheckTriggered when the spot check has been completed and the processing is finalised on the IDWise backend.

Webhook Protection:

We implement the following measures to enhance the security of webhooks:

  • Webhook Secret: Customers can secure their webhooks using various authorization mechanisms. IDWise supports basic authentication, bearer token authorization, or custom keys set in the headers for authorization purposes.
  • IP Whitelisting: Customers can configure their webhooks to accept requests only from specific IP ranges provided by IDWise, offering enhanced security and control over incoming requests.
  • No PII Data: Our webhook events are designed to strictly exclude personally identifiable information (PII). They function solely as notification mechanisms to inform the customer's backend of relevant events.

Webhook Sequence Diagram

The sequence diagram below provides a comprehensive view of all webhooks supported by IDWise, highlighting when each webhook is triggered and how customers consume these webhooks.