API Handshake


To initiate work with the Events API, it is essential to configure the Export API step within the Workflow Studio builder, assuming this has not been accomplished yet. The events transmitted to your Request URL might encompass sensitive data related to the information submitted in your flow. To guarantee that these events are conveyed to a server under your exclusive control, Trulioo needs to authenticate your ownership by issuing a challenge request.

Configuring the Export API Step

Configuring the Export API step involves setting up parameters and options within the Workflow Studio builder to ensure that your system can receive and handle events correctly. Make sure to follow the detailed instructions provided in the Navigator to complete this setup. This includes defining the Request URL, and enabling the events subscription.

Callback Verification Process

To ensure that these events are delivered to a server under your direct control, Trulioo will verify your ownership by issuing a challenge request. This step involves Trulioo sending a specific request to your server, which you need to respond to appropriately to confirm that you control the server in question.

Upon finalizing the configuration on the dashboard or subscribing to receive events on our endpoint, an HTTP POST will be dispatched to your callback (request) URL. We will verify your SSL certificate and send a JSON-formatted POST body containing three fields:

{  
  "challenge":"E5KUIHFDEKJS485RFU38H0B7CFNFMUCJMRDGN9UEYP0YJLGFGFC0DFGUB",  
  "type":"URL_VERIFICATION",  
  "token":"gmCKj87gjhKJKJh0JBP696F"  
}

Responding to the Challenge

Once you receive the event, complete the sequence by responding with an HTTP 200 status code and the challenge attribute value. This response verifies that you have successfully received the challenge and confirms your ownership of the server. Here is an example of how you might respond to the challenge request:

This procedure ensures that the server receiving the events is under your direct management, adding a layer of security to the data flow. By responding to the challenge request and verifying your SSL certificate, you help maintain the integrity and security of the data being transmitted between Trulioo and your application.