Webhooks
Event: RISK_ASSESSMENT_UPDATED
Webhook payload for completed risk assessments
When the Event is Sent
This event is sent when:
- Identity verification completes successfully
- Risk assessment engine finishes calculation
- Typically 1-3 minutes after the customer completes data entry
- Only when
assessmentStatusreaches"ASSESSED"
Payload
{
"eventId": "uuid",
"eventName": "RISK_ASSESSMENT_UPDATED",
"customerName": "John Smith",
"assessmentStatus": "ASSESSED",
"riskLevel": "LOW",
"assessmentPortalUrl": "https://client-portal.verifime.com/...",
"eventTimestamp": "2025-11-11T00:00:00Z",
"metadata": "your-application-id"
}| Field | Type | Description |
|---|---|---|
eventId | String (UUID) | Unique identifier for this webhook event (use for idempotency) |
eventName | String | Always "RISK_ASSESSMENT_UPDATED" |
customerName | String | Entity name from verification |
assessmentStatus | String | "ASSESSED" |
riskLevel | String or null | "LOW", "MEDIUM", "HIGH", "EXTREME", "NO RISK DETECTED", or null if pending |
assessmentPortalUrl | String | URL to view full assessment in VerifiMe client portal |
eventTimestamp | String | ISO 8601 timestamp of when the assessment was completed |
metadata | String | The referenceData value from /v1/user/invite request |
Response Requirements
- Return HTTP 200 within 10 seconds
- Return HTTP 200 even for business logic issues (application not found, etc.)
- Only return non-200 for technical failures or security rejections (see below)
- Process webhook data asynchronously after returning 200
Exception - invalid signature: Return HTTP 401 if the HMAC signature does not match. This is intentional: under VerifiMe's retry semantics, a 4xx response (other than 408/429) permanently stops delivery for that event. Returning 401 on a bad signature tells VerifiMe the delivery was illegitimate and should not be retried.