Webhooks overview

Webhooks let you receive event notifications at your own URL whenever Veritus scores a signup. Configure them at /dashboard/webhooks.

When you'd want webhooks

• Real-time alerts — PagerDuty / Slack notifications when a high-risk signup hits
• Automated workflows — trigger fraud review tickets, auto-suspend the new account, queue manual KYC
• Data warehousing — stream every scored signup into your own analytics pipeline
• Sync with your CRM — flag accounts in HubSpot / Salesforce with their risk score

How it works

1. You add a webhook with a URL and pick which events to subscribe to.
2. We generate a per-webhook signing secret — shown once at creation time.
3. When an event fires, we POST JSON to your URL with an HMAC-SHA256 signature in the headers.
4. You verify the signature, parse the body, do your thing, return 2xx.
5. Non-2xx responses (or timeouts) trigger our retry schedule with exponential backoff.

Anatomy of a delivery

POST https://yourapp.example.com/veritus/webhook
Content-Type: application/json
User-Agent: Veritus-Webhook/1.0
X-Veritus-Event:     check.blocked
X-Veritus-Delivery:  4e8a1f5d-7c2e-4b0c-9f3a-2d8e1c5a6b9f
X-Veritus-Timestamp: 1748094182
X-Veritus-Signature: sha256=a3b1c2d4e5f6...

{
  "event":     "check.blocked",
  "timestamp": 1748094182,
  "data": {
    "id":       "fef019b3-...",
    "score":    87,
    "verdict":  "block",
    "reasons":  [...],
    "signup":   {...}
  }
}

Next pages

• Event types — what fires and when
• Signature verification — copy-paste code for Python, Node, PHP, Go
• Retries & delivery guarantees