Reading Webhook Reports
When WeCheck completes a scan, it delivers the result to your configured webhook endpoint as a JSON payload. This page explains how to interpret and act on that information: what each field means, how confidence scores should inform your decision logic, and how to handle flagged content.
For webhook setup and security (signature verification, retries), see Webhooks.
General Payload Structure
Each scan.completed event delivers a payload with the following top-level structure:
{
"event_id": "evt_12345abcde",
"type": "scan.completed",
"created_at": "2024-03-23T12:00:00Z",
"data": {
"scan_id": "scn_98765",
"subject": { ... },
"confidence_score": 87,
"risk_score": 72,
"risk_status": "high_risk",
"signal_clusters": { ... },
"flags": [ ... ]
}
}
| Field | Description |
|---|---|
event_id | Unique identifier for this webhook delivery — use it for idempotency checks. |
type | Event type: scan.completed, scan.failed, or risk_flag.surfaced. |
created_at | ISO 8601 timestamp of when the event was generated. |
data.scan_id | The unique ID of the completed scan. |
data.subject | Subject identifiers sent in the original scan request. |
data.confidence_score | WeCheck's confidence level that the discovered footprint belongs to the submitted subject (0–100). |
data.risk_score | Aggregate risk level of the discovered content (0–100). |
data.risk_status | Risk category: low_risk, moderate_risk, high_risk. |
data.signal_clusters | Breakdown of findings by source category. |
data.flags | Array of specific flagged items requiring manual review. |
Understanding Confidence Scores
The confidence_score reflects how strongly the discovered digital footprint matches the submitted subject — not the severity of the content found.
| Score Range | Label | Meaning |
|---|---|---|
| 80–100 | High Confidence | Strong visual match or multiple independent behavioral overlaps. Act on the findings. |
| 50–79 | Medium Confidence | Narrative and behavioral overlap, but no visual anchor. Review findings with appropriate skepticism. |
| < 50 | Low Confidence | Name-only match or ambiguous signals. Request additional information from the subject before acting. |
A high confidence score with no flags represents a clean result. A low score with flags indicates those flags are tentative — the footprint may not belong to the right person.
See AI Matching for a detailed explanation of how these scores are calculated.
Signal Clusters Breakdown
The signal_clusters object groups findings by the type of source where they were discovered:
"signal_clusters": {
"social_professional": { "profiles_found": 4, "risk_signals": 0 },
"public_contributions": { "profiles_found": 2, "risk_signals": 1 },
"news_media": { "mentions_found": 7, "risk_signals": 2 },
"interactive_assets": { "images_found": 12, "identity_confirmed": true }
}
| Cluster | Sources |
|---|---|
social_professional | LinkedIn, X/Twitter, Instagram, Facebook, professional networks. |
public_contributions | Reddit, forums, GitHub, blogs, StackOverflow. |
news_media | Local and international press, releases, publications. |
interactive_assets | Publicly shared images and videos — used for facial recognition anchoring. |
Reading Flagged Items
The flags array contains each specific item that sentiment and relationship agents identified as a potential risk signal:
"flags": [
{
"flag_id": "flg_001",
"category": "threatening_rhetoric",
"severity": "high",
"confidence": 91,
"source_platform": "Reddit",
"source_url": "https://reddit.com/...",
"published_at": "2023-11-14T08:32:00Z",
"excerpt": "...[content summary]...",
"context": "...[surrounding content for reviewer context]..."
}
]
| Field | Description |
|---|---|
category | Risk category: threatening_rhetoric, extremist_content, hate_speech, professional_misrepresentation, financial_misconduct, harassment. |
severity | low, medium, or high — reflects the assessed severity of this specific item. |
confidence | Likelihood that this is a genuine signal (not a false positive). |
source_platform | Platform where the content was found. |
excerpt | The specific content snippet that triggered the alert. |
context | Surrounding content to provide the reviewer with a complete picture. |
Suggested Decision Logic
WeCheck is a decision-support tool — your team defines the thresholds. A recommended starting framework:
if confidence_score >= 80 AND flags.length > 0:
→ Route to human review queue
if confidence_score >= 80 AND flags.length == 0:
→ Proceed (clean result)
if confidence_score >= 50 AND confidence_score < 80:
→ Apply enhanced review; assess flags with moderate skepticism
if confidence_score < 50:
→ Request additional subject information; do not act on flags alone
if risk_status == "high_risk":
→ Escalate to senior reviewer regardless of confidence score
Adjust thresholds according to your specific use case's risk tolerance — the standard for a low-access contractor is different from a CFO hire or a high-value financial onboarding.
Related Resources
- Webhooks: Endpoint setup and signature verification.
- AI Matching: How confidence scores are calculated.
- Sentiment Analysis: How flags are generated.
- API Reference: Full payload schema documentation.