ImmutisTM
Platform
FeaturesHow it worksPricingPlatform
Solutions
EnterpriseStartupsGovernment
Resources
DocumentationAPI ReferenceIntegration GuidesWebhooksStatus
By Industry
InsuranceField ServicesSupply ChainManufacturingHealthcareReal Estate
Popular
Claims VerificationShipping DamageField DocumentationLegal Evidence
More
Legal & ForensicGovernmentDisaster ResponseFinancial Services
Company
AboutBlogCareers
Support
Help CenterFAQContact
Legal
PrivacyTermsSecurity
Developers
Pricing
Sign inBook demo
Developers

Webhooks

Receive real-time notifications when events happen in your Immutis account.

Event Types

evidence.captured

New evidence was captured

evidence.verified

Evidence was verified

evidence.certified

Certificate was generated

certificate.downloaded

Certificate was downloaded

agent.registered

New agent registered

agent.unregistered

Agent was unregistered

Setup

Create a webhook endpoint in your dashboard or via API:

JavaScript
const webhook = await immutis.webhooks.create({
  url: 'https://yourapp.com/webhooks/immutis',
  events: [
    'evidence.captured',
    'evidence.verified',
    'evidence.certified'
  ]
})

Verifying Signatures

Always verify webhook signatures to ensure requests are from Immutis:

Node.js
const crypto = require('crypto')

function verifyWebhook(payload, signature, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex')
  
  return signature === expected
}

// Express example
app.post('/webhooks/immutis', (req, res) => {
  const signature = req.headers['x-immutis-signature']
  const isValid = verifyWebhook(
    req.rawBody,
    signature,
    process.env.WEBHOOK_SECRET
  )
  
  if (!isValid) {
    return res.status(401).send('Invalid signature')
  }
  
  const event = JSON.parse(req.rawBody)
  // Process event...
  
  res.status(200).send('OK')
})

Payload Format

JSON
{
  "id": "evt_abc123",
  "type": "evidence.captured",
  "created_at": "2026-04-23T10:30:00Z",
  "data": {
    "id": "ev_xyz789",
    "hash": "sha256:abc123...",
    "type": "photo",
    "company_id": "IMUTIS",
    "agent_id": "agt_123"
  }
}

Security

All webhooks are signed with HMAC-SHA256. Always verify signatures before processing.

Retry Policy

Failed deliveries are retried with exponential backoff: 1min, 5min, 30min, 2hr, 24hr.

Timeout

Your endpoint must respond within 30 seconds. Return 200 quickly, process async.

Need help?

Check our webhook debugging guide for common issues.

View guides