Prerequisites
- Before you get started, make sure you have either a GAPI user account with access to the Identity Enrollment Service
- You have existing knowledge of the GlobalGateway API.
- You have generated a Token using the Token Request API Endpoint
API Endpoint
The Enrollment API Endpoint is different from the standard GlobalGateway endpoint and should only be used to enroll an Entity into our Identity Enrolment Service for Ongoing Monitoring.
https://identity-enrollment.trulioo.com/Enrollment/CreateEnrollmentWithSubject
Webhook Authentication
Webhook authentication is recommended to ensure the security and integrity of the webhook from Trulioo. Authentication allows customers to verify that the webhook request is coming from Trulioo and has not been tampered with during transmission. Trulioo supports “No Webhook authentication”, “Basic Authentication”, or “OAuth Authentication” on the webhook URL.
For Ongoing Screening, a customer's webhook is pinged whenever an entity is rescanned against watchlists, adverse media, or PEPs.
Basic Authentication
Customers requiring Basic Authentication on their webhook will need to provide Trulioo with a username and password. The credentials will be base64 encoded and sent in the request header for each webhook.
Please reach out to Trulioo Support to enable this functionality.
Example webhook request from Trulioo to customer with basic authentication
POST {YOUR_WEBHOOK_URL} HTTP/1.1
Authorization: Basic <base64Encoded USERNAME_FOR_TRULIOO:PASSWORD_FOR_TRULIOO>
{
"VerificationDoneOnDate": "2023-12-28T22:19:26.8062956Z",
"EnrollmentId": "43fb1649-ed2b-42a6-9c58-21287cced4a7",
"MonitoringResult": {
"WatchlistState": "No Hit",
"WatchlistData": null,
"WatchlistFullName": "John Doe",
"WatchlistHitDetails": null
}
}
OAuth
To enable OAuth webhook authentication, customers will be required to provide Trulioo with the following:
- An endpoint for token generation. The token endpoint must have the request body grant_type of client_credentials.
- Client ID and Client Secret for Trulioo's access to your callback URL.
The bearer token generated will be sent in the request header for each webhook.
Please reach out to Trulioo Support to enable this functionality.
Example Authorization Request from Trulioo to Customer Webhook token endpoint
POST {YOUR_WEBHOOK_URL}/token HTTP/1.1
Authorization: Basic <base64Encoded CLIENTID_FOR_TRULIOO:CLIENTSECRET_FOR_TRULIOO>
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
Example webhook request from Trulioo to customer with bearer token authentication
POST {YOUR_WEBHOOK_URL} HTTP/1.1
Authorization: Bearer <BEARER TOKEN FROM AUTHORIZATION REQUEST>
{
"VerificationDoneOnDate": "2023-12-28T22:19:26.8062956Z",
"EnrollmentId": "43fb1649-ed2b-42a6-9c58-21287cced4a7",
"MonitoringResult": {
"WatchlistState": "No Hit",
"WatchlistData": null,
"WatchlistFullName": "John Doe",
"WatchlistHitDetails": null
}
}
Sample Enrollment Request
POST /Enrollment/CreateEnrollmentWithSubject
Host: identity-enrollment.trulioo.com
Authorization: Bearer BEARER_TOKEN
Content-Type: application/json
{
"CallbackUrl": "callbackUrl.com",
"Frequency": "Monthly",
"BusinessEntityToMonitor": {
"Subject": "Gringotts Wizarding Bank"
},
"SkipInitialCallback": false,
"CustomerReferenceId": "123456",
"ServiceName": "Watchlist"
}
Enrollment API Call
| FieldName | Required | Description |
|---|---|---|
| CallbackUrl | True | Callback URL/Webhook for customer endpoint on which to return individual information |
| Frequency | True | Frequency of re-querying by Ongoing Monitoring, possible values include: Weekly Monthly Quarterly Yearly |
| Subject | True | Name of Business or Entity |
| SkipInitialCallback | False | The default value is false (it does not need to be included in the API request). If set to true, the initial watchlist check will be deferred until the first scheduled check based on frequency. |
| CustomerReferenceId | False | Optional ID to cross-reference with the customer's database |
| ServiceName | True | The service name is Watchlist |
Sample API Response
{
"Version": "1.0.0",
"StatusCode": 200,
"Message": "POST Request successful.",
"Result": "EnrollmentID"
}
Sample Callback Response (WatchlistState = Hit)
{
"VerificationDoneOnDate": "2022-11-15T21:47:11.849303",
"EnrollmentId": "cf9ddaf7-9ed6-442c-8f8c-8c99455e9ab2",
"MonitoringResult": {
"WatchlistState": "Potential Hit",
"WatchlistData": {
"num_WL_hits": 2,
"num_AM_hits": 2
},
"WatchlistFullName": "Gringotts Wizarding Bank",
"WatchlistHitDetails": {
"WL_results": [{
"score": 1.0,
"subjectMatched": "Gringotts Wizarding Bank",
"entityName": "Gringotts Wizarding Bank",
"sourceListType": "FEDERAL - Fine - Breached Sanctions",
"sourceRegion": "United Kingdom",
"remarks": "Posted Date: 12/19/1973 | Letter Issue Date: 07/26/1973 | Subject: Breached Sanction Violation",
"caution": "The Gringotts Bank violated the Ministry of Magic sanctions and lent out a sum of 10,000 galleons to the Death Eaters for their marketing initiative",
"URL": "https://harrypotter.fandom.com/wiki/Gringotts_Wizarding_Bank"
},
{
"score": 0.95,
"subjectMatched": "Gringotts Bank",
"entityName": "Gringotts Banks",
"sourceListType": "MOM - Enforcement - Insufficient Security",
"sourceRegion": "United Kingdom",
"remarks": "Issuance Date: 1991-07-31",
"caution": "The Gringotts Bank has been fined 1,000 galleons by the Ministry of Magic for poor compliance and security and allowing the theft of an object of national importance",
"URL": "https://harrypotter.fandom.com/wiki/Break-in_of_Gringotts_Wizarding_Bank_(1991)"
}
],
"AM_results": [{
"score": 0.95,
"subjectMatched": "Gringotts Bank",
"text": "Investigations continue into the break-in at Gringotts on 31 July, widely believed to be the work of Dark wizards or witches unknown. Gringotts goblins today insisted that nothing had been taken. The vault that was searched had in fact been emptied the same day. But we're not telling you what was in there, so keep your noses out if you know what's good for you, said a Gringotts spokesgoblin this afternoon",
"URL": "https://harrypotter.fandom.com/wiki/Break-in_of_Gringotts_Wizarding_Bank_(1991)"
},
{
"score": 0.90,
"subjectMatched": "Gringotts",
"text": "Gringotts has recently won 2 new awards for compliance and security as the safety place to store objects except for Hogwarts",
"URL": "https://thedailyprophet.net/"
}
]
}
}
}
Sample Callback Response (WatchlistState = No Hit)
{
"VerificationDoneOnDate": "2023-12-28T22:19:26.8062956Z",
"EnrollmentId": "43fb1649-ed2b-42a6-9c58-21287cced4a7",
"MonitoringResult": {
"WatchlistState": "No Hit",
"WatchlistData": null,
"WatchlistFullName": "Business Ltd.",
"WatchlistHitDetails": null
}
}
Sample Unenrollment Request
DELETE /Enrollment/ENROLLMENTID
Host: identity-enrollment.trulioo.com
Authorization: Bearer BEARER_TOKEN
Sample Unenrollment Response
Enrollment deleted
Sample Update Frequency Request
PUT /Enrollment/ENROLLMENTID/frequency?frequencyName=NEWFREQUENCYINTERVAL
Host: identity-enrollment.trulioo.com
Authorization: Bearer BEARER_TOKEN
Frequency intervals can be found here
After the frequency update, the next scan will occur at "Date Frequency Changed + Frequency Interval." For example, if the frequency for an enrollment was updated from Monthly to Weekly on January 1st the next scan will be January 8th.
Sample Update Frequency Response
{
"Version": "1.0.0",
"StatusCode": 200,
"Message": "PUT Request successful.",
"Result": "successfully updated enrollment frequency to hourly by id d1102918-b1c9-4866-b533-1d4dbf657519"
}
Sample Get Enrollment History Request
This endpoint takes in EnrollmentID and returns all watchlist hits for the entity.
GET /Enrollment/History/ENROLLMENTID
Host: identity-enrollment.trulioo.com
Authorization: Bearer BEARER_TOKEN
Sample Get Enrollment History Response
{
"StatusCode": 200,
"Message": "GET Request successful.",
"Result": [
{
"VerificationDoneOnDate": "2023-04-27T17:02:56.080978",
"EnrollmentId": "91f4baa7-c3a0-42f9-826b-f95051c378dc",
"MonitoringResult": {
"WatchlistState": "Potential Hit",
"WatchlistData": {
"num_WL_hits": 1,
"num_AM_hits": 0,
"num_PEP_hits": 0
},
"WatchlistFullName": "Tom Marvolo Riddle",
"WatchlistHitDetails": {
"WL_results": [
{
"score": 1,
"individualName": "Tom Marvolo Riddle",
"aliasList": "Lord Voldemort; You-Know-Who; He-Who-Must-Not-Be-Named; The Dark Lord",
"identifier": "Unique ID: HW32189 | Azkaban ID: 14196",
"subjectMatched": "Tom Marvolo Riddle",
"dateOfBirth": "31/12/1926",
"nationality": "British",
"sourceListType": "Ministry of Magic Sanctions List",
"sourceRegion": "Europe",
"remarks": "Date Designated: 06/07/1945 | Last Updated: 18/12/1995 | Positions: Chief Death Eater",
"caution": "Sanctions Imposed: Asset freeze, Travel Ban, No Broom List",
"URL": "https://www.wizardingworld.com/"
}
],
"AM_results": [],
"PEP_results": []
}
}
}
]
}
Sample Resend Callback Request
The endpoint will resend the most recent response to the callback associated with the EnrollmentId
Note: Only the enrollment owner (the user who created the enrollment) can trigger this functionality.
POST /Enrollment/ENROLLMENTID/ResendCallback
Host: identity-enrollment.trulioo.com
Authorization: Bearer BEARER_TOKEN
Sample Resend Callback Response
{
"StatusCode": 200,
"Message": "POST Request successful.",
"Result": "successfully sent callback message"
}
{
"StatusCode": 200,
"Message": "POST Request successful.",
"Result": "successfully sent callback message"
}
POST /Enrollment/ENROLLMENTID/ResendCallback
Host: identity-enrollment.trulioo.com
Authorization: Bearer BEARER_TOKEN
Sample Resend Callback Response
{
"StatusCode": 200,
"Message": "POST Request successful.",
"Result": "successfully sent callback message"
}