Skip to main content

Webhook events

DPay Web EID sends webhook notifications for different types of verification session events.

POST/webhooks/dpayVerification event payload schema and signature headers.Full contract in the API Reference

Event list

EventDescription
verification.createdVerification session created
verification.completedVerification completed with a verified or inconclusive result
verification.failedVerification failed with a rejected result
verification.expiredSession expired because of its TTL or a DELETE call
verification.step_completedVerification step completed; sequential and dynamic modes only
verification.testTest webhook sent through POST /webhooks/{id}/test

You can subscribe to selected events or to all events with the ["*"] wildcard, which is the default.

Payload format

All webhooks use the same outer structure:

{
"id": "evt_550e8400-e29b-41d4-a716-446655440000",
"type": "verification.completed",
"created_at": "2026-04-07T10:35:00+00:00",
"data": {
"verification_session_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"external_id": "order-12345",
"status": "completed",
"provider": "bank_transfer",
"result_status": "verified"
}
}

Payload fields

FieldTypeDescription
idstringUnique event ID (evt_<uuid>), also sent in the X-Webhook-Id header
typestringEvent type from the list above
created_atdatetimeTime when the event was created by the HUB
data.verification_session_iduuidVerification session UUID
data.external_idstring|nullYour external identifier, if provided
data.statusstringSession status at the time of the event
data.providerstringProvider key such as bank_transfer or mobywatel
data.result_statusstring|nullResult status for completed and failed events only
info

The data.result_status field is present only in verification.completed and verification.failed events. Other event types do not contain this field.

HTTP headers

Every webhook request includes these headers:

HeaderDescriptionExample
X-Webhook-IdUnique event IDevt_550e8400-e29b-41d4-a716-446655440000
X-SignatureHMAC-SHA256 signaturesha256=abc123...
X-TimestampUnix timestamp when sent1712487300
Content-TypeContent typeapplication/json
User-AgentSender identifierDPayWebEID-Webhook/1.0

Always verify the X-Signature header before processing a payload. See HMAC signature.

Payload examples by event

verification.completed (verified)

{
"id": "evt_550e8400-e29b-41d4-a716-446655440000",
"type": "verification.completed",
"created_at": "2026-04-07T10:35:00+00:00",
"data": {
"verification_session_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"external_id": "order-12345",
"status": "completed",
"provider": "bank_transfer",
"result_status": "verified"
}
}

verification.failed (rejected)

{
"id": "evt_660e8400-e29b-41d4-a716-446655440001",
"type": "verification.failed",
"created_at": "2026-04-07T11:00:00+00:00",
"data": {
"verification_session_id": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"external_id": "order-67890",
"status": "failed",
"provider": "mobywatel",
"result_status": "rejected"
}
}

verification.expired

{
"id": "evt_770e8400-e29b-41d4-a716-446655440002",
"type": "verification.expired",
"created_at": "2026-04-07T11:30:00+00:00",
"data": {
"verification_session_id": "c3d4e5f6-a7b8-9012-cdef-234567890123",
"external_id": "order-99999",
"status": "expired",
"provider": "bank_transfer"
}
}

verification.step_completed

This event is sent after each step in sequential and dynamic modes.

{
"id": "evt_880e8400-e29b-41d4-a716-446655440003",
"type": "verification.step_completed",
"created_at": "2026-04-07T10:40:00+00:00",
"data": {
"verification_session_id": "d4e5f6a7-b8c9-0123-defa-345678901234",
"external_id": "scoring-12345",
"status": "processing",
"provider": "ais_psd2"
}
}

Retrieving the complete result

A webhook contains only basic information. To retrieve all data, including verified_data, confidence_score and rejection_reasons, call GET /verifications/{id}/result after receiving the webhook. See Verification results.