Webhook Event Reference
Complete reference for all RiskOS™ webhook event types, including payload schemas and example responses.
Quick reference
| Event Type | Description | Trigger |
|---|---|---|
| EVALUATION EVENTS | ||
evaluation_completed | Evaluation processing completed. | Asynchronous evaluation or manual case completion. |
evaluation_paused | Evaluation processing paused. | Asynchronous evaluation paused. |
reevaluation | Case reevaluated. | Case rerun in Case Management. |
workflow_execution_failed | Evaluation execution failed. | Server errors, payload issues, or similar failures. |
| CASE MANAGEMENT EVENTS | ||
decision_update | Decision updated in Case Management. | Manual reviewer decision (for example, accept, reject, or review). |
fraud_confirming | Case marked as fraud or non-fraud. | Fraud confirmation in Case Management. |
review_case_assigned | Case assigned to a reviewer. | Case assignment in Case Management. |
review_case_unassigned | Case unassigned from a reviewer. | Case unassignment in Case Management. |
case_status_updated | Case status updated. | Status update (for example, “Awaiting documentation”). |
case_notes_added | Notes added to a case. | New note added in Case Management. |
case_attachment_added | Attachments added to a case. | New files uploaded to a case. |
Common fields
| Field | Type | Description |
|---|---|---|
event_id | String | Unique identifier for the webhook event. |
event_at | String <Date-Time> | RFC 3339 timestamp when the event was created. |
event_type | String | Type of event (see table above). |
data | Object | Event-specific payload data included in the webhook body. |
Evaluation events
Note:
This evaluation events are only sent for asynchronous workflows. If you haven't been explicitly told your workflows are asynchronous, assume they are synchronous. Evaluation webhook payloads share the same structure as Evaluation API responses.
evaluation_completed
evaluation_completedThis event occurs when any of the following happen:
- An asynchronous evaluation finishes processing.
- A manually created case completes processing.
- Document verification (DocV) completes.
- Any paused evaluation resumes and completes.
Payload schema
| Field | Type | Always Present | Explanation |
|---|---|---|---|
id | String | Yes | Customer-provided identifier for the evaluation event (for example, user_123, application_456). |
workflow | String | Yes | Workflow name corresponding to the evaluation use case as configured in RiskOS™. |
workflow_id | String | Yes | Unique identifier (UUID) for the workflow. |
workflow_version | String | Yes | Version number of the executed workflow. |
eval_id | String | Yes | RiskOS™-generated unique ID for the evaluation. |
eval_start_time | String <Date-Time> | Yes | RFC 3339 timestamp indicating when the evaluation started. |
eval_end_time | String <Date-Time> | Yes | RFC 3339 timestamp indicating when the evaluation completed. |
decision | String | Yes | Final decision outcome (for example, ACCEPT, REJECT, or REVIEW). |
decision_at | String <Date-Time> | Yes | RFC 3339 timestamp when the decision was finalized. |
status | String | Yes | Current case status (for example, OPEN, CLOSED). |
sub_status | String | Yes | Current case sub-status (for example, Surveillance, Approved). |
score | Number | No | Risk score associated with the evaluation (0–100, if available). |
eval_source | String | Yes | Source of the evaluation (for example, API, Manual, Rerun). |
evaluation_status | String | Yes | Always "evaluation_completed" for this event. |
environment_name | String | Yes | Environment in which the evaluation was performed (for example, Sandbox, Production). |
reason_codes | Array of Strings | Yes | Codes explaining the evaluation decision. |
tags | Array of Strings | Yes | Tags associated with the evaluation. |
notes | String | No | Additional notes related to the evaluation. |
review_queues | Array of Strings | Yes | Names of the review queues assigned to the evaluation. |
data_enrichments | Array of Objects | Yes | Third-party data enrichment results linked to the evaluation. |
Example payload
{
"event_id": "336ccd2a-b3a8-49a8-b2cc-89a4ae90feeb",
"event_at": "2025-08-27T16:16:23.104744158Z",
"event_type": "evaluation_completed",
"data": {
"id": "test-1245",
"workflow": "consumer_onboarding",
"workflow_id": "673dd085-3daf-4c6c-be67-d399933a9fec",
"workflow_version": "1.0.0",
"eval_end_time": "2025-08-27T16:16:23.098709942Z",
"eval_id": "8770e076-f568-48a9-8201-dca13087e592",
"eval_start_time": "2025-08-27T16:16:17.969951775Z",
"decision": "REVIEW",
"decision_at": "2025-08-27T16:16:23.096676037Z",
"status": "OPEN",
"sub_status": "Surveillance",
"score": 39,
"environment_name": "Sandbox",
"tags": [
"test"
],
"eval_source": "API",
"evaluation_status": "evaluation_completed",
"notes": "Test Notes",
"review_queues": [
"Default Queue"
],
"data_enrichments": [
{
"enrichment_endpoint": "https://example-endpoint",
"enrichment_name": "ExampleThirdParty",
"enrichment_provider": "ExampleProvider",
"status_code": 200,
"is_source_cache": false,
"total_attempts": 1,
"error_message": "",
"request": {
"example_email": "[email protected]",
"example_name": "John Doe",
"example_number": 21,
"example_string": "string"
},
"response": {
"example_boolean": true,
"example_list": [
{
"example_number": 99,
"example_string": "Email"
},
{
"example_number": 78,
"example_string": "SSN"
}
],
"example_string": "string"
}
}
]
}
}evaluation_paused
evaluation_pausedThis event can be triggered when any of the following occur:
- An asynchronous evaluation needs additional input (for example, One-Time Passcode (OTP) verification).
- Document verification is waiting for user to upload documents.
- Workflow requires manual intervention before proceeding.
Payload schema
Similar to
evaluation_completed, but witheval_status: "evaluation_paused"and limited data.
| Field | Type | Always Present | Explanation |
|---|---|---|---|
id | String | Yes | Customer-provided identifier for the evaluation event. |
workflow | String | Yes | Workflow name corresponding to the evaluation use case as configured in RiskOS™. |
workflow_id | String | Yes | Unique identifier (UUID) for the workflow. |
workflow_version | String | Yes | Version number of the executed workflow. |
eval_id | String | Yes | RiskOS™-generated unique ID for the evaluation. |
eval_start_time | String <Date-Time> | Yes | RFC 3339 timestamp indicating when the evaluation started. |
eval_end_time | String <Date-Time> | Yes | RFC 3339 timestamp indicating when the evaluation was paused. |
decision | String | Yes | Current decision state for the evaluation. |
decision_at | String <Date-Time> | Yes | RFC 3339 timestamp when the current decision was made. |
status | String | Yes | Current case status. |
sub_status | String | Yes | Current case sub-status. |
eval_source | String | Yes | Source of the evaluation (for example, API, Manual, Rerun). |
eval_status | String | Yes | Always "evaluation_paused". |
environment_name | String | Yes | Environment in which the evaluation was performed (for example, Sandbox, Production). |
tags | Array of Strings | Yes | Tags associated with the evaluation. |
notes | String | No | Additional notes related to the evaluation. |
review_queues | Array of Strings | Yes | Names of the review queues assigned to the evaluation. |
data_enrichments | Array of Objects | Yes | Data enrichment results available for the evaluation. |
Example payload
{
"event_id": "336ccd2a-b3a8-49a8-b2cc-89a4ae90feeb",
"event_at": "2025-10-22T13:04:11.468831296Z",
"event_type": "evaluation_paused",
"data": {
"id": "test-1245",
"workflow": "consumer_onboarding",
"workflow_id": "673dd085-3daf-4c6c-be67-d399933a9fec",
"workflow_version": "1.0.0",
"environment_name": "Sandbox",
"eval_end_time": "2025-10-22T12:18:35.89984723Z",
"eval_id": "8770e076-f568-48a9-8201-dca13087e592",
"eval_start_time": "2025-10-22T12:18:32.054994008Z",
"decision": "REVIEW",
"decision_at": "2023-09-14T07:46:55.956247Z",
"status": "OPEN",
"sub_status": "Surveillance",
"tags": [
"test"
],
"eval_source": "API",
"eval_status": "evaluation_paused",
"notes": "Test Notes",
"review_queues": [
"Default Queue"
],
"data_enrichments": [
{
"..."
}
]
}
}reevaluation
reevaluationThis event occurs when any of the following happen:
- A case is manually rerun from Case Management.
- Workflow rules are updated and cases need re-processing.
- Additional data becomes available and case needs fresh evaluation.
Payload schema
The payload structure is identical to [evaluation_completed](https://help.socure.com/riskosdocs/webhook-events#evaluation_completed) but with eval_source: "Rerun".
Example payload
{
"event_id": "336ccd2a-b3a8-49a8-b2cc-89a4ae90feeb",
"event_at": "2023-09-14T07:46:55.956522Z",
"event_type": "reevaluation",
"data": {
"id": "test-1245",
"workflow": "consumer_onboarding",
"workflow_id": "673dd085-3daf-4c6c-be67-d399933a9fec",
"workflow_version": "1.0.0",
"eval_id": "8770e076-f568-48a9-8201-dca13087e592",
"eval_at": "2023-09-14T07:46:55.956247Z",
"decision": "REVIEW",
"decision_at": "2023-09-14T07:46:55.956247Z",
"status": "OPEN",
"sub_status": "Surveillance",
"reason_codes": [
"test"
],
"tags": [
"test"
],
"eval_source": "Rerun",
"evaluation_status": "evaluation_completed",
"notes": "Test Notes",
"review_queues": [
"Default Queue"
],
"data_enrichments": [
{
"..."
}
]
}
}workflow_execution_failed
workflow_execution_failedTriggered when an evaluation fails to execute due to errors (for example, server errors, payload issues, etc.).
Payload schema
| Field | Type | Always Present | Explanation |
|---|---|---|---|
id | String | Yes | Customer provided identifier for the evaluation event like application_id. |
workflow | String | Yes | Workflow name corresponding to the evaluation use-case as configured in the RiskOS™ Dashboard. |
eval_id | String | Yes | RiskOS™ generated unique ID for the evaluation. |
workflow_version | String | Yes | Version number associated with the executed workflow. |
timestamp | String <Date-Time> | Yes | RFC 3339 date-time string received in the request payload. |
host | String | Yes | Internal host that handled the evaluation. |
error_message | String | Yes | Error message describing the reason for the failure. |
Example payload
{
"event_id": "d18f58ef-1be3-4c8d-baf6-7f6ba3517514",
"event_at": "2023-09-14T07:46:55.955755Z",
"event_type": "workflow_execution_failed",
"data": {
"id": "d2931d8e-6093-449a-9d9c-90db12acc2bb",
"workflow": "consumer_onboarding",
"eval_id": "577fad68-90e7-462f-8e47-8c8e015beca8",
"workflow_version": "1.0.0",
"timestamp": "2023-09-14T07:46:55.956194Z",
"host": "10.12.0.1",
"error_message": "binding failed for payload"
}
}Case Management events
decision_update
decision_updateTriggered when a reviewer makes a decision change in Case Management (for example, approving a case that was in manual review).
Payload schema
| Field | Type | Always Present | Explanation |
|---|---|---|---|
id | String | Yes | Customer-provided identifier for the evaluation event (for example, application_id). |
workflow | String | Yes | Workflow name corresponding to the evaluation use case as configured in the RiskOS™ Dashboard. |
eval_id | String | Yes | RiskOS™-generated unique ID for the evaluation. |
reviewer_id | String | Yes | Email address of the reviewer. |
decision | String | Yes | Decision outcome (for example, ACCEPT, REJECT, or REVIEW). |
decision_at | String <Date-Time> | Yes | RFC 3339 timestamp when the decision was made. |
status | String | Yes | New case status. |
sub_status | String | Yes | New case sub-status. |
decision_queue | String | Yes | Name of the review queue from which the decision was made. |
reason_codes | Array of Strings | Yes | Reason codes associated with the decision. |
tags | Array of Strings | Yes | Tags associated with the decision. |
notes | String | No | Notes associated with the decision update. |
attachments | Array of Strings | No | Names of the attachments added with the decision update. |
Example payload
{
"event_id": "7141da2d-7c41-4330-b1e0-905a2119e2fa",
"event_at": "2023-09-14T07:46:55.956011Z",
"event_type": "decision_update",
"data": {
"id": "787d4df8-7d17-47fe-bbce-668ba19b7b1d",
"workflow": "consumer_onboarding",
"eval_id": "d3a15e54-ed6b-43f5-8fea-8f6370cc89d9",
"reviewer_id": "[email protected]",
"decision": "REJECT",
"decision_at": "2023-09-14T07:46:55.955937Z",
"status": "CLOSED",
"sub_status": "Decline",
"decision_queue": "Default Queue",
"environment_name": "Sandbox",
"reason_codes": [
"test"
],
"tags": [
"test"
],
"notes": "Test notes",
"attachments": [
"test_webhook.txt"
]
}
}review_case_assigned
review_case_assignedTriggers when a case is assigned to a reviewer in Case Management (for example, a reviewer assigned a case to themselves or to a peer reviewer).
Payload schema
| Field | Type | Always Present | Explanation |
|---|---|---|---|
id | String | Yes | Customer provided identifier for the evaluation event like application_id. |
workflow | String | Yes | Workflow name corresponding to the evaluation use-case as configured in RiskOS™ Dashboard. |
eval_id | String | Yes | RiskOS™ generated unique ID for the evaluation. |
reviewer_id | String | Yes | Email ID of the reviewer to whom the case is assigned. |
queue_name | String | Yes | Name of the review queue from which the case assignment is performed. |
updated_by | String | Yes | Email ID of the reviewer who performed the case assignment. |
updated_at | String <Date-Time> | Yes | RFC 3339 date-time string at which the case assignment is performed. |
Example payload
{
"event_id": "794cdb80-7aa4-4263-9001-89a8ed40805c",
"event_at": "2023-09-14T07:46:55.955656Z",
"event_type": "review_case_assigned",
"data": {
"id": "abc-test-123",
"workflow": "consumer_onboarding",
"eval_id": "a21a6886-aad0-46aa-992b-32d790f553b8",
"reviewer_id": "[email protected]",
"queue_name": "Default Queue",
"updated_at": "2023-09-14T07:46:55.955506Z",
"updated_by": "[email protected]",
"environment_name": "Sandbox"
}
}review_case_unassigned
review_case_unassignedTriggered when a case is unassigned from a reviewer in Case Management (for example, a reviewer un-assigned from a peer reviewer).
Payload schema
| Field | Type | Always Present | Explanation |
|---|---|---|---|
id | String | Yes | Customer provided identifier for the evaluation event like application_id. |
workflow | String | Yes | Workflow name corresponding to the evaluation use-case as configured in RiskOS™ Dashboard. |
eval_id | String | Yes | RiskOS™ generated unique ID for the evaluation. |
reviewer_id | String | Yes | Email ID of the reviewer from whom the case is unassigned. |
queue_name | String | Yes | Name of the review queue from which the case is unassigned. |
updated_by | String | Yes | Email ID of the reviewer who performed the case unassignment. |
updated_at | String <Date-Time> | Yes | RFC 3339 date-time string when the case unassignment is performed. |
Example payload
{
"event_id": "794cdb80-7aa4-4263-9001-89a8ed40805c",
"event_at": "2023-09-14T07:46:55.955656Z",
"event_type": "review_case_unassigned",
"data": {
"id": "abc-test-123",
"workflow": "consumer_onboarding",
"eval_id": "a21a6886-aad0-46aa-992b-32d790f553b8",
"reviewer_id": "[email protected]",
"queue_name": "Default Queue",
"updated_at": "2023-09-14T07:46:55.955506Z",
"updated_by": "[email protected]",
"environment_name": "Sandbox"
}
}case_status_updated
case_status_updatedTriggered when a case status is updated in Case Management (for example, a reviewer makes a manual decision and moves a case into another status, such as "Awaiting documentation").
Payload schema
| Field | Type | Always Present | Explanation |
|---|---|---|---|
id | String | Yes | Customer provided identifier for the evaluation event like application_id. |
workflow | String | Yes | Workflow name corresponding to the evaluation use-case as configured in RiskOS™ Dashboard. |
eval_id | String | Yes | RiskOS™ generated unique ID for the evaluation. |
reviewer_id | String | Yes | Email ID of the reviewer of the case. |
decision | String | Yes | Decision. |
decision_at | String <Date-Time> | Yes | RFC 3339 date-time string at which the decision was taken. |
status | String | Yes | The new status of the case. |
sub_status | String | Yes | The new sub-status of the case. |
updated_at | String <Date-Time> | Yes | RFC 3339 date-time string at which the status update occurred. Same as decision_at in a Case Status Update. |
decision_queue | String | Yes | Name of the review queue from which the decision was taken. |
reason_codes | Array of Strings | Yes | Reason codes for the status update. |
tags | Array of Strings | Yes | Tags for the status update. |
notes | String | No | Notes associated with the status update. |
attachments | Array of Strings | No | Names of the attachments added with the status update. |
Example payload
{
"event_id": "82ef8e08-24b4-42c6-9e27-f7b9aa892c58",
"event_at": "2023-09-14T07:46:55.956104Z",
"event_type": "case_status_updated",
"data": {
"id": "abc-test-123",
"workflow": "consumer_onboarding",
"eval_id": "d3a15e54-ed6b-43f5-8fea-8f6370cc89d9",
"reviewer_id": "[email protected]",
"decision": "REVIEW",
"decision_at": "2023-09-14T07:46:55.956018Z",
"status": "OPEN",
"sub_status": "Awaiting Documentation",
"updated_at": "2023-09-14T07:46:55.956018Z",
"decision_queue": "Default Queue",
"environment_name": "Sandbox",
"reason_codes": [
"test"
],
"tags": [
"test"
],
"notes": "test webhook",
"attachments": [
"test_webhook.txt"
]
}
}case_notes_added
case_notes_addedTriggered when a reviewer adds notes to a case in Case Management (for example, a reviewer adds a new note to a case and may also add attachments with the case notes).
Payload schema
| Field | Type | Always Present | Explanation |
|---|---|---|---|
id | String | Yes | Customer provided identifier for the evaluation event like application_id. |
workflow | String | Yes | Workflow name corresponding to the evaluation use-case as configured in RiskOS™ Dashboard. |
eval_id | String | Yes | RiskOS™ generated unique ID for the evaluation. |
reviewer_id | String | Yes | Email ID of the reviewer of the case. |
updated_at | String <Date-Time> | Yes | RFC 3339 date-time string at which the status update was performed. Same as decision_at in a Case Status Update. |
notes | String | Yes | Notes associated with the status update. |
attachments | Array of Strings | No | Names of the attachments added with the status update. |
Example payload
{
"event_id": "17152e9c-609f-4dd3-b516-1cf094464b1c",
"event_at": "2023-09-14T07:46:55.955929Z",
"event_type": "case_notes_added",
"data": {
"id": "abc-test-123",
"workflow": "consumer_onboarding",
"eval_id": "449edcec-9423-4725-8e5f-c7dfd6a9b827",
"reviewer_id": "[email protected]",
"updated_at": "2023-09-14T07:46:55.955872Z",
"notes": "test webhook",
"environment_name": "Sandbox",
"attachments": [
"test_webhook.txt"
]
}
}case_attachment_added
case_attachment_addedTriggered when attachments are added to a case in case management (for example, a reviewer adds new attachments to a case).
Payload schema
| Field | Type | Always Present | Explanation |
|---|---|---|---|
id | String | Yes | Customer provided identifier for the evaluation event like application_id. |
workflow | String | Yes | Workflow name corresponding to the evaluation use-case as configured in RiskOS™ Dashboard. |
eval_id | String | Yes | RiskOS™ generated unique ID for the evaluation. |
reviewer_id | String | Yes | Email ID of the reviewer of the case. |
updated_at | String <Date-Time> | Yes | RFC 3339 date-time string at which the status update was performed. Same as decision_at in a Case Status Update. |
attachments | Array of Strings | Yes | Names of the attachments added with the status update. |
Example payload
{
"event_id": "d18f58ef-1be3-4c8d-baf6-7f6ba3517514",
"event_at": "2023-09-14T07:46:55.955755Z",
"event_type": "case_attachment_added",
"data": {
"id": "abc-test-123",
"workflow": "consumer_onboarding",
"eval_id": "aafe72aa-2921-40f4-a72c-7eedc9d62c4b",
"reviewer_id": "[email protected]",
"updated_at": "2023-09-14T07:46:55.955699Z",
"environment_name": "Sandbox",
"attachments": [
"test_webhook.txt"
]
}
}fraud_confirming
fraud_confirmingTriggered when a reviewer marks a case as fraud or non-fraud in case management.
Payload schema
| Field | Type | Always Present | Explanation |
|---|---|---|---|
id | String | Yes | Customer provided identifier for the evaluation event like application_id. |
workflow | String | Yes | Workflow name corresponding to the evaluation use-case as configured in RiskOS™ Dashboard. |
fraud_label | String | Yes | Fraud label: either fraud or non-fraud. |
fraud_type | String | No | User-defined fraud types. |
notes | String | No | Additional notes to be added when marking a case as fraud or non-fraud. |
tags | Array of Strings | No | Tags associated with the fraud confirmation. |
recorded_by | String | No | Fraud response team member who recorded the fraud at the customer end. |
recorded_at | String <Date-Time> | No | RFC 3339 date-time string when the fraud feedback was recorded at the customer end. |
created_by | String | Yes | Fraud response team member who recorded the fraud in RiskOS™. |
created_at | String <Date-Time> | Yes | RFC 3339 date-time string when the fraud feedback was created in RiskOS™. |
Example payload
{
"event_id": "624102b9-603a-4505-8bd3-121aafb2bd60",
"event_at": "2023-09-14T07:46:55.956183Z",
"event_type": "fraud_confirming",
"data": {
"id": "547ff93f-43d4-46dc-bc10-39d3011f62e9",
"workflow": "consumer_onboarding",
"fraud_label": "fraud",
"fraud_type": "synthetic",
"notes": "Dummy confirmed fraud for testing",
"tags": [
"test"
],
"recorded_by": "[email protected]",
"environment_name": "Sandbox",
"recorded_at": "2023-09-14T07:46:55.956111Z",
"created_by": "[email protected]",
"created_at": "2023-09-14T07:46:55.956111Z"
}
}Updated 5 days ago