Decision webhook | Veriff.com

Most of the verification solutions use the decision webhook to post data about the verification decision, verified data and checks, and session info (e.g. session ID, attempt ID, different timestamps).

The payload is sent to Webhook decisions URL, which you need to set up the webhook in the Veriff Customer Portal.

→ See Webhooks Guide > Set up webhooks sub-section for detailed overview of the setup process

When is decision webhook sent?

In most cases Veriff sends the decision webhook instantly after a decision is made, with an exception to resubmission_requested status. In case resubmission is required, Veriff allows the end-user to resubmit the session data instantly without the need to exit the flow. If the end-user does not do it within 5 minutes, Veriff sends out a webhook with the resubmission_requested decision.

Prerequisites

Make sure you have access to the Veriff Customer Portal
1. If you do not, see the Getting Started → Sign up and Log in articles
Set up webhook URL(s) on your side and have them at hand
1. Make sure they match the Webhook URL requirements
2. Make sure your system is able to handle Webhooks receipt, delivery and resending requirements
Secure your communication, check the HMAC Authentication and Endpoint Security article
Make sure your system is able to handle the Backwards compatible changes

5.Proceed to Decision webhook setup section below

Decision webhook setup

Log in to the Veriff Customer Portal
Navigate to the Integrations page via the top menu and open the relevant integration
On the integration's page, select the Settings tab
Under the title Integration settings you see a list of webhooks
Fill in the Webhook decisions URL

→ See Webhooks Guide > Set up webhooks sub-section for detailed overview of the setup process

Additional notes

Driver's license categories extraction
Contact your Solutions Engineer who can activate the feature for your integration, so it is possible to extract the validFrom and validUntil dates from a driver's license.

riskScore parameter
This is a numerical value representing the overall risk associated with the session. Lower score indicates higher confidence in that the session is genuine.
In the API and webhooks payloads, the range is shown as an integer in the range of 0.0–1.0
In the Veriff Customer Portal, the range is shown as 1–100

pepSanctionMatch parameter
Warning: legacy field, may return incorrect result.
If you are running the AML checks, please see the watchlist-screening webhook for accurate data.
If you are running the UKDIATF M1B checks, accurate data is in the decision webhook payload, in verification.additionalVerifiedData.UKTFResult.PEP string.

Sample request

{
    "status": "success",
    "verification": {
        "id": "12df6045-3846-3e45-946a-14fa6136d78b",
        "attemptId": "00bca969-b53a-4fad-b065-874d41a7b2b8",
        "vendorData": "12345678",
        "endUserId": "a1b2c35d-e8f7-6d5e-3cd2-a1b2c35db3d4",
        "status": "approved",
        "code": 9001,
        "reason": null,
        "reasonCode": null,
        "decisionTime": "2019-11-06T07:18:36.916Z",
        "acceptanceTime": "2019-11-06T07:15:27.000Z",
        "person": {
            "firstName": "SARAH",
            "lastName": "MORGAN",
            "dateOfBirth": "1967-03-30",
            "gender": null,
            "nationality": null,
            "idNumber": null,
            "yearOfBirth": "1967",
            "placeOfBirth": "MADRID",
            "addresses": [
              {
                "fullAddress": "1234 Ridge Road, Indiana, 56789 USA",
                "parsedAddress": {
                    "city": null,
                    "unit": null,
                    "state": "Indiana",
                    "street": "1234 Ridge Road",
                    "country": "USA",
                    "postcode": "56789",
                    "houseNumber": "null"
                }
              }
            ],
            "fullName": "SARAH MORGAN",
            "occupation": "Engineer",
            "employer": "Any Company LLC",
            "foreignerStatus": "EXTRANJERO",
            "extraNames": "NOM D'USAGE",
            "title": "DR",
            "pepSanctionMatch": null,
            "citizenship": null,
        },
        "document": {
            "number": "MORGA753116SM9IJ",
            "validFrom": null,
            "validUntil": "2022-04-20",
            "type": "DRIVERS_LICENSE",            
            "country": "US",
            "state": "NY",
            "placeOfIssue": "ALBANY",
            "firstIssue": "2015-03-21",
            "issueNumber": "01",
            "issuedBy": "ISSUER",
            "remarks": "WORK PERMITTED",
            "nfcValidated": true,
            "residencePermitType": "C",
            "portraitIsVisible": "true",
            "signatureIsVisible": "true",
            "specimen": {
                "containsContactlessChip": false,
                "firstIssuedDate": "2020-01-01",
                "lastIssuedDate": "2021-01-02",
                "nistVersion": "1.2.3",
                "digitalDocument": true,
                "nonStandardDrivingLicense": false,
                "militaryDocument": false,
                "temporaryEmergencyDocument": false,
                "asylumRefugeeDocument": false,
                "ICAOStandardizedDocument": false,
                "notNationalIdCard": true,
                "legalStatus": "primary",
                "hasSecurityRisk": false
            }
        },
        "additionalVerifiedData": {
            "driversLicenseNumber": "1234569",  
            "driversLicenseCategory": {
                "B": true
            },
            "driversLicenseCategoryFrom": {
                "B": "2019-10-06"
            },
            "driversLicenseCategoryUntil": {
                "B": "2025-10-05"
            },
            "driversLicenseCategories": ["B", "C", "5", "6"],
            "estimatedAge": 32,
            "estimatedGender": 0.613,
            "processNumber": "12345678912 1234",        
            "cpfValidation": {
                "status": "CPF is validated",
                "cpfNumber": "123456789",
                "name": "SARAH MORGAN",
                "dateOfBirth": "1967-03-30",
                "yearOfDeath": null
            },
            "ineBiometricRegistryValidation": {
                "faceMatch": true,
                "faceMatchPercentage": 89,
                "responseStatus": "success"
            },
            "registryValidation": {
                "countryRegistry": "CO",
                "registryName": "resigo",
                "fullNameSimilarity": 80,
                "documentValid": true,
                "personIsAlive": true
            },
            "proofOfAddress": {
                "nameMatch": true,
                "nameMatchPercentage": 100.00
                "documentType": "UTILITY_BILL",,
                "fraud": {
                    "riskLevel": "HIGH_RISK",
                    "reason": "PDF_PROCESSED_BY_EDITOR",
                    "reasonDescription": "Document was processed using editing software",
                    "indicators": []
                }
            },
            "validationResults": [
               { 
                "registryName": "USA - Credit + US Identity Graph (US15)",
                "firstName": "MATCH",
                "lastName": "MATCH",
                "dateOfBirth": "NO_INPUT",
                "address": "PARTIAL_MATCH",
                "city": "MATCH",
                "state": "MATCH",
                "zip": "MATCH",
                "idNumber": "NO_DATA"
               }
            ]
        },
        "riskScore": {
            "score": 0.12
        },
         "riskLabels": [
        {
            "label": "document_integration_...",
            "category": "document",
            "sessionIds": ["5a2358e7-fd31-4fcb-a23f-4d76651ba68a"]
        }],
        "biometricAuthentication": {
            "matchedSessionId": "d40edb60-6ae6-4475-be72-84b81669cce6",
            "matchedSessionEndUserId": "a1b2c35d-e8f7-6d5e-3cd2-a1b2c35db3d4",
            "matchedSessionVendorData": "User001",
            "details": {
                ...
            }
        },
        "comments": []
    },
        "highRisk": false,
    "technicalData": {
        "ip": "186.153.67.122"
    }
  }

Request properties explained

*Always sent, irrespective of product or solution used

status: string* Status of the response
verification: object* Verification request decision object. null if decision is not available yet
- id: string* UUID v4 which identifies the verification session
- attemptId: string* UUID v4 of the attempt which received a status (as shown in verification.status field)
- vendorData: string | null* The unique identifier that you created for your end-user. null if not specified
- endUserId: string | null* The UUID that you created for your end-user. null if not specified
- status: string* Verification status, one of approved, declined, resubmission_requested, review, expired, abandoned
- code: integer* Verification session decision code, one of 9001, 9102, 9103, 9104, 9121. For more info, see the verification session decision codes
- reason: string | null* Reason why the verification failed
- reasonCode: integer | null* Reason code of the failed verification. For more info, see the possible codes for a failed verification
- decisionTime: string* Timestamp of the decision, represented as UTC YYYY-MM-DDTHH:MM:SS.SSS+Timezone Offset (ISO 8601)
- acceptanceTime: string* Timestamp of the session generation, represented as UTC YYYY-MM-DDTHH:MM:SS.SSS+Timezone Offset (ISO 8601)
- person: object* Data about the verified person
  firstName: string | null* Person's first name as written on the document
  lastName: string | null* Person's last name as written on the document
  dateOfBirth: string* Person’s date of birth, represented as YYYY-MM-DD
  gender: string | null* Person’s gender, represented as M or F, or null if not present
  nationality: string | null* Person’s nationality, represented as ISO 3166 alpha-2 or alpha-3 number
  idNumber: string | null* National identification number
  yearOfBirth: string | null* Person’s year of birth, represented as YYYY
  placeOfBirth: string | null* Person’s place of birth
  addresses: array Optional, depending on the integration
  fullAddress: string | null Address as single string
  parsedAddress: object Object with parsed fullAddress. Optional, depending on the integration
  city: string | null Any human settlement, including cities, towns, villages, hamlets, localities, etc.
  country: string | null Sovereign nations and their dependent territories (ISO-3166)
  houseNumber: string | null External (street-facing) building number
  postcode: string | null Postal codes used for mail sorting
  state: string | null A first-level administrative division
  street: string | null Street name
  unit: string | null An apartment, unit, office, lot, or other secondary unit designator
  fullName: string | null Full name of the person. Optional, only for Indian Aadhaar cards registry based verification
  occupation: string Occupation data from the document. Optional, depending on the integration
  employer: string Employer's name from the document. Optional, depending on the integration
  foreignerStatus: string Foreigner status field from the document. Optional, depending on the integration
  extraNames: string Additional name from the document. Optional, depending on the integration
  title : string Person’s title extracted from the document. Optional, depending on the integration
  ifeIdentifier: string | null The voter's card identifier (OCR). Optional, only for Mexican registries verification
  ineIdentifier: string | null The citizen's identifier (Identificador del Ciudadano). Optional, only for Mexican registries verification
  pepSanctionMatch: string | null Legacy field, may return incorrect result, should be ignored
  citizenship: null Deprecated, always returns null
- document: object* Verified document
  number: string | null* Document number, [a-zA-Z0-9] characters only
  type: string | null* Document type, one of PASSPORT, ID_CARD, RESIDENCE_PERMIT, DRIVERS_LICENSE, VISA, OTHER. For more info, see the Supported document types for IDV article
  country: string | null* Document issuing country, represented as ISO 3166 alpha-2 code
  state: string | null* Document issuing state, represented as ISO 3166 alpha-2 or alpha-3 code
  remarks: string Data extracted from document’s remarks field
  validUntil: string | null Document is valid until date, represented as YYYY-MM-DD. Optional, must be configured for your integration by the Solutions Engineer
  validFrom: string | null Document is valid from date, represented as YYYY-MM-DD. Optional, must be configured for your integration by the Solutions Engineer
  placeOfIssue: string | null Place where document was issued. Optional, depending on the integration
  firstIssue: string | null Date of document first issue, represented as YYYY-MM-DD. Optional, depending on the integration
  issueNumber: string | null Document issue number. Optional, depending on the integration
  issuedBy: string | null Document issuing authority. Optional, depending on the integration
  nfcValidated: boolean Indicates if the biometric document data has been successfully decoded. Optional, only when NFC validation has been enabled for the integration
  residencePermitType: string Type of the residence permit, as shown on the document. Optional, depending on the integration
  portraitIsVisible: boolean Indicates that the portrait image is visible in the session and its quality is sufficient to perform verification. Optional, depending on the integration
  signatureIsVisible: boolean Indicates that the signature is present on the document and readable to perform the verification. Optional, depending on the integration
  specimen: object Contains additional data about the particular document type. Optional, depending on integration
  containsContactlessChip: boolean Indicates if the document contains a contactless chip (NFC)
  firstIssuedDate: string Indicates the first issue date of the identity document template, as YYYY-MM-DD
  lastIssuedDate: string Indicates the last issue date of the identity document template, as YYYY-MM-DD
  nistVersion: string Indicates the version of the US National Institute of Standards and Technology guidelines
  digitalDocument: boolean Indicates if the document is a digital template identity document
  nonStandardDrivingLicense: boolean Indicates if the driving permit is different from the standard driver's licence (e.g. it is a learner's license, temporary driver's license, permit to drive boats)
  militaryDocument: boolean Indicates if the document is issued to a military personnel/staff or personnel's family
  temporaryEmergencyDocument: boolean Indicates if the document is a temporary identity document
  asylumRefugeeDocument: boolean Indicates if it is a document that is issued exclusively to asylum seekers or refugees
  ICAOStandardizedDocument: boolean Indicates if the document is under the standards of International Civil Aviation Organization
  notNationalIdCard: boolean Indicates if the identity card is not a national ID card (e.g., social security card, tax ID, electoral ID)
  legalStatus: string | null Indicates the legal status of the identity document in the country of issuance. One of primary, secondary, tertiary, indicating to what extent the document is accepted as legal proof of identity
  hasSecurityRisk: boolean Indicates if the document has properties that can increase the chance of document tampering
- additionalVerifiedData: object Data that has been optionally verified for the session. Optional, depending on the integration
  driversLicenseNumber: string Number of the driver's license. Optional, depending on the integration
  driversLicenseCategory: object Indicates the driver’s licence category/ies. Optional, the presence of this property depends on drivers licence category extraction being enabled for the integration.
  B: Boolean | null
  driversLicenseCategoryFrom: object Date when the driving license category was obtained. Optional, depending on the integration
  B: string | null Category is valid from date, represented as YYYY-MM-DD
  driversLicenseCategoryUntil: object Driving license category expiry date. Optional, depending on the integration
  B: string | null Category is valid until date, represented as YYYY-MM-DD
  driversLicenseCategories: array List of category types visible on the driver's license
  estimatedAge: number Estimated age. Optional, depending on the integration
  estimatedGender: number Estimated gender, values closer to 0.0 indicate 'male', values closer to 1.0 indicate 'female'. Optional, depending on the integration
  UKTFCheckResult: array Array of UK DIATF checks results. Optional, only for customers with Veriff UK DIATF solution
  CIFAS: string CIFAS [↗]registry check result
  Electoral roll and Credit History UK: string UK Electoral roll and credit history check result
  PEP: string PEP check result
  cpfValidation: object | null Brazilian individual taxpayer registry (CPF) validation check object. Optional, only for customers with Brazilian registry checks
  status: string | null Status of the entry in the registry, one of CPF is validated, CPF is suspended, CPF holder is deceased, CPF is pending regularization, CPF is cancelled (was a duplicate), Cancelled craft (meaning that it was cancelled due to reasons other than being a duplicate)
  cpfNumber: string | null Brazilian individual taxpayer registry (CPF) number of the person
  name: string | null Person's name in the CPF
  dateOfBirth: string | null Person's date of birth in the CPF as YYYY-MM-DD
  yearOfDeath: string | null Person's year of death in the CPF as YYYY-MM-DD
  processNumber: string Process number (e.g., "Trámite №") from the document. Optional, depending on the integration
  ineBiometricRegistryValidation: object INE Biometric Database Verification check object. Optional, available only when the INE Biometric Validation check has been enabled for the integration
  faceMatch: boolean | null Indicates if the person's selfie image is a match with their image in the registry. This decision is made based on the value returned in faceMatchPercentage (see below). null if the check could not be completed
  faceMatchPercentage: integer | null Indicates the level of similarity the system thinks the matched images have, in the range of 0-100. Values ≥85 indicate a match; values <85 indicate that images do not match. null if the check could not be completed
  responseStatus: string | null Indicates the response received from the service provider. One of success or failure; or null if the check could not be completed
  registryValidation: object Registry validation check object. Optional, available only when the registry validation check has been enabled for the integration (currently available for Colombia registries)
  countryRegistry: string Country of the registry
  registryName: string Name of the registry
  fullNameSimilarity: number Similarity of the full name in the registry to the full name in the document
  documentValid: boolean Indicates if the document is valid in the registry
  personIsAlive: boolean Indicates if the person is alive in the registry
  proofOfAddress: object Proof of address data. Optional, available only if the Proof of Address Verification has been enabled for your integration.
  nameMatch: boolean Indicates if the name on the proof of address document matches the name from the initial request data. null if the check could not be completed.
  nameMatchPercentage: float Indicates the level of similarity the matched names have, in the range of 0.00-100.00. null if the check could not be completed.
  documentType : string Indicates the type of the proof of address document. null if the check could not be completed.
  fraud: object Returns data about document integrity. Available only if the fraud validation check has been enabled for your Proof of Address integration.
  riskLevel: string | null Indicates the risk level, possible values LOW_RISK, MEDIUM_RISK, HIGH_RISK . null if the check was not executed or failed.
  reason: string | null Short description indicating the reason behind the risk level. null if the check was not executed or failed.
  reasonDescription: string | null Human readable explanation of the data in the reason field. null if the check was not executed or failed.
  indicators: array Array strings listing the factors that influenced the risk assessment. Empty if the check was not executed or failed.
  validationResults: array Data that has been optionally verified for the US Database Verification session, depending on the integration. Empty if no additional data was verified. Optional, depending on integration
  registryName: string Name of the registry
  firstName: string Indicates the match level of person’s first name data
  lastName: string Indicates the match level of person’s last name data
  dateOfBirth: string Indicates the match level of person’s date of birth data
  address: string Indicates the match level of person’s address data
  city: string Indicates the match level of person’s address data, specifically city
  state: string Indicates the match level of person’s address data, specifically state
  zip: string Indicates the match level of person’s address data, specifically zip code (post code)
  idNumber: string Indicates the match level of person’s identity number or SNN number data
- riskScore: object Data about the risk score. Optional, depending on the integration
  score: number A float in the range of 0.0–1.0. Numerical value representing the overall risk associated with the session. Lower score indicates more confidence in that the session is genuine. Note: in the Veriff environment, the range is shown as 1–100.
- riskLabels: array Array of risk labels related to the session. Optional, the presence of this property depends on risk labels being enabled for the integration. Log in to Customer portal to see the Risk Insights and Crosslinks[↗] article in Veriff Knowledge Base
  label: string Name of the risk label
  category: string Risk label category, one of client_data_mismatch, crosslinks, device, document, images, network, session, person
  sessionIds: array Array of verification IDs that are referenced to the particular risk label
- biometricAuthentication object Biometric Authentication data object. Optional, the presence of this property depends on biometric authentication being enabled for the integration
  matchedSessionId: string | null UUID v4 which refers to the verification session ID which face matched
  matchedSessionEndUserId: string | null Refers to the verification session endUserId which the face matched
  matchedSessionVendorData: string | null UUID v4 which refers to the verification session vendor data or end-user UUID which face matched
  details: object Lists the results of different checks that were made to verify the end-user. Log in to Customer portal to see the Risk Insights and Crosslinks[↗] article in Veriff Knowledge Base
- comments: array (Deprecated) Always returns empty []
- highRisk: boolean (Deprecated) Marked if session was considered high risk or not
technicalData: object* Technical data object
- ip: string | null IP of the device from which the verification was made

Article versioning

Date	Description
May 20, 2025	`fraud` object added to `additionalVerifiedData.proofOfAddress` object (related to Proof of Address Verification)
May 15, 2025	`attemptId` sample UUID updated
Apr 12, 2025	`registryValidation` array added (new array is currently associated only with US Database Verification)
Mar 12, 2025	Documentation published