Webhook payloads
Verificationsessionfailed payload
Delivered as a JWE-encrypted POST body when Kayle cannot confirm an attempt. This payload contains no claims, biometrics, face scores, or risk scores. Verify the X-Kayle-Signature header against the encrypted body before decrypting.
WEBHOOK
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Body
application/json
The decrypted JSON payload. The actual request body delivered to your endpoint is compact JWE.
Response
2XX
Return any 2xx response to acknowledge receipt. Non-2xx responses are retried while the encrypted payload remains retained.