Authento API
  • Welcome to Authento
  • Integration Guidance
    • Introduction
    • Address-Based Verification
      • Off-Chain Access Control
      • On-Chain Access Control
        • Digital Signature Verification
        • Merkel Proof Verification
    • Account-Based Verification
    • Webhooks
  • API Reference
    • General Information
    • Endpoints
      • Get Basic User Info
      • Get Full User Info
  • Authento-react
    • Getting Started
    • useSignature
    • useStatus
    • useTokenVerifyPopup
    • useVerifyPopup
Powered by GitBook
On this page
  • Configurations
  • Events
  • Webhook Verification
  • Webhook Logs
  1. Integration Guidance

Webhooks

PreviousAccount-Based VerificationNextGeneral Information

Last updated 1 year ago

A webhook is an HTTP Post request sent to the target URL upon the occurrence of specific events such as initialization or completion of verifications.

Due to security concerns, webhook payloads do not contain sensitive user information. To obtain the latest user information, please call the appropriate .

Configurations

To enable webhooks, go to the settings page in the and select the "Webhooks" tab. Here, you can

  • Enable/disable webhooks

  • Configure the target URL for webhooks

  • Configure the webhook secret (This is used to calculate webhook digests for verification purposes)

Events

Webhooks are triggered upon the occurrence of any of the following events.

Event
Description

PERMISSION_GRANTED

Information sharing permission granted by user.

PERMISSION_UPDATED

Information sharing permission updated by user.

INIT

Verification initialized

PENDING

All required documents and information have been collected. Verification is now pending review.

REVIEWED

Verification review completed

ON_HOLD

Verification is temporarily put on hold

INFO_UPDATED

User information has been updated

RESET

Verification has been reset

ADDRRESS_LINKED

Wallet address added to user account

ADDRRESS_UNLINKED

Wallet address removed from user account

At a minimum, you should set up your webhook handler to fetch user information and update your database records on PERMISSION_GRANTED, REVIEWED, ON_HOLD, and INFO_UPDATED to ensure user information is up to date.

The event type along with the latest verification status are included in the payload of the webhook.

Payload Sample

{
  "event": "REVIEWED",
  "userId": "khz3h1vqr0023ptxk3j8w0a78",
  "userIdentifier": "4c510784-368c-4e32-8750-90d71efa5c4d",
  "type": "INDIVIDUAL",
  "status": {
    "basic": "VERIFIED",
    "poa": "VERIFIED"
  },
  "timeCreated": 1687938817.611
}

Webhook Verification

To verify that a webhook was sent from Authento, you should:

  2. When a webhook is received, calculate the sha256 digest of the raw webhook payload in bytes.

  3. Compare the digest calculated and the value of the "X-PAYLOAD-DIGEST" header.

Webhook Logs

Webhooks which were not delivered successfully are automatically logged. You can view webhook logs and resend failed webhooks in the dashboard under settings -> webhook.

Configure the webhook secret on the .

Authento Dashboard
endpoints
Authento Dashboard
Webhook Settings