Webhook Configuration
Enabling a Webhook URL will allow you to receive user session results at an external endpoint.
How To Enable Webhook on your Workflow
Go to Workflows > "Your Workflow" > "Start Change Request"
Go to General > Advanced > Scroll until you see Enable Webhook and toggle it "Yes"
Next, begin selecting your webhook's Authorization Type.
...
Authorization types
Besides No Authentication, IDDataWeb supports two Webhook Authorization Types:
- Basic
- OAuth2.0
The required fields for each are:
- Basic Authentication:
- URL (webhook): https://api.example.com/api/webhook
- Credentials (webhook): Username and Password
- OAuth2.0 Authentication:
- URL (webhook): https://api.example.com/api/webhook
- URL (token): https://api.example.com/api/token
- Credentials (token): Username and Password... or Client ID and Client Secret.
Basic Authentication
AXN admin will create an Authorization string based on your Username + Password encoded as a Base 64 String (separated by colon ":")
username:password → ZXhhbXBsZVVzZXI6ZXhhbXBsZVBhc3M=
...and will append it to the subsequent Webhook request as a Basic Authorization Header.
Authorization: Basic ZXhhbXBsZVVzZXI6ZXhhbXBsZVBhc3M=
OAuth2.0
AXN admin will create an Authorization string based on your Username + Password encoded as a Base 64 String (separated by colon ":")
username:password → ZXhhbXBsZVVzZXI6ZXhhbXBsZVBhc3M=
...and will append it to the subsequent Token request as a Basic Authorization Header.
Authorization: Basic ZXhhbXBsZVVzZXI6ZXhhbXBsZVBhc3M=
...to then retrieve an access token:
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "8xLOxBtZp8",
}
And lastly, append it to the Webhook request as a Bearer Authorization Header.
Authorization: Bearer ZXhhbXBsZVVzZXI6ZXhhbXBsZVBhc3M=
Advanced Webhook Configurations... and best practices
- Include User Data [set to Yes] - this will include end user PII in the endpoint
- Add Flat Endpoint [set to Yes] - this will allow you to receive the response as a flat value (as opposed to a nested value) which makes the data structure simpler to parse
Configuration Options
| Secure Webhook | Enable Basic Authentication on the Webhook (POST) |
| Include User Data | Enable User PII being included in the endpoint |
| Add Flat Endpoint | Enable flattening the standard JSON object returned |
| Replace API Key Value | Replace API Key value with a customer string, useful for OneTrust Integrations |
| Add Webhook Wrapper Object | Wraps the standard JSON object in named value, useful for Sailpoint Integrations |
Add Flat Endpoint Example Response
Note:
The below example demonstrates a flat web hook response with Include User Data enabled.
{
"endpoint$transaction$asi": "383993a4-b0b0-492e-9140-666876ecc8d0",
"endpoint$transaction$status": "success",
"endpoint$transaction$errorCode": "",
"endpoint$transaction$errorDescription": "",
"endpoint$transaction$idpType": "google",
"endpoint$transaction$credential": "test",
"endpoint$transaction$credentialCreationDate": "11/22/2023 14:47:30 UTC",
"endpoint$transaction$mbun": "3b02bda2-8a5e-40ff-a30b-925040d9d965",
"endpoint$transaction$maxToken": "E75_Poh3I9QmV6AR_UBMFEjX3eBkH-eHwkd5Hfi2hy8",
"endpoint$transaction$state": "",
"endpoint$transaction$idwTrustScore": "",
"endpoint$transaction$sessionCreationDate": "11/22/2023 14:47:30 UTC",
"endpoint$transaction$appId": "null",
"endpoint$policyDecision$conclusion": "approve",
"endpoint$policyDecision$obligationApiKey": "",
"endpoint$policyDecision$obligationParam": "",
"endpoint$policyDecision$disposition": "positive",
"endpoint$policyDecision$status": "success",
"endpoint$policyDecision$message": "",
"userAttributes$FullName$fname": "John",
"userAttributes$FullName$lname": "Doe",
"userAttributes$FullName$mname": "",
"userAttributes$FullName$suffix": "null",
"userAttributes$InternationalTelephone$dialCode": "1",
"userAttributes$InternationalTelephone$telephone": "1234567890",
"userAttributes$InternationalAddress$country": "US",
"userAttributes$InternationalAddress$sublocality": "null",
"userAttributes$InternationalAddress$locality": "CITY",
"userAttributes$InternationalAddress$subpremise": "null",
"userAttributes$InternationalAddress$sublocality_level_2": "null",
"userAttributes$InternationalAddress$route": "123 STREET",
"userAttributes$InternationalAddress$administrative_area_level_2": "null",
"userAttributes$InternationalAddress$premise": "null",
"userAttributes$InternationalAddress$sublocality_level_5": "null",
"userAttributes$InternationalAddress$administrative_area_level_3": "null",
"userAttributes$InternationalAddress$sublocality_level_4": "null",
"userAttributes$InternationalAddress$sublocality_level_3": "null",
"userAttributes$InternationalAddress$administrative_area_level_1": "STATE",
"userAttributes$InternationalAddress$street_number": "123 STREET",
"userAttributes$InternationalAddress$neighborhood": "null",
"userAttributes$InternationalAddress$postal_code": "12345",
"userAttributes$Country$country": "US",
"acquiredAttributes$WorkflowTransactionStage$Stage": "2",
"acquiredAttributes$SubmissionTimestamp$Timestamp": "22/11/2023 14:47:44",
"acquiredAttributes$ZipCodeScore$zipCodeScore": "10",
"acquiredAttributes$StateScore$stateScore": "10",
"acquiredAttributes$CityScore$cityScore": "10",
"acquiredAttributes$ConsentTimestamp$consentTimestamp": "20231122144743",
"acquiredAttributes$StreetAddressScore$streetAddressScore": "9",
"acquiredAttributes$PhoneServiceType$PhoneServiceType": "Mobile",
"acquiredAttributes$PhoneServiceCountryCode$phoneServiceCountryCode": "US",
"acquiredAttributes$LastNameScore$lastNameScore": "10",
"acquiredAttributes$ExperianScore$experianScore": "229",
"acquiredAttributes$FirstNameScore$firstNameScore": "10",
"acquiredAttributes$PhoneStatus$phoneStatus": "10",
"acquiredAttributes$ConsentID$consentID": "---",
"acquiredAttributes$MostRecentAddress$country": "COUNTRY",
"acquiredAttributes$MostRecentAddress$address": "FULL ADDRESS",
"acquiredAttributes$MostRecentAddress$route": "123 STREET",
"acquiredAttributes$MostRecentAddress$administrative_area_level_1": "STATE",
"acquiredAttributes$MostRecentAddress$street_number": "1234",
"acquiredAttributes$MostRecentAddress$locality": "CITY",
"acquiredAttributes$MostRecentAddress$postal_code": "12345",
"acquiredAttributes$MostRecentAddress$subpremise": "",
"acquiredAttributes$EmailAddressScore$emailAddressScore": "-2",
"acquiredAttributes$AcquiredAttributeDataSource$acquiredAttributeDataSource": "Third-Party",
"acquiredAttributes$PhoneServiceProvider$phoneServiceProvider": "PHONE CARRIER",
"acquiredAttributes$DeviceType$deviceType": "desktop",
"acquiredAttributes$WorkflowTransactionStageAttempt$Count": "1",
"userAssertionList$Experian Precise ID$test.fraudulentActivityAddress": "pass",
"userAssertionList$Experian Precise ID$link.fullName_address": "pass",
"userAssertionList$Experian Precise ID$link.lastName_address": "pass",
"userAssertionList$Experian Precise ID$test.addressIsResidential": "pass",
"userAssertionList$Experian Precise ID$test.address90DaysOld": "pass",
"userAssertionList$Experian Precise ID$test.fileOneAddressMatch": "pass",
"userAssertionList$Experian Precise ID$test.noAddressConflicts": "pass",
"userAssertionList$Experian Precise ID$link.lastName_phone": "fail",
"userAssertionList$Experian Precise ID$link.phone_address": "fail",
"userAssertionList$Experian Precise ID$link.fullName_phone": "fail",
"userAssertionList$Boku - International Mobile Carrier Reverse Lookup$link.phone_zip": "pass",
"userAssertionList$Boku - International Mobile Carrier Reverse Lookup$test.lastPortGT14days": "unverified",
"userAssertionList$Boku - International Mobile Carrier Reverse Lookup$test.phone_landline_mobile_personal": "pass",
"userAssertionList$Boku - International Mobile Carrier Reverse Lookup$test.lastPortGT30days": "unverified",
"userAssertionList$Boku - International Mobile Carrier Reverse Lookup$test.phoneActive": "pass",
"userAssertionList$Boku - International Mobile Carrier Reverse Lookup$link.lastName_phone": "pass",
"userAssertionList$Boku - International Mobile Carrier Reverse Lookup$link.phone_state": "pass",
"userAssertionList$Boku - International Mobile Carrier Reverse Lookup$link.phone_address": "pass",
"userAssertionList$Boku - International Mobile Carrier Reverse Lookup$link.fullName_phone": "pass",
"userAttributes$PINDeliveryPreference$pindeliverypreference": "sms",
"userAssertionList$IDDataWeb International Phone PIN Service$test.device": "pass"
}
Query String Token Authentication
Webhook integrations that rely on bearer tokens (e.g. using OneTrust for a DSAR use case) need to use query string token authentication; a bearer token should be set to the maximum expiry acceptable to you and appended to the end of your webhook URL in the following fashion:
https://onetrust.com/integrationmanager/api/v1/webhook/dd4b3e6c-5fad-493c-b6f3-b82e35664147?-Authorization=Bearer%20ABClLiY2OHXkZGNtNGOpZDhyMGT3M2YuRTNjeSBlNbv5UTB1950clSuNVMVlcidUtZr3aMbFpIuDlJMjlkTho=
Updated 3 days ago