When creating a batch request, provide a callbackUrl (HTTPS required) and callbackSecret (min 16 characters). Results are delivered to your URL as each document is processed.
Webhooks
Receive real-time results for batch verification requests via HTTPS webhooks.
Setup
Verifying Signatures
Every webhook includes an X-Veriscor-Signature header. Always verify before processing:
javascript
const crypto = require('crypto');
function verifyWebhook(body, signature, secret) {
const expected = 'sha256=' + crypto
.createHmac('sha256', secret)
.update(body)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}python
import hmac, hashlib
def verify_webhook(body: bytes, signature: str, secret: str) -> bool:
expected = 'sha256=' + hmac.new(
secret.encode(), body, hashlib.sha256
).hexdigest()
return hmac.compare_digest(signature, expected)Retry Policy
Failed deliveries (non-2xx response) are retried:
- 1st retry: 1 minute after failure
- 2nd retry: 5 minutes after 1st retry
- 3rd retry: 30 minutes after 2nd retry
After 3 failures, the delivery is marked as exhausted and you will receive an email notification at the address associated with your account.
Headers
| Header | Description |
|---|---|
| X-Veriscor-Signature | HMAC-SHA256 signature: sha256=<hex> |
| X-Veriscor-Delivery | Unique delivery ID for deduplication |