Skip to main content

Documentation Index

Fetch the complete documentation index at: https://documentation.idenfy.com/llms.txt

Use this file to discover all available pages before exploring further.

How Webhooks Work

When a verification completes (or changes status), iDenfy sends an HTTP POST request to your configured webhook URL with the verification result. 
Customer completes verification

iDenfy processes (AI + human review)

POST webhook to your endpoint

Your server processes the result

Setting Up Webhooks

  1. Go to Dashboard → Settings → Webhooks
  2. Enter your webhook URL (must be HTTPS)
  3. Select which events to receive
Your webhook endpoint must respond with a 2xx status code within 10 seconds. If it doesn’t, iDenfy will retry the delivery.

Webhook Types

ServiceWebhook docsKey statuses
KYCKYC Webhooks →APPROVED, DENIED, SUSPECTED, EXPIRED
KYBKYB Webhooks →Company verification results
AMLAML Monitoring →Hit/no-hit on sanctions, PEPs, adverse media

Webhook Timing

iDenfy sends webhooks at different stages:
TimingWhenContains
InstantCustomer completes verification UIAuto-check results (AI)
PromptWithin minutesManual review results (human)
DelayedMonitoring triggersOngoing AML monitoring hits
The final field in the webhook payload indicates whether this is the definitive result. When final: true, iDenfy will not send any further webhooks for this verification.

Security

Always verify webhook authenticity:
  1. Callback signing — verify the HMAC signature on every webhook
  2. IP whitelisting — only accept requests from iDenfy’s IP ranges

Best Practices

  • Process asynchronously — acknowledge the webhook immediately (return 200), then process in the background
  • Handle duplicates — use scanRef as an idempotency key
  • Log everything — store the full webhook payload for debugging and compliance
  • Handle retries — if your endpoint is temporarily down, iDenfy will retry
  • Verify signatures — never trust an unsigned webhook in production