Overview
pawaPass sends webhook notifications to your configured URL when verification events occur. This allows you to track the entire lifecycle of a verification in real-time.Setup
To configure your webhook URL and receive your signing secret key, contact us.Events
VERIFICATION.STATUS_CHANGE
VERIFICATION.STATUS_CHANGE
Sent each time a verification’s status changes — from
CREATED through STARTED, USER_DATA_COLLECTED, to a final state like APPROVED or DECLINED.This is the primary webhook for monitoring verification progress.VERIFICATION.IDENTITY_DOCUMENT_CHANGE
VERIFICATION.IDENTITY_DOCUMENT_CHANGE
Sent when an agent manually corrects identity document data after a verification has concluded (e.g., fixing a typo in a name or date of birth).Does not fire during initial data collection.
Payload format
All webhook payloads follow the same structure:Age estimation values
TheageEstimation field on the face scan can be one of:
| Value | Age |
|---|---|
UNDER_8 | Under 8 years |
OVER_8 | Over 8 years |
OVER_13 | Over 13 years |
OVER_16 | Over 16 years |
OVER_18 | Over 18 years |
OVER_21 | Over 21 years |
OVER_25 | Over 25 years |
OVER_30 | Over 30 years |
UNKNOWN | Could not be estimated |
Signature verification
Webhooks include anX-Signature header containing a SHA256 HMAC signature of the raw request body, signed with your secret key. Verify this signature to confirm the webhook is authentic.
Best practices
Return 200 OK quickly
Process the webhook asynchronously if needed. Any non-
2xx response triggers retries.Retries
If your endpoint returns a non-2xx status code or times out, pawaPass will retry delivery using capped exponential backoff with jitter:
- 55 attempts over approximately 1 week
- Delay starts at 1 second, doubles each time (1s, 2s, 4s, 8s, …), capped at 4 hours
- Each delay includes ±25% random jitter to prevent thundering herd
- If all retries are exhausted, the notification is dropped
