AML Platform · Webhooks
For signature, retry, and idempotency semantics see Webhooks (global) →. This page lists the events specific to AML.
Event catalog
| Event | Fires when | data keys |
|---|---|---|
screening.confirmed | Screening lands above confirmedHit threshold (alert auto-created) | screeningId · customerId · score · status |
screening.review | Screening lands in review band | screeningId · customerId · score · status |
alert.created | Any new alert (from screening, transaction-evaluate, or rule fire) | alertId · customerId · triggerType · riskScore · lane |
alert.escalated | Alert promoted to a case | alertId · caseId · customerId |
case.created | New case opened | caseId · customerId · title · priority |
case.closed | Case closed (disposition no_action or other) | caseId · status · disposition · reason |
sar.submitted | SAR transitioned to submitted (MLRO signed, XML produced) | sarId · caseId · filingType · typology |
sar.acknowledged | You recorded a PPATK ack via POST /sar-filings/{id}/acknowledge | sarId · acknowledgedAt · ppatkReferenceNo |
watchlist.refreshed | Watchlist fetch + diff completed | watchlistId · entriesAdded · entriesRemoved |
rule.bypassed | An admin set a temporary bypass on an active rule | ruleId · until · reason · actorUserId |
decisionPolicy.updated | Decision-policy thresholds changed | before · after · actorUserId |
Example payloads
alert.created
{
"id": "evt_01HXY...",
"event": "alert.created",
"occurredAt": "2026-05-24T08:15:12.481Z",
"orgId": "org_01HXY...",
"data": {
"alertId": "alt_01HXY...",
"customerId": "cus_01HXY...",
"triggerType": "rule_fire",
"riskScore": 65,
"lane": "transaction"
}
}sar.submitted
{
"id": "evt_01HXZ...",
"event": "sar.submitted",
"occurredAt": "2026-05-24T11:42:08.481Z",
"orgId": "org_01HXY...",
"data": {
"sarId": "sar_01HXY...",
"caseId": "cas_01HXY...",
"filingType": "STR",
"typology": "structuring"
}
}watchlist.refreshed
{
"id": "evt_01HXA...",
"event": "watchlist.refreshed",
"occurredAt": "2026-05-24T12:00:01.122Z",
"orgId": "org_01HXY...",
"data": {
"watchlistId": "wl_ofac_sdn",
"entriesAdded": 17,
"entriesRemoved": 3
}
}A watchlist.refreshed event is your hint to kick off a re-screen of any open customers — most banks listen to this and queue an ongoing lane screening for the affected customer cohort.
Signature header
AML uses the unified X-Quantum-Signature header (no legacy product-prefixed header). Verify per the global Webhooks recipe.
X-Quantum-Event: alert.created
X-Quantum-Delivery: whd_01HXY...
X-Quantum-Signature: sha256=8b2c4d7e...
X-Quantum-Timestamp: 1716552000Register a subscription
POST
/api/webhooks{
"url": "https://your-app.example.com/webhooks/aml",
"events": ["alert.created", "alert.escalated", "sar.submitted", "watchlist.refreshed"],
"active": true
}Subscribe by concern, not by everything
- Compliance ops:
alert.*,case.*,sar.*→ into your ticketing system - Treasury / treasury risk:
screening.confirmed,alert.created(lane=transaction) → into your transaction-decisioning service - MLRO digest:
sar.submitted,sar.acknowledged,watchlist.refreshed→ into your daily MLRO email
Inbound webhooks (rare)
AML Platform exposes POST /api/webhooks/inbound for partner-side notifications (e.g. a third-party AM provider pushing real-time updates). Configure inbound webhooks from the dashboard — they're rare and you usually don't need them.