Decision webhook

Most of the verification solutions use the decision webhook to post data about the verification decision, verified data and checks, and session info (e.g. session ID, attempt ID, different timestamps).

The payload is sent to Webhook decisions URL, which you need to set up the webhook in the Veriff Customer Portal.

When is decision webhook sent?

Veriff sends decision webhooks immediately after making a decision, with one exception: webhooks with resubmission_requested status are delayed by 5 minutes for SDK sessions (native or web) where end-users are asked to resubmit their data on the final screen. During this 5-minute window:

• No webhook is sent

• End-user can resubmit their data

• If they do not resubmit within 5 minutes, Veriff sends the webhook with resubmission_requested status

If the session is uploaded via API, decision webhook is sent immediately.

Prerequisites

5.Proceed to Decision webhook setup section below

Decision webhook setup

1. Log in to the Veriff Customer Portal

2. Navigate to the Integrations page via the top menu and open the relevant integration

3. On the integration's page, select the Settings tab

4. Under the title Integration settings you see a list of webhooks

5. Fill in the Webhook decisions URL

Additional notes

Driver's license categories extraction

Contact your Solutions Engineer who can activate the feature for your integration, so it is possible to extract the validFrom and validUntil dates from a driver's license.

riskScore parameter

This is a numerical value representing the overall risk associated with the session. Lower score indicates higher confidence in that the session is genuine.

In the API and webhooks payloads, the range is shown as an integer in the range of 0.0–1.0

In the Veriff Customer Portal, the range is shown as 1–100

pepSanctionMatch parameter

Warning: legacy field, may return incorrect result.

• If you are running the AML checks, please see the watchlist-screening webhook for accurate data.

• If you are running the UKDIATF M1B checks, accurate data is in the decision webhook payload, in verification.additionalVerifiedData.UKTFResult.PEP string.

submissionTime parameter

This parameter indicates the moment when the session was submitted. It is an accurate timestamp of the session submission moment and can differ from the time value that can be derived from when the even webhook with submitted status was received.

Sample request

{
    "status": "success",
    "verification": {
        "id": "12df6045-3846-3e45-946a-14fa6136d78b",
        "attemptId": "00bca969-b53a-4fad-b065-874d41a7b2b8",
        "vendorData": "12345678",
        "endUserId": "a1b2c35d-e8f7-6d5e-3cd2-a1b2c35db3d4",
        "status": "approved",
        "code": 9001,
        "reason": null,
        "reasonCode": null,
        "decisionTime": "2024-11-06T07:17:36.916Z",
        "acceptanceTime": "2024-11-06T07:15:27.000Z",
        "submissionTime": "2024-11-06T07:16:15.736755Z",
        "person": {
            "firstName": "SARAH",
            "lastName": "MORGAN",
            "dateOfBirth": "1967-03-30",
            "gender": null,
            "nationality": null,
            "idNumber": null,
            "yearOfBirth": "1967",
            "placeOfBirth": "MADRID",
            "addresses": [
               {
                "fullAddress": "1234 Ridge Road, Indiana, 56789 USA",
                "parsedAddress": {
                    "city": null,
                    "unit": null,
                    "state": "Indiana",
                    "street": "1234 Ridge Road",
                    "country": "USA",
                    "postcode": "56789",
                    "houseNumber": "null"
                }
              }
            ],
            "fullName": "SARAH EMILY MORGAN",
            "nameComponents": {
                "title": null,
                "middleName": "EMILY",
                "firstNameOnly": "SARAH",
                "firstNameSuffix": null
            },
            "occupation": "Engineer",
            "employer": "Any Company LLC",
            "foreignerStatus": "EXTRANJERO",
            "extraNames": "NOM D'USAGE",
            "title": "DR",
            "pepSanctionMatch": null,
            "citizenship": null,
            "electorNumber": "GMVLMR80070501M100",
            "eyeColor": "BRN",
            "hairColor": "BRN",
            "height": "5'-03"",
            "weight": "093 lb"
        },
        "document": {
            "number": "MORGA753116SM9IJ",
            "validFrom": null,
            "validUntil": "2022-04-20",
            "type": "DRIVERS_LICENSE",            
            "country": "US",
            "state": "NY",
            "placeOfIssue": "ALBANY",
            "firstIssue": "2015-03-21",
            "issueNumber": "01",
            "issuedBy": "ISSUER",
            "remarks": "WORK PERMITTED",
            "nfcValidated": true,
            "residencePermitType": "C",
            "portraitIsVisible": "true",
            "signatureIsVisible": "true",
            "ineIdentifier": "116375842",
            "specimen": {
                "containsContactlessChip": false,
                "firstIssuedDate": "2020-01-01",
                "lastIssuedDate": "2021-01-02",
                "nistVersion": "1.2.3",
                "digitalDocument": true,
                "nonStandardDrivingLicense": false,
                "militaryDocument": false,
                "temporaryEmergencyDocument": false,
                "asylumRefugeeDocument": false,
                "ICAOStandardizedDocument": false,
                "notNationalIdCard": true,
                "legalStatus": "primary",
                "hasSecurityRisk": false
            }
        },
        "additionalVerifiedData": {
            "driversLicenseNumber": "1234569",  
            "driversLicenseCategory": {
                "B": true
            },
            "driversLicenseCategoryFrom": {
                "B": "2019-10-06"
            },
            "driversLicenseCategoryUntil": {
                "B": "2025-10-05"
            },
            "driversLicenseCategories": ["B", "C", "5", "6"],
            "estimatedAge": 32,
            "estimatedGender": 0.613,
            "processNumber": "12345678912 1234",        
            "cpfValidation": {
                "status": "CPF is validated",
                "cpfNumber": "123456789",
                "name": "SARAH MORGAN",
                "dateOfBirth": "1967-03-30",
                "yearOfDeath": null
            },
            "ineBiometricRegistryValidation": {
                "faceMatch": true,
                "faceMatchPercentage": 89,
                "responseStatus": "success"
            },
            "registryValidation": {
                "countryRegistry": "CO",
                "registryName": "resigo",
                "fullNameSimilarity": 80,
                "documentValid": true,
                "personIsAlive": true
            },
            "proofOfAddress": {
                "nameMatch": true,
                "nameMatchPercentage": 100.00
                "documentType": "UTILITY_BILL",
                "fraud": {
                    "riskLevel": "HIGH_RISK",
                    "reason": "PDF_PROCESSED_BY_EDITOR",
                    "reasonDescription": "Document was processed using editing software",
                    "indicators": []
                }
            },
            "validationResults": [
               { 
                "registryName": "USA - Credit + US Identity Graph (US15)",
                "firstName": "MATCH",
                "lastName": "MATCH",
                "dateOfBirth": "NO_INPUT",
                "address": "PARTIAL_MATCH",
                "city": "MATCH",
                "state": "MATCH",
                "zip": "MATCH",
                "idNumber": "NO_DATA"
               }
            ]
        },
        "riskScore": {
            "score": 0.12
        },
         "riskLabels": [
        {
            "label": "document_integration_...",
            "category": "document",
            "sessionIds": ["5a2358e7-fd31-4fcb-a23f-4d76651ba68a"]
        }],
        "biometricAuthentication": {
            "matchedSessionId": "d40edb60-6ae6-4475-be72-84b81669cce6",
            "matchedSessionEndUserId": "a1b2c35d-e8f7-6d5e-3cd2-a1b2c35db3d4",
            "matchedSessionVendorData": "User001",
            "details": {
                ...
            }
        },
        "comments": []
    },
        "highRisk": false,
    "technicalData": {
        "ip": "186.153.67.122"
    }
  } 

Request properties explained

*Always sent, irrespective of product or solution used

• status: string* Status of the response

• verification: object* Verification request decision object. null if decision is not available yet

  • id: string* UUID v4 which identifies the verification session

  • attemptId: string* UUID v4 of the attempt which received a status (as shown in verification.status field)

  • vendorData: string | null* The unique identifier that you created for your end-user. null if not specified

  • endUserId: string | null* The UUID that you created for your end-user. null if not specified

  • status: string* Verification status, one of approved, declined, resubmission_requested, review, expired, abandoned

  • code: integer* Verification session decision code, one of 9001, 9102, 9103, 9104, 9121. For more info, see the verification session decision codes

  • reason: string | null* Reason why the verification failed

  • reasonCode: integer | null* Reason code of the failed verification. For more info, see the possible codes for a failed verification

  • decisionTime: string  | null* Timestamp of the decision, represented as UTC YYYY-MM-DDTHH:MM:SS.SSS+Timezone Offset (ISO 8601)

  • acceptanceTime: string* Timestamp of the session generation, represented as UTC YYYY-MM-DDTHH:MM:SS.SSS+Timezone Offset (ISO 8601)

  • submissionTime : string* Timestamp of when the session was submitted, represented as UTC YYYY-MM-DDTHH:MM:SS.SSSSSS+Timezone Offset (ISO 8601)

  • person: object* Data about the verified person

    • firstName: string | null* Person's first name as written on the document

    • lastName: string | null* Person's last name as written on the document

    • dateOfBirth: string* Person’s date of birth, represented as YYYY-MM-DD

    • gender: string | null* Person’s gender, represented as M or F, or null if not present

    • nationality: string | null* Person’s nationality, represented as ISO 3166 alpha-2 or alpha-3 number

    • idNumber: string | null* National identification number

    • yearOfBirth: string | null* Person’s year of birth, represented as YYYY

    • placeOfBirth: string | null* Person’s place of birth

    • addresses: a map with keys fulladdress and parsedAddress. Optional, depending on the integration

      • fullAddress: string | null Address as single string

      • parsedAddress: object Object containing parts of the fullAddress value as separate keys. Optional, depending on the integration

        • city: string | null Any human settlement, including cities, towns, villages, hamlets, localities, etc.

        • country: string | null Sovereign nations and their dependent territories (ISO-3166)

        • houseNumber: string | null External (street-facing) building number

        • postcode: string | null Postal codes used for mail sorting

        • state: string | null A first-level administrative division

        • street: string | null Street name

        • unit: string | null An apartment, unit, office, lot, or other secondary unit designator

    • fullName: string | null Full name of the person. Optional, only for Indian Aadhaar cards registry based verification

    • nameComponents: object Object containing person’s name components extracted from the document. Optional, only available if configured for you integration by Veriff

      • title: string | null Person’s title extracted from the document, e.g., “MR”, “MS”. null when no title data present on the document

      • middleName: string | null Person’s middle name extracted from the document, from a dedicated field on the document or document barcode results. null when the first name has no suffix according to barcode data. The field is not sent when the document has no dedicated field or barcode

      • firstNameOnly: string | null Person’s first name extracted from the document and stripped from all components like middleName or firstNameSuffix

      • firstNameSuffix: string | null Person’s first name suffix. null when the first name has no suffix according to barcode data. The field is not sent when the document has no barcode

    • occupation: string Occupation data from the document. Optional, depending on the integration

    • employer: string Employer's name from the document. Optional, depending on the integration

    • foreignerStatus: string Foreigner status field from the document. Optional, depending on the integration

    • extraNames: string Additional name from the document. Optional, depending on the integration

    • title : string Person’s title extracted from the document. Optional, depending on the integration

    • ifeIdentifier: string | null The voter's card identifier (OCR). Optional, only for Mexican registries verification

    • ineIdentifier: string | null The citizen's identifier (Identificador del Ciudadano). Optional, only for Mexican registries verification

    • pepSanctionMatch: string | null Legacy field, may return incorrect result, should be ignored

    • citizenship: null Deprecated, always returns null

    • electorNumber: string | null Person’s electoral number. Optional, currently only for Mexican registry checks. Present only if the data was available on the document

    • eyeColor : string | null Person’s eye color as stated on the document. Optional, present only if the data was available on the document

    • hairColor : string | null Person’s hair color as stated on the document. Optional, present only if the data was available on the document

    • height : string | null Person’s height as stated on the document. Optional, present only if the data was available on the document

    • weight : string | null Person’s weight as stated on the document. Optional, present only if the data was available on the document

  • document: object* Verified document

    • number: string | null* Document number, [a-zA-Z0-9] characters only

    • type: string | null* Document type, one of PASSPORT, ID_CARD, RESIDENCE_PERMIT, DRIVERS_LICENSE, VISA, OTHER. For more info, see the Supported document types for IDV article

    • country: string | null* Document issuing country, represented as ISO 3166 alpha-2 code

    • state: string | null* Document issuing state, represented as ISO 3166 alpha-2 or alpha-3 code

    • remarks: string Data extracted from document’s remarks field

    • validUntil: string | null Document is valid until date, represented as YYYY-MM-DD. Optional, must be configured for your integration by the Solutions Engineer

    • validFrom: string | null Document is valid from date, represented as YYYY-MM-DD. Optional, must be configured for your integration by the Solutions Engineer

    • placeOfIssue: string | null Place where document was issued. Optional, depending on the integration

    • firstIssue: string | null Date of document first issue, represented as YYYY-MM-DD. Optional, depending on the integration

    • issueNumber: string | null Document issue number. Optional, depending on the integration

    • issuedBy: string | null Document issuing authority. Optional, depending on the integration

    • nfcValidated: boolean Indicates if the biometric document data has been successfully decoded. Optional, only when NFC validation has been enabled for the integration

    • residencePermitType: string Type of the residence permit, as shown on the document. Optional, depending on the integration

    • portraitIsVisible: boolean Indicates that the portrait image is visible in the session and its quality is sufficient to perform verification. Optional, depending on the integration

    • signatureIsVisible: boolean Indicates that the signature is present on the document and readable to perform the verification. Optional, depending on the integration

    • ineIdentifier: string | null Person’s INE (Mexican voter’s registry) identifier number. Optional, present only if the data was available on the document

    • specimen: object Contains additional data about the particular document type. Optional, depending on integration

      • containsContactlessChip: boolean Indicates if the document contains a contactless chip (NFC)

      • firstIssuedDate: string Indicates the first issue date of the identity document template, as YYYY-MM-DD

      • lastIssuedDate: string Indicates the last issue date of the identity document template, as YYYY-MM-DD

      • nistVersion: string Indicates the version of the US National Institute of Standards and Technology guidelines

      • digitalDocument: boolean Indicates if the document is a digital template identity document

      • nonStandardDrivingLicense: boolean Indicates if the driving permit is different from the standard driver's licence (e.g. it is a learner's license, temporary driver's license, permit to drive boats)

      • militaryDocument: boolean Indicates if the document is issued to a military personnel/staff or personnel's family

      • temporaryEmergencyDocument: boolean Indicates if the document is a temporary identity document

      • asylumRefugeeDocument: boolean Indicates if it is a document that is issued exclusively to asylum seekers or refugees

      • ICAOStandardizedDocument: boolean Indicates if the document is under the standards of International Civil Aviation Organization

      • notNationalIdCard: boolean Indicates if the identity card is not a national ID card (e.g., social security card, tax ID, electoral ID)

      • legalStatus: string | null Indicates the legal status of the identity document in the country of issuance. One of primary, secondary, tertiary, indicating to what extent the document is accepted as legal proof of identity

      • hasSecurityRisk: boolean Indicates if the document has properties that can increase the chance of document tampering

  • additionalVerifiedData: object Data that has been optionally verified for the session. Optional, depending on the integration

    • driversLicenseNumber: string Number of the driver's license. Optional, depending on the integration

    • driversLicenseCategory: object Indicates the driver’s licence category/ies. Optional, the presence of this property depends on drivers licence category extraction being enabled for the integration.

      • B: Boolean | null

    • driversLicenseCategoryFrom: object Date when the driving license category was obtained. Optional, depending on the integration

      • B: string | null Category is valid from date, represented as YYYY-MM-DD

    • driversLicenseCategoryUntil: object Driving license category expiry date. Optional, depending on the integration

      • B: string | null Category is valid until date, represented as YYYY-MM-DD

    • driversLicenseCategories: array List of category types visible on the driver's license

    • estimatedAge: number Estimated age. Optional, depending on the integration

    • estimatedGender: number Estimated gender, values closer to 0.0 indicate 'male', values closer to 1.0 indicate 'female'. Optional, depending on the integration

    • UKTFCheckResult: array Array of UK DIATF checks results. Optional, only for customers with Veriff UK DIATF solution

      • CIFAS: string CIFAS [↗]registry check result

      • Electoral roll and Credit History UK: string UK Electoral roll and credit history check result

      • PEP: string PEP check result

    • cpfValidation: object | null Brazilian individual taxpayer registry (CPF) validation check object. Optional, only for customers with Brazilian registry checks

      • status: string | null Status of the entry in the registry, one of CPF is validated, CPF is suspended, CPF holder is deceased, CPF is pending regularization, CPF is cancelled (was a duplicate), Cancelled craft (meaning that it was cancelled due to reasons other than being a duplicate)

      • cpfNumber: string | null Brazilian individual taxpayer registry (CPF) number of the person

      • name: string | null Person's name in the CPF

      • dateOfBirth: string | null Person's date of birth in the CPF as YYYY-MM-DD

      • yearOfDeath: string | null Person's year of death in the CPF as YYYY-MM-DD

    • processNumber: string Process number (e.g., "Trámite №") from the document. Optional, depending on the integration

    • ineBiometricRegistryValidation: object INE Biometric Database Verification check object. Optional, available only when the INE Biometric Validation check has been enabled for the integration

      • faceMatch: boolean | null Indicates if the person's selfie image is a match with their image in the registry. This decision is made based on the value returned in faceMatchPercentage (see below). null if the check could not be completed

      • faceMatchPercentage: integer | null Indicates the level of similarity the system thinks the matched images have, in the range of 0-100. Values ≥85 indicate a match; values <85 indicate that images do not match. null if the check could not be completed

      • responseStatus: string | null Indicates the response received from the service provider. One of success or failure; or null if the check could not be completed

    • registryValidation: object Registry validation check object. Optional, available only when the registry validation check has been enabled for the integration (currently available for Colombia registries)

      • countryRegistry: string Country of the registry

      • registryName: string Name of the registry

      • fullNameSimilarity: number Similarity of the full name in the registry to the full name in the document

      • documentValid: boolean Indicates if the document is valid in the registry

      • personIsAlive: boolean Indicates if the person is alive in the registry

    • proofOfAddress: object Proof of address data. Optional, available only if the Proof of Address Verification has been enabled for your integration.

      • nameMatch: boolean Indicates if the name on the proof of address document matches the name from the initial request data. null if the check could not be completed.

      • nameMatchPercentage: float Indicates the level of similarity the matched names have, in the range of 0.00-100.00. null if the check could not be completed.

      • documentType : string  Indicates the type of the proof of address document. null if the check could not be completed.

      • fraud: object Returns data about document integrity. Available only if the fraud validation check has been enabled for your Proof of Address integration.

        • riskLevel: string | null Indicates the risk level, possible values LOW_RISK, MEDIUM_RISK, HIGH_RISK . null if the check was not executed or failed.

        • reason: string | null Short description indicating the reason behind the risk level. null if the check was not executed or failed.

        • reasonDescription: string | null Human readable explanation of the data in the reason field. null if the check was not executed or failed.

        • indicators: array Array strings listing the factors that influenced the risk assessment. Empty if the check was not executed or failed.

    • validationResults: array Data that has been optionally verified for the US Database Verification session, depending on the integration. Empty if no additional data was verified. Optional, depending on integration

      • registryName: string Name of the registry

      • firstName: string Indicates the match level of person’s first name data

      • lastName: string Indicates the match level of person’s last name data

      • dateOfBirth: string Indicates the match level of person’s date of birth data

      • address: string Indicates the match level of person’s address data

      • city: string Indicates the match level of person’s address data, specifically city

      • state: string Indicates the match level of person’s address data, specifically state

      • zip: string Indicates the match level of person’s address data, specifically zip code (post code)

      • idNumber: string Indicates the match level of person’s identity number or SNN number data

  • riskScore: object Data about the risk score. Optional, depending on the integration

    • score: number A float in the range of 0.0–1.0. Numerical value representing the overall risk associated with the session. Lower score indicates more confidence in that the session is genuine. Note: in the Veriff environment, the range is shown as 1–100.

  • riskLabels: array Array of risk labels related to the session. Optional, the presence of this property depends on risk labels being enabled for the integration. Log in to Customer portal to see the Risk Insights and Crosslinks[↗] article in Veriff Knowledge Base

    • label: string Name of the risk label

    • category: string Risk label category, one of client_data_mismatch, crosslinks, device, document, images, network, session, person, risk-score

    • sessionIds: array Array of verification IDs that are referenced to the particular risk label

  • biometricAuthentication object Biometric Authentication data object. Optional, the presence of this property depends on biometric authentication being enabled for the integration

    • matchedSessionId: string | null UUID v4 which refers to the verification session ID which face matched

    • matchedSessionEndUserId: string | null Refers to the verification session endUserId which the face matched

    • matchedSessionVendorData: string | null UUID v4 which refers to the verification session vendor data or end-user UUID which face matched

    • details: object Lists the results of different checks that were made to verify the end-user. Log in to Customer portal to see the Risk Insights and Crosslinks[↗] article in Veriff Knowledge Base

  • comments: array (Deprecated) Always returns empty []

  • highRisk: boolean (Deprecated) Marked if session was considered high risk or not

• technicalData: object* Technical data object

  • ip: string | null IP of the device from which the verification was made

Changelog