Event Subscription Types
Webhooks allow RiskOS™ to notify your application in real-time when specific events occur. This page provides a comprehensive guide to configuring and understanding all available webhook event types.
Overview
A webhook is a REST API endpoint that you provide and configure to receive event notifications from RiskOS™. When events like decision updates or case assignments occur, RiskOS™ will send an HTTP POST request to your registered webhook endpoint with the event data.
Related topics
Quick reference
| Event Type | Description | Trigger |
|---|---|---|
| EVALUATION EVENTS | ||
evaluation_completed | Evaluation processing completed. | Asynchronous evaluation or manual case completion. |
evaluation_paused | Evaluation processing paused. | Asynchronous evaluation paused. |
reevaluation | Case reevaluated. | Case rerun in Case Management. |
workflow_execution_failed | Evaluation execution failed. | Server errors, payload issues, or similar failures. |
| CASE MANAGEMENT EVENTS | ||
decision_update | Decision updated in Case Management. | Manual reviewer decision (for example, approve, decline, or review). |
fraud_confirming | Case marked as fraud or non-fraud. | Fraud confirmation in Case Management. |
review_case_assigned | Case assigned to a reviewer. | Case assignment in Case Management. |
review_case_unassigned | Case unassigned from a reviewer. | Case unassignment in Case Management. |
case_status_updated | Case status updated. | Status update (for example, “Awaiting documentation”). |
case_notes_added | Notes added to a case. | New note added in Case Management. |
case_attachment_added | Attachments added to a case. | New files uploaded to a case. |
Common fields
| Field | Type | Description |
|---|---|---|
event_id | String | Unique identifier for the webhook event. |
event_at | String <Date-Time> | RFC 3339 timestamp when the event was created. |
event_type | String | Type of event (see table above). |
data | Object | Event-specific payload data included in the webhook body. |
Evaluation events
Note:
This evaluation events are only sent for asynchronous workflows. If you haven't been explicitly told your workflows are asynchronous, assume they are synchronous.
evaluation_completed
evaluation_completedThis event can be triggered when any of the following occur:
- An asynchronous evaluation finishes processing.
- A manually created case completes processing.
- Document verification (DocV) completes.
- Any paused evaluation resumes and completes.
Payload schema
| Field | Type | Always Present | Explanation |
|---|---|---|---|
id | String | Yes | Customer-provided identifier for the evaluation event (for example, user_123, application_456). |
workflow | String | Yes | Workflow name corresponding to the evaluation use case as configured in RiskOS™. |
workflow_id | String | Yes | Unique identifier (UUID) for the workflow. |
workflow_version | String | Yes | Version number of the executed workflow. |
eval_id | String | Yes | RiskOS™-generated unique ID for the evaluation. |
eval_start_time | String <Date-Time> | Yes | RFC 3339 timestamp indicating when the evaluation started. |
eval_end_time | String <Date-Time> | Yes | RFC 3339 timestamp indicating when the evaluation completed. |
decision | String | Yes | Final decision outcome (for example, APPROVE, DECLINE, or REVIEW). |
decision_at | String <Date-Time> | Yes | RFC 3339 timestamp when the decision was finalized. |
status | String | Yes | Current case status (for example, OPEN, CLOSED). |
sub_status | String | Yes | Current case sub-status (for example, Surveillance, Approved). |
score | Number | No | Risk score associated with the evaluation (0–100, if available). |
eval_source | String | Yes | Source of the evaluation (for example, API, Manual, Rerun). |
evaluation_status | String | Yes | Always "evaluation_completed" for this event. |
environment_name | String | Yes | Environment in which the evaluation was performed (for example, Sandbox, Production). |
reason_codes | Array of Strings | Yes | Codes explaining the evaluation decision. |
tags | Array of Strings | Yes | Tags associated with the evaluation. |
notes | String | No | Additional notes related to the evaluation. |
review_queues | Array of Strings | Yes | Names of the review queues assigned to the evaluation. |
data_enrichments | Array of Objects | Yes | Third-party data enrichment results linked to the evaluation. |
Example payload
{
"event_id": "336ccd2a-b3a8-49a8-b2cc-89a4ae90feeb",
"event_at": "2025-08-27T16:16:23.104744158Z",
"event_type": "evaluation_completed",
"data": {
"id": "test-1245",
"workflow": "consumer_onboarding",
"workflow_id": "673dd085-3daf-4c6c-be67-d399933a9fec",
"workflow_version": "1.0.0",
"eval_end_time": "2025-08-27T16:16:23.098709942Z",
"eval_id": "8770e076-f568-48a9-8201-dca13087e592",
"eval_start_time": "2025-08-27T16:16:17.969951775Z",
"decision": "REVIEW",
"decision_at": "2025-08-27T16:16:23.096676037Z",
"status": "OPEN",
"sub_status": "Surveillance",
"score": 39,
"environment_name": "Sandbox",
"tags": [
"test"
],
"eval_source": "API",
"evaluation_status": "evaluation_completed",
"notes": "Test Notes",
"review_queues": [
"Default Queue"
],
"data_enrichments": [
{
"enrichment_endpoint": "https://example-endpoint",
"enrichment_name": "ExampleThirdParty",
"enrichment_provider": "ExampleProvider",
"status_code": 200,
"is_source_cache": false,
"total_attempts": 1,
"error_message": "",
"request": {
"example_email": "[email protected]",
"example_name": "John Doe",
"example_number": 21,
"example_string": "string"
},
"response": {
"example_boolean": true,
"example_list": [
{
"example_number": 99,
"example_string": "Email"
},
{
"example_number": 78,
"example_string": "SSN"
}
],
"example_string": "string"
}
}
]
}
}evaluation_paused
evaluation_pausedThis event can be triggered when any of the following occur:
- An asynchronous evaluation needs additional input (e.g., One-Time Passcode verification).
- Document verification is waiting for user to upload documents.
- Workflow requires manual intervention before proceeding.
Payload Schema
Similar to
evaluation_completed, but witheval_status: "evaluation_paused"and limited data.
| Field | Type | Always Present | Explanation |
|---|---|---|---|
id | String | Yes | Customer-provided identifier for the evaluation event. |
workflow | String | Yes | Workflow name corresponding to the evaluation use case as configured in RiskOS™. |
workflow_id | String | Yes | Unique identifier (UUID) for the workflow. |
workflow_version | String | Yes | Version number of the executed workflow. |
eval_id | String | Yes | RiskOS™-generated unique ID for the evaluation. |
eval_start_time | String <Date-Time> | Yes | RFC 3339 timestamp indicating when the evaluation started. |
eval_end_time | String <Date-Time> | Yes | RFC 3339 timestamp indicating when the evaluation was paused. |
decision | String | Yes | Current decision state for the evaluation. |
decision_at | String <Date-Time> | Yes | RFC 3339 timestamp when the current decision was made. |
status | String | Yes | Current case status. |
sub_status | String | Yes | Current case sub-status. |
eval_source | String | Yes | Source of the evaluation (for example, API, Manual, Rerun). |
eval_status | String | Yes | Always "evaluation_paused". |
environment_name | String | Yes | Environment in which the evaluation was performed (for example, Sandbox, Production). |
tags | Array of Strings | Yes | Tags associated with the evaluation. |
notes | String | No | Additional notes related to the evaluation. |
review_queues | Array of Strings | Yes | Names of the review queues assigned to the evaluation. |
data_enrichments | Array of Objects | Yes | Data enrichment results available for the evaluation. |
Example payload
{
"event_id": "336ccd2a-b3a8-49a8-b2cc-89a4ae90feeb",
"event_at": "2025-10-22T13:04:11.468831296Z",
"event_type": "evaluation_paused",
"data": {
"id": "test-1245",
"workflow": "consumer_onboarding",
"workflow_id": "673dd085-3daf-4c6c-be67-d399933a9fec",
"workflow_version": "1.0.0",
"environment_name": "Sandbox",
"eval_end_time": "2025-10-22T12:18:35.89984723Z",
"eval_id": "8770e076-f568-48a9-8201-dca13087e592",
"eval_start_time": "2025-10-22T12:18:32.054994008Z",
"decision": "REVIEW",
"decision_at": "2023-09-14T07:46:55.956247Z",
"status": "OPEN",
"sub_status": "Surveillance",
"tags": [
"test"
],
"eval_source": "API",
"eval_status": "evaluation_paused",
"notes": "Test Notes",
"review_queues": [
"Default Queue"
],
"data_enrichments": [
{
"..."
}
]
}
}reevaluation
reevaluationThis event can be triggered when any of the following occur:
- A case is manually rerun from Case Management.
- Workflow rules are updated and cases need re-processing.
- Additional data becomes available and case needs fresh evaluation.
Payload schema
The payload structure is identical to [evaluation_completed](https://help.socure.com/riskosdocs/webhook-events#evaluation_completed) but with eval_source: "Rerun".
Example payload
{
"event_id": "336ccd2a-b3a8-49a8-b2cc-89a4ae90feeb",
"event_at": "2023-09-14T07:46:55.956522Z",
"event_type": "reevaluation",
"data": {
"id": "test-1245",
"workflow": "consumer_onboarding",
"workflow_id": "673dd085-3daf-4c6c-be67-d399933a9fec",
"workflow_version": "1.0.0",
"eval_id": "8770e076-f568-48a9-8201-dca13087e592",
"eval_at": "2023-09-14T07:46:55.956247Z",
"decision": "REVIEW",
"decision_at": "2023-09-14T07:46:55.956247Z",
"status": "OPEN",
"sub_status": "Surveillance",
"reason_codes": [
"test"
],
"tags": [
"test"
],
"eval_source": "Rerun",
"evaluation_status": "evaluation_completed",
"notes": "Test Notes",
"review_queues": [
"Default Queue"
],
"data_enrichments": [
{
"..."
}
]
}
}workflow_execution_failed
workflow_execution_failedTriggered when an evaluation fails to execute due to errors (for example, server errors, payload issues, etc.).
Payload schema
| Field | Type | Always Present | Explanation |
|---|---|---|---|
id | String | Yes | Customer provided identifier for the evaluation event like application_id. |
workflow | String | Yes | Workflow name corresponding to the evaluation use-case as configured in the RiskOS™ Dashboard. |
eval_id | String | Yes | RiskOS™ generated unique ID for the evaluation. |
workflow_version | String | Yes | Version number associated with the executed workflow. |
timestamp | String <Date-Time> | Yes | RFC 3339 date-time string received in the request payload. |
host | String | Yes | Internal host that handled the evaluation. |
error_message | String | Yes | Error message describing the reason for the failure. |
Example payload
{
"event_id": "d18f58ef-1be3-4c8d-baf6-7f6ba3517514",
"event_at": "2023-09-14T07:46:55.955755Z",
"event_type": "workflow_execution_failed",
"data": {
"id": "d2931d8e-6093-449a-9d9c-90db12acc2bb",
"workflow": "consumer_onboarding",
"eval_id": "577fad68-90e7-462f-8e47-8c8e015beca8",
"workflow_version": "1.0.0",
"timestamp": "2023-09-14T07:46:55.956194Z",
"host": "10.12.0.1",
"error_message": "binding failed for payload"
}
}Case Management events
decision_update
decision_updateTriggered when a reviewer makes a decision change in Case Management (for example, approving a case that was in manual review).
Payload schema
| Field | Type | Always Present | Explanation |
|---|---|---|---|
id | String | Yes | Customer-provided identifier for the evaluation event (for example, application_id). |
workflow | String | Yes | Workflow name corresponding to the evaluation use case as configured in the RiskOS™ Dashboard. |
eval_id | String | Yes | RiskOS™-generated unique ID for the evaluation. |
reviewer_id | String | Yes | Email address of the reviewer. |
decision | String | Yes | Decision outcome (for example, APPROVE, DECLINE, or REVIEW). |
decision_at | String <Date-Time> | Yes | RFC 3339 timestamp when the decision was made. |
status | String | Yes | New case status. |
sub_status | String | Yes | New case sub-status. |
decision_queue | String | Yes | Name of the review queue from which the decision was made. |
reason_codes | Array of Strings | Yes | Reason codes associated with the decision. |
tags | Array of Strings | Yes | Tags associated with the decision. |
notes | String | No | Notes associated with the decision update. |
attachments | Array of Strings | No | Names of the attachments added with the decision update. |
Example payload
{
"event_id": "7141da2d-7c41-4330-b1e0-905a2119e2fa",
"event_at": "2023-09-14T07:46:55.956011Z",
"event_type": "decision_update",
"data": {
"id": "787d4df8-7d17-47fe-bbce-668ba19b7b1d",
"workflow": "consumer_onboarding",
"eval_id": "d3a15e54-ed6b-43f5-8fea-8f6370cc89d9",
"reviewer_id": "[email protected]",
"decision": "DECLINE",
"decision_at": "2023-09-14T07:46:55.955937Z",
"status": "CLOSED",
"sub_status": "Decline",
"decision_queue": "Default Queue",
"environment_name": "Sandbox",
"reason_codes": [
"test"
],
"tags": [
"test"
],
"notes": "Test notes",
"attachments": [
"test_webhook.txt"
]
}
}review_case_assigned
review_case_assignedTriggered when a case is assigned to a reviewer in Case Management (for example, a reviewer assigned a case to themselves or to a peer reviewer).
Payload schema
| Field | Type | Always Present | Explanation |
|---|---|---|---|
id | String | Yes | Customer provided identifier for the evaluation event like application_id. |
workflow | String | Yes | Workflow name corresponding to the evaluation use-case as configured in RiskOS™ Dashboard. |
eval_id | String | Yes | RiskOS™ generated unique ID for the evaluation. |
reviewer_id | String | Yes | Email ID of the reviewer to whom the case is assigned. |
queue_name | String | Yes | Name of the review queue from which the case assignment is performed. |
updated_by | String | Yes | Email ID of the reviewer by whom the case assignment is performed. |
updated_at | String <Date-Time> | Yes | RFC 3339 date-time string at which the case assignment is performed. |
Example payload
{
"event_id": "794cdb80-7aa4-4263-9001-89a8ed40805c",
"event_at": "2023-09-14T07:46:55.955656Z",
"event_type": "review_case_assigned",
"data": {
"id": "abc-test-123",
"workflow": "consumer_onboarding",
"eval_id": "a21a6886-aad0-46aa-992b-32d790f553b8",
"reviewer_id": "[email protected]",
"queue_name": "Default Queue",
"updated_at": "2023-09-14T07:46:55.955506Z",
"updated_by": "[email protected]",
"environment_name": "Sandbox"
}
}review_case_unassigned
review_case_unassignedTriggered when a case is unassigned from a reviewer in Case Management (for example, a reviewer un-assigned from a peer reviewer).
Payload schema
| Field | Type | Always Present | Explanation |
|---|---|---|---|
id | String | Yes | Customer provided identifier for the evaluation event like application_id. |
workflow | String | Yes | Workflow name corresponding to the evaluation use-case as configured in RiskOS™ Dashboard. |
eval_id | String | Yes | RiskOS™ generated unique ID for the evaluation. |
reviewer_id | String | Yes | Email ID of the reviewer from whom the case is unassigned. |
queue_name | String | Yes | Name of the review queue from which the case unassignment is performed. |
updated_by | String | Yes | Email ID of the reviewer by whom the case unassignment is performed. |
updated_at | String <Date-Time> | Yes | RFC 3339 date-time string at which the case unassignment is performed. |
Example payload
{
"event_id": "794cdb80-7aa4-4263-9001-89a8ed40805c",
"event_at": "2023-09-14T07:46:55.955656Z",
"event_type": "review_case_unassigned",
"data": {
"id": "abc-test-123",
"workflow": "consumer_onboarding",
"eval_id": "a21a6886-aad0-46aa-992b-32d790f553b8",
"reviewer_id": "[email protected]",
"queue_name": "Default Queue",
"updated_at": "2023-09-14T07:46:55.955506Z",
"updated_by": "[email protected]",
"environment_name": "Sandbox"
}
}case_status_updated
case_status_updatedTriggered when a case status is updated in Case Management (for example, a reviewer makes a manual decision and moves a case into another status, such as "Awaiting documentation").
Payload schema
| Field | Type | Always Present | Explanation |
|---|---|---|---|
id | String | Yes | Customer provided identifier for the evaluation event like application_id. |
workflow | String | Yes | Workflow name corresponding to the evaluation use-case as configured in RiskOS™ Dashboard. |
eval_id | String | Yes | RiskOS™ generated unique ID for the evaluation. |
reviewer_id | String | Yes | Email ID of the reviewer of the case. |
decision | String | Yes | Decision. |
decision_at | String <Date-Time> | Yes | RFC 3339 date-time string at which the decision was taken. |
status | String | Yes | The new status of the case. |
sub_status | String | Yes | The new sub-status of the case. |
updated_at | String <Date-Time> | Yes | RFC 3339 date-time string at which the status update occurred. Same as decision_at in a Case Status Update. |
decision_queue | String | Yes | Name of the review queue from which the decision was taken. |
reason_codes | Array of Strings | Yes | Reason codes for the status update. |
tags | Array of Strings | Yes | Tags for the status update. |
notes | String | No | Notes associated with the status update. |
attachments | Array of Strings | No | Names of the attachments added with the status update. |
Example payload
{
"event_id": "82ef8e08-24b4-42c6-9e27-f7b9aa892c58",
"event_at": "2023-09-14T07:46:55.956104Z",
"event_type": "case_status_updated",
"data": {
"id": "abc-test-123",
"workflow": "consumer_onboarding",
"eval_id": "d3a15e54-ed6b-43f5-8fea-8f6370cc89d9",
"reviewer_id": "[email protected]",
"decision": "REVIEW",
"decision_at": "2023-09-14T07:46:55.956018Z",
"status": "OPEN",
"sub_status": "Awaiting Documentation",
"updated_at": "2023-09-14T07:46:55.956018Z",
"decision_queue": "Default Queue",
"environment_name": "Sandbox",
"reason_codes": [
"test"
],
"tags": [
"test"
],
"notes": "test webhook",
"attachments": [
"test_webhook.txt"
]
}
}case_notes_added
case_notes_addedTriggered when notes are added to a case in Case Management (for example, a reviewer adds a new note to a case. Reviewer may also add attachments along with the case notes). A reviewer may also add attachments along with the case notes.
Payload schema
| Field | Type | Always Present | Explanation |
|---|---|---|---|
id | String | Yes | Customer provided identifier for the evaluation event like application_id. |
workflow | String | Yes | Workflow name corresponding to the evaluation use-case as configured in RiskOS™ Dashboard. |
eval_id | String | Yes | RiskOS™ generated unique ID for the evaluation. |
reviewer_id | String | Yes | Email ID of the reviewer of the case. |
updated_at | String <Date-Time> | Yes | RFC 3339 date-time string at which the status update was performed. Same as decision_at in a Case Status Update. |
notes | String | Yes | Notes associated with the status update. |
attachments | Array of Strings | No | Names of the attachments added with the status update. |
Example payload
{
"event_id": "17152e9c-609f-4dd3-b516-1cf094464b1c",
"event_at": "2023-09-14T07:46:55.955929Z",
"event_type": "case_notes_added",
"data": {
"id": "abc-test-123",
"workflow": "consumer_onboarding",
"eval_id": "449edcec-9423-4725-8e5f-c7dfd6a9b827",
"reviewer_id": "[email protected]",
"updated_at": "2023-09-14T07:46:55.955872Z",
"notes": "test webhook",
"environment_name": "Sandbox",
"attachments": [
"test_webhook.txt"
]
}
}case_attachment_added
case_attachment_addedTriggered when attachments are added to a case in case management (for example, a reviewer adds new attachments to a case).
Payload schema
| Field | Type | Always Present | Explanation |
|---|---|---|---|
id | String | Yes | Customer provided identifier for the evaluation event like application_id. |
workflow | String | Yes | Workflow name corresponding to the evaluation use-case as configured in RiskOS™ Dashboard. |
eval_id | String | Yes | RiskOS™ generated unique ID for the evaluation. |
reviewer_id | String | Yes | Email ID of the reviewer of the case. |
updated_at | String <Date-Time> | Yes | RFC 3339 date-time string at which the status update was performed. Same as decision_at in a Case Status Update. |
attachments | Array of Strings | Yes | Names of the attachments added with the status update. |
Example payload
{
"event_id": "d18f58ef-1be3-4c8d-baf6-7f6ba3517514",
"event_at": "2023-09-14T07:46:55.955755Z",
"event_type": "case_attachment_added",
"data": {
"id": "abc-test-123",
"workflow": "consumer_onboarding",
"eval_id": "aafe72aa-2921-40f4-a72c-7eedc9d62c4b",
"reviewer_id": "[email protected]",
"updated_at": "2023-09-14T07:46:55.955699Z",
"environment_name": "Sandbox",
"attachments": [
"test_webhook.txt"
]
}
}fraud_confirming
fraud_confirmingTriggered when a case is marked as fraud or non-fraud in case management (for example, a reviewer marks a case fraud or non-fraud).
Payload schema
| Field | Type | Always Present | Explanation |
|---|---|---|---|
id | String | Yes | Customer provided identifier for the evaluation event like application_id. |
workflow | String | Yes | Workflow name corresponding to the evaluation use-case as configured in RiskOS™ Dashboard. |
fraud_label | String | Yes | Fraud label: either fraud or non-fraud. |
fraud_type | String | No | User-defined fraud types. |
notes | String | No | Additional notes to be added when marking a case as fraud or non-fraud. |
tags | Array of Strings | No | Tags associated with the fraud confirmation. |
recorded_by | String | No | Fraud response team member who recorded the fraud at the customer end. |
recorded_at | String <Date-Time> | No | RFC 3339 date-time string when the fraud feedback was recorded at the customer end. |
created_by | String | Yes | Fraud response team member who recorded the fraud in RiskOS™. |
created_at | String <Date-Time> | Yes | RFC 3339 date-time string when the fraud feedback was created in RiskOS™. |
Example payload
{
"event_id": "624102b9-603a-4505-8bd3-121aafb2bd60",
"event_at": "2023-09-14T07:46:55.956183Z",
"event_type": "fraud_confirming",
"data": {
"id": "547ff93f-43d4-46dc-bc10-39d3011f62e9",
"workflow": "consumer_onboarding",
"fraud_label": "fraud",
"fraud_type": "synthetic",
"notes": "Dummy confirmed fraud for testing",
"tags": [
"test"
],
"recorded_by": "[email protected]",
"environment_name": "Sandbox",
"recorded_at": "2023-09-14T07:46:55.956111Z",
"created_by": "[email protected]",
"created_at": "2023-09-14T07:46:55.956111Z"
}
}Updated 3 months ago