Webhooks

Table of Contents

ℹ️ About webhooks

Webhooks allow Ondato to send you real-time notifications regarding changes in the status of your resources. These notifications are sent as POST requests to your server immediately after the event occurs. The request body includes information about the resource.

🔐 Security

Ondato uses HTTPS to send these notifications as a JSON payload.

🛒 Ordering

Ondato delivers events asynchronously. Therefore, you might receive them out of order and need to handle them accordingly.

📫 Webhook IP Addresses

All webhook requests will originate from the following IP addresses:

20.31.10.47
20.31.227.231
20.76.229.117
20.76.229.248
213.226.187.101

Please make sure to whitelist the following IPs in order to receive webhook notifications.

🔃 Retry Logic

Upon sending a webhook notification, we are waiting for a success response for 30 seconds. Otherwise, if your endpoint does not respond, the webhook is queued for retry. We use an exponential backoff retry policy for event delivery. The attempt to resend the notifications is according to the following schedule on a best effort basis:

10 seconds
30 seconds
1 minute
5 minutes
10 minutes
30 minutes
1 hour
3 hours
6 hours
Every 12 hours up to 24 hours

If the endpoint responds within 3 minutes, we will attempt to remove the event from the retry queue on a best effort basis but duplicates may still be received.

A small randomisation is added to all retry steps and may opportunistically skip certain retries if an endpoint is down for a long period o appears to be overloaded.

Maximum number of retry attempts is 30.

When Event Grid can't deliver an event within a certain time period or after trying to deliver the event a certain number of times the event is dropped.

❔ How to start receiving webhooks?

To start receiving event notifications into your application you need to go through the following steps:

Identify the events you want to monitor. Please see a full list of events in a table below.
Create a webhook endpoint as an HTTP endpoint on your local server.
Handle requests from Ondato.
Deploy your webhook endpoint so it would be publicly accessible HTTPS URL.
Contact Ondato support team to register the publicly accessible HTTPS URL and a list of events you want to monitor.

Please note that we also support multiple URLs for sending webhooks.

😶‍🌫️ Requirements for webhook endpoint

Ondato needs to know where to send information about events. In order to receive webhooks you need to create a webhook endpoint and provide us with the publicly accessible HTTPS URL that would meet the following criteria:

URL format: https://<your-website-name>/<your-webhook-endpoint>.
URL must support POST HTTP Method.
URL must support one of the available authentication flows:
1. basic - username, password.
2. oAuth2 - clientID, clientSecret, tokenUrl.

Events sent by Ondato will have a body in the following structure:

Property	Description
`Id`	Webhook ID.
`ApplicationId`	Internal ID that identifies you in Ondato system.
`CreatedUtc`	Date and time when webhook was generated.
`DeliveredUtc`	Date and time when webhook was delivered.
`IsDelivered`	Status of the webhook if it was delivered or not. Possible values are true/ false.
`Payload`	Depending on the webhpook type property, the payload always returns the same information you could obtain from the GET endpoint of the recourse. E.g. of the webhook type is `KycIdentification.<<event>>` then payload will contain information you could retrieve from KYC ID endpoint GET /v1/identifications/{id} .
`Type`	Type of the webook. It contains of two parts: Recourse, e.g. KycIdentification. Event, e.g. Created.

🪄 Events

You can configure the following events to trigger a message to registered webhooks:

Wehook event	Webhook is triggered when:	Webhook example link
1️⃣ Identity Verification (IDV) resource webhooks
`IdentityVerification.Consented`	User accepts consent agreement on new identification.	To view webhook example please click here.
`IdentityVerification.StatusChanged`	IDV status changes.	To view webhook example please click here.
2️⃣ KYC Identification resource webhooks
`KycIdentification.Created`	KYC Identification step is started by the customer.	To view webhook example please click here.
`KycIdentification.Processed`	KYC Identification is completed by the customer.	To view webhook example please click here.
`KycIdentification.Approved`	KYC Identification identification is manually or automatically approved.	To view webhook example please click here.
`KycIdentification.Updated`	document data of KYC Identification is updated in Ondato Portal.	To view webhook example please click here.
`KycIdentification.Rejected`	KYC Identification is manually or automatically rejected.	To view webhook example please click here.
3️⃣ KYB Identification resource webhooks
`KybIdentification.Created`	Customer finished filling in business onboarding form.	To view webhook example please click here.
`KybIdentification.Approved`	All KYC identifications were approved and all registries checks were successfully validated.	To view webhook example please click here.
`KybIdentification.Rejected`	Not all KYC identifications were approved and/or not all registries were successfully validated.	To view webhook example please click here.
`KybIdentification.Document.Created`	KYB related document entity is created in the KYB identification with status “NeedReview”.	To view webhook example please click here.
`KybIdentification.Document.Uploaded`	KYB related document file is uploaded to the document entity.	To view webhook example please click here.
`KybIdentification.Document.Updated`	KYB related document is verified and status is changed from “NeedReview” to “Validated”/ “Invalidated”.	To view webhook example please click here.
`KybIdentification.Document.Deleted`	KYB related document is deleted from KYB identification.	To view webhook example please click here.