Webhooks

Because digital identity scans involve analyzing large datasets across the web, WeCheck processes investigations asynchronously. Use Webhooks to receive real-time notifications when a scan completes or when specific risk patterns are detected.

Setting Up Your Endpoint

You can manage your webhook destination in the Developer Dashboard:

Endpoint URL: Provide a public HTTPS URL where WeCheck will send POST requests.
Events: Select the events you want to monitor (e.g., scan.completed, risk_flag.surfaced).

Security & Verification

To ensure a webhook request genuinely comes from WeCheck, every payload includes a signature in the header:

X-WeCheck-Signature: sha256=...

You should verify this signature using your Webhook Secret provided in the dashboard.

Retries & Delivery

We guarantee at-least-once delivery of webhook events:

Failed deliveries: If your server returns a non-2xx status code, WeCheck will retry delivery with an exponential backoff policy (up to 5 attempts).
Idempotency: We recommend handling events idempotently by checking the unique event_id in the JSON payload to avoid processing the same event twice.

Example Payload

{
  "event_id": "evt_12345abcde",
  "type": "scan.completed",
  "created_at": "2024-03-23T12:00:00Z",
  "data": {
    "scan_id": "scn_98765",
    "subject": "John Doe",
    "risk_score": 85,
    "status": "high_risk"
  }
}

Setting Up Your Endpoint​

Security & Verification​

Retries & Delivery​

Example Payload​

Setting Up Your Endpoint

Security & Verification

Retries & Delivery

Example Payload