Webhook payloads
Verificationsessionexpired payload
Delivered as a JWE-encrypted POST body when a session expires without a confirmed attempt. Verify the X-Kayle-Signature header against the encrypted body before decrypting.
WEBHOOK
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Body
application/json
The decrypted JSON payload. The actual request body delivered to your endpoint is compact JWE.
Response
2XX
Return any 2xx response to acknowledge receipt. Non-2xx responses are retried while the encrypted payload remains retained.