HomeDocumentationSupportRelease NotesSearch Box
Documentation

Webhook

Webhook

Trulioo provides webhooks to alert you of changes in the status of your transaction. These are POST requests to your server that are sent as soon as an event occurs. The body of the request contains details of the event.

Your endpoint must be an HTTPS webhook address with a valid SSL certificate that can correctly process event notifications.

Webhook Security

Once your server is configured to receive payloads, it'll listen for any payload sent to the endpoint you configured. For security reasons, you probably want to limit requests to those coming from Trulioo. There are a few ways to go about this (for example, you could opt to allow requests from Trulioo's IP address) but a far easier method is to set up a secret token and validate the information.

  1. On secure webhook requests, the Trulioo signs the webhook message using the secret key plus HMAC-SHA256 hashing algorithim to encode using hex, and will include the signature in the webhook request as a header x-trulioo-signature.

  2. The webhook listener receives the request and repeats the same steps — signs and encodes the webhook message using the secret key — and compares the resulting signature with the value sent in the request header. If the result matches, the request is considered legitimate.

Webhook Object

During a standard workflow, the webhook will receive event updates that will indicate the status of the transaction. Events are used to gather deeper insight into the process. At this time you cannot unsubscribe from any particular events

ATTRIBUTETypeDESCRIPTION
idStringThe identifier for the webhook
transactionIdStringTransaction Id that can be used to follow up on status details and verification results
clientIdStringOptional paramater used to sync external identifier
eventObjectEvent object containing information on the status of the transaction workflow
errorObjectError object that will follow standard format of Code & Message

POST

Webhook will need to accept a POST request at given url with the follow contract structure.

{
	"id":"",
	"transactionId":"",
	"clientId":"",
	"event":{
		"name":"",
		"type":"",
		"result":""
	},
	"error":{
		"code":0,
		"message":""
	}
}

Events

An event provides insight into the status and result of a transaction. PII is not emitted through an event or webhook and thus upon completion of a transaction you will need to request the transaction details for further insights.

NOTE: When using the Customer API only without our SDK, only the following events will be sent: create, image_processing, decision, abandon

NameTypeResultError CodeError Message
createtransactioncreated1101Error creating transaction
submittransactionsubmitted1102Error submitting transaction
decisiontransactionaccepted | review | declined1103Error getting transaction decision
abandontransactionabandoned1104Error on abandoned transaction
re_verificationtransactionstarted | completed1105Error on reverification transaction
document_verificationtransactionmanual1106Error on document verification transaction
facematchtransactionmanual1107Error on facematch transaction
desktop_to_mobilestepstarted | completed | restarted | error1201Error on desktop to mobile step type
biometric_policystepstarted | completed | error1202Error on biometric policy step type
welcomestepstarted | completed | error1203Error on welcome step type
document_selectstep step_metadatastarted | completed | canceled | error
user_action_document_selection: <document type>		1204Error on document select step type
jurisdiction_selectstep step_metadatastarted | completed | canceled | error
user_action_jurisdiction_country_selection: <country>
user_action_jurisdiction_selection		1205Error on jurisdiction step type
document_frontstep step_metadatastarted | completed | error
document_device_camera_resolution: <width: 1920p x height: 1080p>		1206Error on document front step type
document_backstep step_metadatastarted | completed | error
document_device_camera_resolution: <width: 1920p x height: 1080p>		1207Error on document back step type
selfiestep step_metadatastarted | completed | error
document_device_camera_resolution: <width: 1920p x height: 1080p>		1208Error on selfie step type
verificationstepstarted | completed | error1209Error on verification step type
introductionstepstarted | completed | error1210Error on introduction step type
country_selectstep step_metadatastarted | completed | canceled | error
user_action_country_selection		1211Error on country select step type
donestepstarted | completed | error1212Error on done step type
other_document_selectstep step_metadatastarted | completed | canceled | error
user_action_document_selection: <document type>		1213Error on other document select step type
camera_deniedstepstarted | completed | error1214Error on camera denied step type
document_instructionstepstarted | completed | canceled | error1215Error on document instruction step type
selfie_instructionstepstarted | completed | canceled | error1216Error on selfie instruction step type
unknownstep_metadata unrecognizedstarted | completed | restarted | canceled | no_result | error1100Unknown error
image_processingimageerror1217Image type must be one of: PNG, JPG, JPEG, TIFF, BMP, GIF, PDF, WEBP
image_processingimageerror1218Image cannot be correctly converted
image_processingimageerror1219PDF is password protected
image_processingimageerror1220Error extracting images from PDF

Retry logic
Upon receiving a webhook notification, you should acknowledge success by responding with an HTTP 20x response within 10 seconds.

Duplicate events
We guarantee at-least-once delivery of webhooks, which means that in rare occasions you may receive duplicate events. You should treat events as idempotent to avoid unwanted effects in your application.

Ordering
Trulioo doesn't guarantee order when delivering events. As a result, you may receive an event before another event that was created earlier. You should expect to receive them out of order and handle them accordingly.