Anti-Fraud · Webhooks
See Webhooks (global) → for signing, retry, and idempotency semantics.
Event catalog
| Event | Fires when | data keys |
|---|---|---|
application.created | Customer submitted onboarding (lane=onboarding evaluate) | customerId · fraudScore · decision |
application.approved | Onboarding application resolved → approve | customerId · decision · appliedRules |
application.declined | Onboarding application resolved → decline | customerId · decision · appliedRules · reason |
alert.created | New fraud alert from any source | alertId · customerId · lane · fraudScore · triggerType |
alert.escalated | Alert promoted to a case | alertId · caseId · customerId |
alert.resolved | Alert resolved with a disposition | alertId · disposition · reason · actorUserId |
transaction.flagged | evaluate(lane=transaction) returned flag | customerId · externalId · fraudScore · alertId |
transaction.blocked | evaluate(lane=transaction) returned block | customerId · externalId · fraudScore · alertId · appliedRules |
case.opened | New case created | caseId · customerId · title · priority |
case.closed | Case closed with disposition | caseId · disposition · reason |
customer.rejected | reject-customer invoked on a case | customerId · caseId · reason |
list.sync.failed | Connector-backed list sync failed | listId · connectorId · error |
list.import.completed | CSV import finished | listId · imported · skipped · failed |
workflow.run.completed | Workflow automation completed a run | workflowId · runId · status |
workflow.run.failed | Workflow run errored | workflowId · runId · error |
Signature
Anti-Fraud uses the X-QE-Signature header (in migration to unified X-Quantum-Signature). Same HMAC-SHA256 scheme — see Webhooks (global).
X-QE-Event: transaction.blocked
X-QE-Delivery: whd_01HXY...
X-QE-Signature: sha256=8b2c4d7e...Example: transaction.blocked
{
"id": "evt_01HXY...",
"event": "transaction.blocked",
"occurredAt": "2026-05-24T11:42:08.481Z",
"orgId": "org_01HXY...",
"data": {
"customerId": "cus_01HXY...",
"externalId": "tx-2026-05-24-002",
"fraudScore": 92,
"alertId": "alt_01HXY...",
"appliedRules": [
{ "code": "BLK-001", "name": "Blocked beneficiary list", "action": "block", "score": 50 },
{ "code": "VL-003", "name": "High amount unverified counterparty", "action": "review", "score": 20 }
]
}
}Register
/api/webhooks{
"name": "fraud-ops-slack-bridge",
"url": "https://your-app.example.com/webhooks/anti-fraud",
"events": ["transaction.blocked", "alert.escalated", "customer.rejected"],
"lane": "transaction"
}lane filters deliveries to onboarding-only or transaction-only events. Omit for both.
Test delivery
POST /api/webhooks/{id}/testSends a synthetic event matching one of the subscription's configured events. Use this to verify your endpoint signature-checking is correct before you handle real traffic.
Workflow webhooks (automations)
Anti-Fraud has its own per-org Workflows feature — reactive automations triggered by alert.created. Workflows can auto-decline, notify Slack, escalate to specific users, or hold a transaction. Configure from the dashboard's Workflows page. Each run fires workflow.run.completed / .failed events to your subscriptions.