Async, signed webhook delivery for document verification verdicts and fraud signals.
One POST returns AI-generation indicators, tampering regions, metadata drift, math reconciliation, and a verdict — designed for risk engines, not onboarding funnels.
Inspects EXIF, software signatures, edit history, and structural fingerprints.
Originals are processed in encrypted memory and removed after analysis. Reports stay redacted by default.
Many document workflows are not in-funnel. Batch onboarding, overnight underwriting, claims review, and offline tenant screening all need an async delivery channel for verdicts.
TrueDoc's webhook channel delivers signed verdict payloads to your endpoint as soon as analysis finishes — no polling required.
Missed verdicts when teams forget to poll
Replay attacks on unsigned webhook endpoints
Out-of-order delivery breaking downstream state
PII leaking into webhook bodies without masking
Submit the document and the webhook endpoint to call when the verdict is ready.
TrueDoc POSTs the verdict payload with an HMAC signature header.
Validate the HMAC against your shared secret before trusting the body.
Auto-accept, route to review, or escalate to fraud.
Payloads are JSON and include: event type, verdict ID, trust score, top findings, document metadata, and a link to the full evidence record in the enterprise portal.
Sensitive fields can be masked per enterprise compliance settings before delivery.
HR: queue applicant documents overnight; receive verdicts before the next business day's review queue is opened.
Fintech: submit onboarding documents async during peak load; auto-decision low-risk verdicts in real time, route the rest to a fraud queue.
Rental screening: batch-process applications from partner platforms; webhook delivery feeds your decision UI.
Insurance: async review of claims documents; webhooks feed your case management system with verdict and evidence link.
Marketplaces: async re-verification of seller documents; webhooks trigger trust-tier changes automatically.
Always verify the HMAC signature on every callback before trusting the body.
Use a dedicated, rotation-friendly shared secret per environment.
Allow-list TrueDoc egress IPs at your edge where possible.
Never expose webhook URLs publicly; treat them as semi-secret endpoints with their own auth layer.
No credit card. Redacted report in under a minute.