Webhooks

About webhooks

Webhooks enable Ondato to send you real-time notifications about changes in the status if your recourses. These are POST requests to your server that are sent as soon as event occurs. The body of the request contains resource information.

Security

Ondato uses HTTPS to send these notifications as a JSON payload.

Ordering

Ondato deliver events asynchronically. Therefore, you might receive them out of order and handle them accordingly.

Webhook IP Adresses

All webhook requests will come from the following IPs:

20.31.227.231
20.76.229.117
20.76.229.248
213.226.187.101

Please make sure that these IPs are whitelisted in order to receive webhook notifications.

How to start receiving webhooks

To start receiving event notifications into your application you need to go through the following steps:

Identify the events you want to monitor. Please see a full list of events in a table below.
Create a webhook endpoint as an HTTP endpoint on your local server.
Handle requests from Ondato.
Deploy your webhook endpoint so it would be publicly accessible HTTPS URL.
Contact Ondato support team to register the publicly accessible HTTPS URL and a list of events you want to monitor.

Please note that we also support multiple URLs for sending webhooks.

Requirements for webhook endpoint

Ondato needs to know where to send information about events. In order to receive webhooks you need to create a webhook endpoint and provide us with the publicly accessible HTTPS URL that would meet the following criteria:

URL format: https://<your-website-name>/<your-webhook-endpoint>.
URL must support POST HTTP Method.
URL must support one of the available authentication flows:
1. basic - username, password.
2. oAuth2 - clientID, clientSecret, tokenUrl.

Events sent by Ondato will have a body in the following contract:

{
	"Id": "45a51829-965c-49ac-8fbb-940aa3d8486f",
	"ApplicationId": "d73da14e-a6b9-4bb1-b9df-f3b40ba1ed34",
	"CreatedUtc": "2022-07-26T07:16:41.873Z",
	"Payload": {
		"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
		"applicationId": "d73da14e-a6b9-4bb1-b9df-f3b40ba1ed34",
		"setup": {
			"id": "56d0b462-6f88-4725-9a7a-578c58acd85a",
			"versionId": "5c45f048-70f5-4f11-a623-b001087b78ac"
		},
		"createdUtc": "2022-07-26T07:16:40.873Z",
		"identityVerificationId": "9eae922a-00af-4e54-830b-ca6f7fe5af16",
		"status": "Unfinished"
	},
	"Type": "Form.Created"
}

Events

You can configure the following events to trigger a message to registered webhooks:

Wehook event	Webhook is triggered when;
Identity Verification (IDV) resource webhooks
`IdentityVerification.Consented`	user accepts consent agreement on new identification.
`IdentityVerification.StatusChanged`	IDV status changes.
KYC Identifiation recourse webhooks
`KycIdentification.Created`	KYC Identification step is started by the customer.
`KycIdentification.Processed`	KYC Identification is completed by the customer.
`KycIdentification.Approved`	KYC Identification identification is manually or automatically approved.
`KycIdentification.Updated`	document data of KYC Identification is updated in Ondato Portal.
`KycIdentification.Rejected`	KYC Identification is manually or automatically rejected.
KYB Identification resource webhooks
`KybIdentification.Created`	Customer finished filling in business onboarding form.
`KybIdentification.Approved`	All KYC identifications were approved and all registries checks were successfully validated.
`KybIdentification.Rejected`	Not all KYC identifications were approved and/or not all registries were successfully validated.
`KybIdentification.Document.Created`	KYB related document entity is created in the KYB identification with status “NeedReview”.
`KybIdentification.Document.Uploaded`	KYB related document file is uploaded to the document entity.
`KybIdentification.Document.Updated`	KYB related document is verified and status is changed from “NeedReview” to “Validated”/ “Invalidated”.
`KybIdentification.Document.Deleted`	KYB related document is deleted from KYB identification.