WebhookConfigDto Schema

The WebhookConfigDto defines the webhook configuration for verification requests. This allows you to specify custom webhook endpoints, retry policies, and security settings for receiving notifications about verification status changes.

Supported Fields

Field	Required	Type	Rules and behavior
`enabled`	No	`boolean`	Enables or disables webhooks for this verification request. Default: `true`.
`secret`	No	`string`	Secret used for HMAC-SHA256 signature generation.
`retryAttempts`	No	`number`	Number of retry attempts for failed webhook deliveries. Range `0–10`. Default: `3`.
`closeoutEndpoints`	No	`CloseoutEndpointsDto`	Map of search type to webhook target(s). Supports URL strings, single `WebhookTargetDto` objects, or arrays. See CloseoutEndpointsDto.
`fallbackEndpoint`	No	`string`, `WebhookTargetDto`, or array	Fallback target(s) used when no specific search-type closeout endpoint is configured.

Complete Example

{
  "enabled": true,
  "secret": "webhook-secret-for-hmac-validation",
  "retryAttempts": 3,
  "closeoutEndpoints": {
    "EMPLOYMENT": [
      {
        "url": "https://client.example.com/webhooks/employment-closeout",
        "headers": { "X-Customer": "acme" },
        "events": ["verification.completed"]
      },
      {
        "url": "https://client.example.com/webhooks/employment-notifications",
        "events": ["verification.notification"]
      }
    ],
    "EDUCATION": [
      {
        "url": "https://client.example.com/webhooks/education-closeout",
        "basicAuth": { "username": "api", "password": "secret" },
        "events": ["verification.completed"]
      }
    ]
  },
  "fallbackEndpoint": [
    {
      "url": "https://client.example.com/webhooks/all-events",
      "events": ["verification.action_required"],
      "searchTypes": ["EMPLOYMENT", "EDUCATION"]
    }
  ]
}

Webhook Behavior

Endpoint Resolution Priority

Search-specific endpoint: If a closeout endpoint is configured for the specific search type (e.g., EMPLOYMENT), that endpoint is used
Fallback endpoint: If no search-specific endpoint is configured, the fallback endpoint is used
Tenant-level configuration: If no request-level webhook configuration is provided, tenant-level webhook settings are used

Retry Policy

Failed webhook deliveries are retried up to the specified retryAttempts number
Retries use exponential backoff with jitter
After all retries are exhausted, the webhook is marked as failed

Security

All webhook payloads are signed using HMAC-SHA256 with the provided secret
The signature is included in the X-Webhook-Signature header
Verify the signature to ensure webhook authenticity

Validation Rules

URL Format: All endpoint URLs must be valid HTTPS URLs
Retry Range: retryAttempts must be between 0 and 10
Secret Length: secret should be at least 16 characters for security
Multiple Targets: Each search type can define multiple webhook targets
Event Filters: When events is omitted, the target receives only verification.completed (backward compatible)
Per-Target Security: Per-target secret overrides the global secret; basicAuth adds Authorization: Basic ...

CloseoutEndpointsDto - Search type specific endpoints
WebhookTargetDto - Single webhook target definition
VerificationRequestDto - Main verification request schema

Usage

This schema is used in:

VerificationRequestDto - Optional webhook configuration
Create Order - Individual order creation with webhooks
Create Batch - Batch order creation with webhooks

Next Steps

Create your first order using this webhook configuration
Learn about error handling for webhook delivery failures
Understand search types for different verification types

​WebhookConfigDto Schema

​Supported Fields

​Complete Example

​Webhook Behavior

​Endpoint Resolution Priority

​Retry Policy

​Security

​Validation Rules

​Related Schemas

​Usage

​Next Steps