Enterprise API

Document Fraud Webhooks

Async, signed webhook delivery for document verification verdicts and fraud signals.

Engineering teams running batch document workf…Platforms with async onboardingFraud orchestration teamsEnterprise integrators

Forensic detection delivered as one API call

One POST returns AI-generation indicators, tampering regions, metadata drift, math reconciliation, and a verdict — designed for risk engines, not onboarding funnels.

▸ Document Analysis · LiveID: 8829-XQ
Risk score: High · 94%Signals matched: 12,042

Metadata deep-dive

Inspects EXIF, software signatures, edit history, and structural fingerprints.

EndpointPOST /v1/verify
Latency p95~6s per document
WebhookSigned verdict event

Privacy-first by design

Originals are processed in encrypted memory and removed after analysis. Reports stay redacted by default.

No training on your data
Team & admin controls
▸ 01 · The Problem

Why identity-onboarding APIs miss document-level fraud

Many document workflows are not in-funnel. Batch onboarding, overnight underwriting, claims review, and offline tenant screening all need an async delivery channel for verdicts.

TrueDoc's webhook channel delivers signed verdict payloads to your endpoint as soon as analysis finishes — no polling required.

▸ 02 · Fraud Signals

What we look for

Cross-checked across 4+ vectors
▸ Primary signal

Missed verdicts when teams forget to poll

Detected at pixel + metadata + structural layers

Replay attacks on unsigned webhook endpoints

Out-of-order delivery breaking downstream state

PII leaking into webhook bodies without masking

What gets checked

All document types supported by the verification API
Batch and async submissions
Multi-page documents
Documents queued from your data warehouse
▸ 03 · Workflow

From upload to verdict

01

POST /verify with a callback_url

Submit the document and the webhook endpoint to call when the verdict is ready.

02

Receive a signed callback

TrueDoc POSTs the verdict payload with an HMAC signature header.

03

Verify the signature

Validate the HMAC against your shared secret before trusting the body.

04

Branch on the verdict

Auto-accept, route to review, or escalate to fraud.

Example event payload (shape)

Payloads are JSON and include: event type, verdict ID, trust score, top findings, document metadata, and a link to the full evidence record in the enterprise portal.

Sensitive fields can be masked per enterprise compliance settings before delivery.

Workflow examples

HR: queue applicant documents overnight; receive verdicts before the next business day's review queue is opened.

Fintech: submit onboarding documents async during peak load; auto-decision low-risk verdicts in real time, route the rest to a fraud queue.

Rental screening: batch-process applications from partner platforms; webhook delivery feeds your decision UI.

Insurance: async review of claims documents; webhooks feed your case management system with verdict and evidence link.

Marketplaces: async re-verification of seller documents; webhooks trigger trust-tier changes automatically.

Security notes

Always verify the HMAC signature on every callback before trusting the body.

Use a dedicated, rotation-friendly shared secret per environment.

Allow-list TrueDoc egress IPs at your edge where possible.

Never expose webhook URLs publicly; treat them as semi-secret endpoints with their own auth layer.

Run a real document. Get a forensic verdict.

No credit card. Redacted report in under a minute.

▸ FAQ

Frequently asked questions