Incode Webhooks
Overview of webhooks that let you request notifications from the Incode platform to your API
What are webhooks?
Webhooks are event notifications. They let your organization's application know when a specific event happens on the Incode platform or when a process initiated by a user is completed (also known as a callback). Your application can then take action based on the notification.
Webhooks are asynchronous. That means the communication is one-way only, from Incode to your application. You must configure them if you want to use them.
What webhooks are available?
These webhooks are currently supported:
- Onboarding status webhook - Triggered every time the status changes for an Onboarding Session.
- Videoselfie upload webhook - Triggered when the video selfie recording file (if applicable) becomes available.
- Global watchlists webhook - Triggered when a global watchlist result is updated.
- Face Authentication webhook - Triggered when a face authentication either succeeds or fails.
- Work history webhook - Triggered after processing the work history search for a user. This webhook is exclusive to Mexico.
- Proof of payment webhook - Triggered after processing the payment proof validation for a user. This webhook is exclusive to Mexico.
The following webhooks either have been or are soon to be deprecated:
- Authentication webhooks - (soon to be deprecated) Available for 1:1 and 1:N. These contain information about the login attempt, any Identities which could match the face reported by the login, and the Onboarding Session (or interview) which best matches the biometric of the face used to login.
- INE scraping webhook - (Deprecated) Provided INE Scraping results asynchronously.
Configure webhooks
To configure webhook behavior, go to the Incode Dashboard > Configuration -> Webhooks.
Configure webhook destination
You can configure a single URL per webhook. All notifications from that webhook will be sent to that destination. If you need the webhook notification to be sent to different endpoints in your system, you must broadcast it internally after receiving it at this single endpoint.
Configure webhooks custom headers
You can create custom headers that your endpoint receives as part of webhook notifications. You can create more than one header, but all headers are sent for all webhooks. Dynamic values are not supported.
Retry Policy
Webhook retries will be triggered in either of these scenarios:
- A timeout is received when your endpoint is called.
- A status code returned from your service is not one of:
200 OKalong with theapplication/jsonheader or204 No content
The webhook retry policy is exponential. It has an initial interval of 30s, a multiplier of 2.5, and a maximum of 5 attempts. This means the maximum time a webhook can take to reach its destination is approximately 32 minutes, as illustrated in the following table.
| Retry attempt | Delay (seconds) | Delay (minutes) | Total (minutes) |
|---|---|---|---|
| 1 | 30 | 0.50 | 0.5 |
| 2 | 75 | 1.25 | 1.75 |
| 3 | 187.5 | 3.13 | 4.88 |
| 4 | 468.75 | 7.81 | 12.69 |
| 5 | 1,171.88 | 19.53 | 32.22 |
Allow webhook source IPs
If your organization restricts inbound traffic for your network, make sure the following IP addresses are added to your allow list.
US Environment
- SAAS (production):
| IP | Active |
|---|---|
54.86.34.156 | Currently Active |
3.142.125.52 | Currently Active |
54.85.117.182 | As of February 2, 2026 |
3.233.40.153 | As of February 2, 2026 |
DEMO (development) Environment
- Since October 2024,
34.198.171.165(previously18.210.119.234).
EU Environment
- SAAS EU (production and demo): IP
18.158.116.18
Updated 8 days ago