Developers

Webhooks

Receive verification, workflow, and review events in real time. Every payload is signed and delivered with automatic retries.

Event types

  • verification.completed — a verification finished with a final verdict.
  • verification.review_required — a case was routed to human review.
  • workflow.step_failed — a step in an automated workflow raised an error.
  • report.generated — a signed report PDF is ready to download.

Signature verification

Every webhook is signed with HMAC-SHA256. Verify the X-Veridexa-Signature header using your endpoint's signing secret before trusting a payload.

const expected = hmacSha256(body, secret);
if (!timingSafeEqual(header, expected)) return 401;

Delivery guarantees

At-least-once delivery with exponential backoff for 24 hours. Endpoints must respond with a 2xx within 10 seconds. Failed deliveries are available in the developer dashboard for replay.