Identity Proofing Integration Guide

June 04, 2026 21:16

Identity Proofing in Kount 360 uses a collection of data and verification methods, like real-time policy configuration, case management, and business intelligence analytics, that can be organized into custom workflows to identify fraud and verify consumer identities during any part of the user journey.

With Identity Proofing, you have the ability to configure strategies that organize active and passive verification checks, apply fraud and business information, and branch workflows to achieve desired outcomes during different stages.

Before you can integrate with Identity Proofing, you must have:

A Kount 360 organization ID (provided by your Customer Success Manager)
A client ID
Admin permissions
Strategy templates (these are created internally by Equifax)

A successful integration with Identity Proofing requires the following:

An API key
A bearer token
A strategy to pass in the API
The Assessment and Update API endpoints
Device Data Collector implementation
Webhooks (optional)

Configurable Components for Identity Proofing

To integrate Identity Proofing into your systems, you will need to configure several components within Kount 360. Some settings are required — like strategies — while others are optional and help tailor the integration to your needs. This section outlines what is what is essential to get started.

Strategies

Strategies define the verification checks and step-up methods used in Identity Proofing workflows. At least one strategy template must be created internally before you can configure a strategy. The strategy name is referenced in the Assessment API to determine which workflow to apply. For more information, go to Strategies in Identity Proofing.

Rejection Codes

Rejection codes are used when an agent or an update API closes a case that is in Review or Challenge. When sending an Update API with rejection codes, they are validated against the Rejection Code, not the Rejection Code Name.

Color

You can open the color selection menu and select a color for each rejection code. This color is visible when a rejection code is selected.
Rejection Code

An assigned alphanumeric code. This code is used when the Update API is invoked and a rejection code is included. The rejection code cannot be edited after creation.
Rejection Code Name

This is the title for the rejection code. The character limit is 255 and can be edited.
Sort Order

You can sort the rejection codes by dragging and dropping them. The sort order is the order rejection codes will display in the selection menus when a fraud agent wants to choose a rejection code.

For more information, go to Rejection Codes in Identity Proofing.

Queue Manager

Queues can be created to segment cases in Case Management. Cases can be assigned to a queue by:

Creating a trigger to auto-assign the case based on policy logic. For more information, go to Creating, Editing, and Deleting Triggers in the Queue Manager.
Manually assigning the case in Case Details. For more information, go to Manually Reviewing a Case.
Assigning the case to a queue with the Update API.

When a case is updated with the Update API and the queue is passed in the request body, it is validated against the queues created in the Queue Manager.

Device Data Collector Implementation

The Device Data Collector gathers information from a customer’s device by running client-side scripts and then sending that data to Equifax. This passive analysis conceals the Kount 360 interaction with the customer and does not affect the customer’s experience.

The flow for device data collection follows this pattern:

Generate Session ID: Generates a session ID and provides it to the Device Data Collector SDK.
Device Data Collector SDK collects and sends device data: The Device Data Collector sends the collected device data to Kount 360.
Submit event data with session ID to your server: When the event data (the order, login, or new account opening data) gets submitted to your server, include the session ID that was passed to the Device Data Collector.
Send event data with session ID to Kount 360: Pass the session ID in the call to Kount 360, along with the rest of the event data.
Associate device data and event data by matching the session ID: Kount 360 associates the device data and the event data by using the session ID that was passed to Kount 360.

For detailed instructions, use our guided Device Data Collector Content generator or follow the steps in the Native iOS and Android SDKs article.

Device Data Collector Browser Recommendations

Placement and configuration of the browser Device Data Collector is important for gathering information to identify devices, adhere to business policies, and accurately define sign in risk.

Page and Page Location

Place the Device Data Collector code in the body of the sign-in page. Kount reduces collection from the same session ID when a collection comes within 15 minutes. We recommend that you run a single data collection per session. When multiple collections are run in a single session — if the collection was placed in the header — it is possible the collection events can be mistaken as a DDOS attack, throttling all collections from your site.

Google Chrome Lazy Load

The Google Chrome Lazy Load feature defers loading images and iFrames that come below the end of the page. This feature is active when the Chrome Data Saver feature is on and when the loading attribute is set to auto or unset. If you are using the Kount legacy data collector that uses an iFrame, update integration or set the loading attribute to eager, which bypasses lazy loading functionality.

Content Security Policy

Kount uses both third-party and first-party cookies as well as device data to identify devices. In order to take full advantage of the Device Data Collector, you can make modifications to the Content Security Policy on your site. For more information, go to Content Security Policies (CSP) and the Device Data Collector.

Generate an API Key

In Kount 360, after you have activated your organization, you can generate API keys to send data securely to Equifax. Only users with the Owner role permissions can generate, delete, or edit API keys.

Caution

You must have an initialized client before you can create an API key.

Sign in to Kount 360.

There are two integration environments: sandbox and production. Only integrate into our sandbox environment if you are integrating a pre-production environment without production data for testing.
Select Admin, and then Product Configuration.
In System Settings, select API Keys.

All initialized clients display.
For the client you want to create an API key, select Generate API Key.

The new API key is generated. A prompt displays with the ability to copy the API key and add a description.
Copy the API key, and then store it in a secure location.

Note

The API key is not provided again. You must store it in a secure location for future reference. If the API key is compromised or lost, create a new API key and delete the compromised one.
Enter a description detailing the store used for the API key, and then select Confirm.

API keys are organized under each client on the API Keys page. Expand the client to view your API keys, the descriptions, and when client details were created.

Create a Bearer Token

After you have provisioned your API credentials in the portal, retrieve a temporary bearer token to authenticate calls to the Kount 360 API. Provide the API key in an HTTP POST to a specific login.equifax.com URL.

With a successful exchange, the returned JSON provides a special bearer token, which is the access_token property. The exchange also provides an expiration date, the expires_in property, provided in seconds until expiration. The API to retrieve the bearer token depends on if you are calling the sandbox or production environment.

The values are:

Sandbox

Auth Server URL:

https://login-uat.equifax.com/as/token

API Service Host:

https://api-sandbox.kount.com

Production

Auth Server URL:

https://login.equifax.com/as/token

API Service Host:

https://api.kount.com

After obtaining the bearer token, use it to authenticate requests to the Kount 360 API. Include the token in the Authorization header of your HTTP API request, prefixed with Bearer {bearer token}.

To prevent authentication issues, refresh the token before it expires. Tokens issued by login.equifax.com expire after 20 minutes, but client credentials remain valid unless revoked. Minimize calls to the /token endpoint by implementing token expiration handling in your customer applications. Always check if a token has expired before requesting a new one, as excessive calls to the /token endpoint could result in rate limiting.

Python

sidebar. Python Code Example

"""sandbox"""
import requests
AUTH_SERVER_URL = "https://login-uat.equifax.com/as/token"
API_URL = "https://api-sandbox.kount.com"
API_KEY = "YOUR API KEY HERE"
CLIENT_ID = "YOUR CLIENT_ID HERE"

r = requests.post(AUTH_SERVER_URL,
                  params={"grant_type": "client_credentials",
                          "scope": "k1_integration_api"},
                  headers={"Authorization": "Basic" + API_KEY,
                           "Content-Type":
                           "application/x-www-form-urlencoded"})

t = r.json()["access_token"]

r = requests.post(API_URL + "/login",
                  headers={'Authorization': "Bearer " + t},
                  json={
                    "clientId": "900900",
                    "sessionId": "d121ea2210434ffc8a90daff9cc97e76",
                    "userId": "meoyyd8za8jdmwfm",
                    "username": "meoyyd8za8jdmwfm",
                    "userPassword": "38401eb46f8fbb74c1846a5f47f68d83a9bef126b1d4143f886cd464323cdaab",
                    "userIp": "192.168.0.1",
                    "loginUrl": "http://www.example.com/login",
                    "userAuthenticationStatus": "true",
                    "userCreationDate": "2019-08-24T14:15:22Z",
                    "userType": "VIP",
                    "mfaPhone": "+12081234567",
                    "mfaEmail": "username@example.com",
                    "userAgent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36",
                    "context": "LOGIN"
                })
print("Response:", r.json())

TypeScript

sidebar. TypeScript Code Example

const axios = require('axios')

const API = 'https://api-sandbox.kount.com'
const ISSUER = 'https://login-uat.equifax.com/as/token'
const CLIENT_ID = 'YOUR CLIENT ID HERE'
const API_KEY = 'YOUR API KEY HERE'

async function getBearerToken() {

    const auth = await axios({
        url: `${ISSUER}/v1/token`,
        method: 'post',
        headers: {
            authorization: `Basic ${API_KEY}`
        },
        params: {
            grant_type: 'client_credentials',
            scope: 'k1_integration_api'
        }
    })

    return auth.data.access_token
}

async function evaluateLogin(token: string) {

    const resp = await axios({
        url: `${API}/login`,
        method: 'post',
        headers: {
            authorization: `Bearer ${token}`,
        },
        data: {
            clientId: "900900",
            sessionId: "d121ea2210434ffc8a90daff9cc97e76",
            userId: "meoyyd8za8jdmwfm",
            username: "meoyyd8za8jdmwfm",
            userPassword: "38401eb46f8fbb74c1846a5f47f68d83a9bef126b1d4143f886cd464323cdaab",
            userIp: "192.168.0.1",
            loginUrl: "http://www.example.com/login",
            userAuthenticationStatus: "true",
            userCreationDate: "2019-08-24T14:15:22Z",
            userType: "VIP",
            mfaPhone: "+12081234567",
            mfaEmail: "username@example.com",
            userAgent: "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36",
            context: "LOGIN"
        }
    })

    return resp.data
}
const main = async () = {
    const token = await getBearerToken();
    const resp = await evaluateLogin(token);
    console.log(JSON.stringify(resp, null, 4))
}

main()

Bash

sidebar. Bash Code Example

#!/usr/bin/env bash

API='https://api-sandbox.kount.com'
ISSUER='https://login-uat.equifax.com/as/token'
CLIENT_ID= "YOUR CLIENT_ID HERE"
API_KEY= "YOUR API KEY HERE"''

# Get our token (it is valid for 20 minutes)
RESPONSE=$(curl -s -X POST "${ISSUER}/v1/token?grant_type=client_credentials&scope=k1_integration_api" -H "Authorization: Basic ${API_KEY}" -H "Content-Type: application/x-www-form-urlencoded")
TOKEN=$(echo $RESPONSE | jq -r .access_token)

# Make our evaluation request
REQUEST_DATA='{
                "clientId": "900900",
                "sessionId": "d121ea2210434ffc8a90daff9cc97e76",
                "userId": "meoyyd8za8jdmwfm",
                "username": "meoyyd8za8jdmwfm",
                "userPassword": "38401eb46f8fbb74c1846a5f47f68d83a9bef126b1d4143f886cd464323cdaab",
                "userIp": "192.168.0.1",
                "loginUrl": "http://www.example.com/login",
                "userAuthenticationStatus": "true",
                "userCreationDate": "2019-08-24T14:15:22Z",
                "userType": "VIP",
                "mfaPhone": "+12081234567",
                "mfaEmail": "username@example.com",
                "userAgent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36",
                "context": "LOGIN"
              }'
RESPONSE=$(curl -s -X POST ${API}/login -H "Authorization: Bearer ${TOKEN}" -d "$REQUEST_DATA")
echo "$RESPONSE" | jq

Go

sidebar. Go Code Example

package main

import (
        "bytes"
        "encoding/json"
        "fmt"
        "io"
        "net/http"
)

type config struct {
        API      string
        Issuer   string
        ClientId string
        APIKey   string
}

func getToken(c *http.Client, issuer, creds string) string {

        req, _ := http.NewRequest(http.MethodPost, issuer+"/v1/token", nil)

        req.Header.Add("Authorization", "Basic "+creds)

        req.Header.Add("Content-Type", "application/x-www-form-urlencoded")

        q := req.URL.Query()
        q.Add("grant_type", "client_credentials")
        q.Add("scope", "k1_integration_api")
        req.URL.RawQuery = q.Encode()

        resp, _ := c.Do(req)
        defer resp.Body.Close()

        t := struct {
                TokenType   string `json:"token_type"`
                ExpiresIn   int    `json:"expires_in"`
                AccessToken string `json:"access_token"`
        }{}

        json.NewDecoder(resp.Body).Decode(&t)
        return t.AccessToken
}

func evaluate(c *http.Client, api string, payload LoginRequest, token string) string {

        j, _ := json.Marshal(payload)

        req, _ := http.NewRequest(http.MethodPost, api+"/login", bytes.NewBuffer(j))

        req.Header.Add("Authorization", "Bearer "+token)

        resp, _ := c.Do(req)
        defer resp.Body.Close()

        b, _ := io.ReadAll(resp.Body)
        s := string(b)
        return s
}

type LoginRequest struct {
        ClientID                 string `json:"clientId"`
        SessionID                string `json:"sessionId"`
        UserID                   string `json:"userId"`
        Username                 string `json:"username"`
        UserPassword             string `json:"userPassword"`
        UserIP                   string `json:"userIp"`
        LoginURL                 string `json:"loginUrl"`
        UserAuthenticationStatus string `json:"userAuthenticationStatus"`
        UserCreationDate         string `json:"userCreationDate"`
        UserType                 string `json:"userType"`
        MFAPhone                 string `json:"mfaPhone"`
        MFAEmail                 string `json:"mfaEmail"`
        UserAgent                string `json:"userAgent"`
        Context                  string `json:"context"`
}

func main() {
        config := config{
                API:      "https://api-sandbox.kount.com",
                Issuer:   "https://login-uat.equifax.com/as/token",
                ClientId: "",
                APIKey:   "",
        }
        client := &http.Client{}
        token := getToken(client, config.Issuer, config.APIKey)

        payload := LoginRequest{
                ClientID:                 config.ClientId,
                SessionID:                "d121ea2210434ffc8a90daff9cc97e76",
                UserID:                   "meoyyd8za8jdmwfm",
                Username:                 "meoyyd8za8jdmwfm",
                UserPassword:             "38401eb46f8fbb74c1846a5f47f68d83a9bef126b1d4143f886cd464323cdaab",
                UserIP:                   "192.168.0.1",
                LoginURL:                 "http://www.example.com/login",
                UserAuthenticationStatus: "true",
                UserCreationDate:         "2019-08-24T14:15:22Z",
                UserType:                 "VIP",
                MFAPhone:                 "+12081234567",
                MFAEmail:                 "username@example.com",
                UserAgent:                "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36",
                Context:                  "LOGIN",
        }

        resp := evaluate(client, config.API, payload, token)
        fmt.Printf("%s\n", resp)
}

Assessment API endpoint

This is the API endpoint required to integrate with Identity Proofing in order to submit new inquiries for assessment and to create cases. The Assessment API request requires a strategy, which is created in Admin > Identity Proofing > Strategies.

Note

The strategy used in the strategy field in the API request must match the name of the strategy created in Kount 360.

The authenticationId is passed in the body of the response and is used to reference any subsequent updates to this event. The response body can be verbose or non-verbose. This mode is set internally at the time of template creation.

The inquiryId is a value passed in the body of the response and should be a unique identifier. Both the inquiryId and authenticationId are required for the Update API.

For more information, go to Assessment API help.

Sandbox:

https://api-sandbox.kount.com/business/identity-proofing/v1/assess

Production:

https://api.kount.com/business/identity-proofing/v1/assess

API Request for Assessment API

Header

x-client-id: 000000

Body

sidebar. Example API Request

{
  "inquiryId": "1234567890",
  "strategy": "default",
  "channel": "mobile",
  "creationDateTime": "2024-07-22T15:59:00Z",
  "deviceSessionId": "SESSION_XYZ123",
  "userIp": "192.168.1.100",
  "account": {
    "accountId": "9876543210",
    "type": "personal",
    "creationDateTime": "2023-01-15T10:30:00Z",
    "username": "johnsmith",
    "accountIsActive": true
  },
  "product": {
    "productName": "Personal Loan",
    "productType": "loan",
    "productId": "LOAN-123",
    "requestedAmount": 25000,
    "status": "Pending"
  },
  "applicant": {
    "phoneNumber": "15551234567",
    "email": "johnsmith@example.com",
    "dateOfBirth": "1990-05-20",
    "name": {
      "first": "John",
      "middle": "David",
      "last": "Smith",
      "secondLast": null,
      "suffix": "Jr.",
      "preferred": "Johnny"
    },
    "governmentId": [
      {
        "type": "passport",
        "issueDate": "2015-03-10",
        "expirationDate": "2025-03-09",
        "value": "AB12345678",
       "countryCode": "USA",
        "state": null
      }
    ],
    "addresses": [
      {
        "type": "HOME",
        "recency": "CURRENT, FORMER, OTHER",
        "line1": "123 Main Street",
        "line2": "Apt 4B",
        "city": "Anytown",
        "region": "CA",
        "countryCode": "USA",
        "postalCode": "90210"
      }
    ],
    "employment": [
      {
        "employer": {
          "name": "Acme Corporation",
          "address": {
            "type": "BUSINESS",
            "recency": "CURRENT, FORMER, OTHER",
            "line1": "456 Elm Street",
            "line2": "Suite 100",
            "city": "Anytown",
            "region": "CA",
            "countryCode": "USA",
            "postalCode": "90210"
          }
        },
        "income": {
          "period": "monthly",
          "amount": 5000,
          "currency": "USD"
        },
        "employeeTitle": "Software Engineer",
        "startDate": "2020-06-01",
        "endDate": null, // Currently employed
        "currentEmployee": true,
        "contractType": "full-time"
      }
    ]
  },
  "coApplicant": null,
  "customFields": {
    "keyString": "PAY",
    "keyBoolean": "TRUE",
    "keyDate": "2024-07-22T15:59:00Z",
    "keyNumber": 2022
  }        
}

API Response for Assessment API

Header

x-correlation-id: dc4e670a-9398-4bf9-b563-ae625097a076 (guid)

Body

sidebar. Example API Response

{
  "inquiryId": "1234567890",
  "authenticationId": "3b42bd08-9ccc-4886-bcaa-8da4ab607675",
  "deviceSessionId": "d121ea2210434ffc8a90daff9cc97e76",
  "decision": "Allow",
  "userSegment": "OnlineNewCustomer",
  "tags": ["newCustomer", "international"],
  "scorecards": [
    { "name": "FraudScore", "value": 72 },
    { "name": "CreditScore", "value": 685 }
  ],
  "deviceId": "ABCDEFG12345",
  "entityId": "9876543210", //only for internal EFX clients, enabled by configuration or entitlement
  "insights": {
    "applicant": {
      "identityTrust": true,
      "addressTrust": true,
      "phoneTrust": true,
      "emailTrust": true,
      "SSNTrust": true,
      "deceased": false,
      "riskAssessment": "Pass"
    },
    "coapplicant": { // If co-applicant information is present
      "identityTrust": "N",
      "addressTrust": true,
      "phoneTrust": true,
      "emailTrust": true,
      "SSNTrust": true,
      "deceased": false,
      "riskAssessment": "Pass"
    }
  },
  "strategy": {
    "strategyName": "EnhancedVerification",
    "description": "Additional verification due to moderate digital risk.",
    "status": "Active",
    "actions": [
      {
        "method": "KBA",
        "status": "Challenge",
        "data": {
          "questionnaireId": "1",
            "questions": [
                {
                    "questionId": 1,
                    "questionText": "Your credit file indicates you may have a home loan, opened in or around August 2019. Who is the credit provider for this account?",
                    "choiceType": {"type":"singleChoice"},
                    "choices": [
                        {
                            "choiceId": 1,
                            "choiceText": "Esteem Bancshares"
                        },
                        {
                            "choiceId": 2,
                            "choiceText": "Grand Fortune Financial Holdings"
                        },
                        {
                            "choiceId": 3,
                            "choiceText": "Central Bank Group"
                        },
                        {
                            "choiceId": 4,
                            "choiceText": "Apex Financial Inc."
                        },
                        {
                            "choiceId": 5,
                            "choiceText": "NONE OF THE ABOVE"
                        }
                    ]
                },
                {
                    "questionId": 2,
                    "questionText": "Your credit file indicates you may have a home loan, opened in or around August 2019. Who is the credit provider for this account?",
                    "choiceType": {"type":"singleChoice"},
                    "choices": [
                        {
                            "choiceId": 1,
                            "choiceText": "Esteem Bancshares"
                        },
                        {
                            "choiceId": 2,
                            "choiceText": "Grand Fortune Financial Holdings"
                        },
                        {
                            "choiceId": 3,
                            "choiceText": "Central Bank Group"
                        },
                        {
                            "choiceId": 4,
                            "choiceText": "Apex Financial Inc."
                        },
                        {
                            "choiceId": 5,
                            "choiceText": "NONE OF THE ABOVE"
                        }
                    ]
                },
                {
                    "questionId": 3,
                    "questionText": "Your credit file indicates you may have a home loan, opened in or around August 2020. Who is the credit provider for this account?",
                    "choiceType": {"type":"singleChoice"},
                    "choices": [
                        {
                            "choiceId": 1,
                            "choiceText": "Esteem Bancshares"
                        },
                        {
                            "choiceId": 2,
                            "choiceText": "Grand Fortune Financial Holdings"
                        },
                        {
                            "choiceId": 3,
                            "choiceText": "Central Bank Group"
                        },
                        {
                            "choiceId": 4,
                            "choiceText": "Apex Financial Inc."
                        },
                        {
                            "choiceId": 5,
                            "choiceText": "NONE OF THE ABOVE"
                        }
                    ]
                }
            ]
        }
      }
    ]
  },
  "thirdPartyCalls": {
    "applicant": {
      "atDataResponse": {
        "risk": {
          "score": 2,
          "queryId": "39b97005-16f1-4ac9-8874-9b67ed5cc4ea",
          "ip": {
            "organization": "equifax  inc.",
            "latitude": 33.79846,
            "longitude": -84.38828
          },
          "domain": {},
          "postal": {
            "deliverability": "undeliverable",
            "lastNameMatch": "match",
            "firstNameMatch": "match",
            "deliverabilitySubstatus": "invalid_unclear",
            "zipMatch": "no_match",
            "cityMatch": "no_match",
            "streetMatch": "no_match",
            "ipPostalDistance": "< 5 miles"
          },
          "phone": {
            "owner": {}
          }
        },
        "eam": {
          "longevity": 3,
          "velocity": 10,
          "dateFirstSeen": "2011-05-20",
          "popularity": 10
        },
        "dam": {
          "longevity": 3,
          "velocity": 10,
          "dateFirstSeen": "2002-11-09",
          "popularity": 10
        },
        "emailValidation": {
          "domainType": "freeisp",
          "statusCode": 400,
          "address": "johnsmith@gmail.com",
          "status": "invalid"
        }
      }
    },
    "coApplicant": {
      "atDataResponse": {
        "risk": {
          "score": 1,
          "queryId": "85782c4c-f351-40ac-8213-a2ca33ff79f8",
          "ip": {},
          "domain": {},
          "postal": {
            "deliverability": "undeliverable",
            "lastNameMatch": "match",
            "firstNameMatch": "match",
            "deliverabilitySubstatus": "invalid_unclear",
            "zipMatch": "no_match",
            "cityMatch": "no_match",
            "streetMatch": "no_match"
          },
          "phone": {
            "owner": {}
          }
        },
        "eam": {
          "longevity": 3,
          "velocity": 10,
          "dateFirstSeen": "2011-05-20",
          "popularity": 10
        },
        "dam": {
          "longevity": 3,
          "velocity": 10,
          "dateFirstSeen": "2002-11-09",
          "popularity": 10
        },
        "emailValidation": {
          "domainType": "freeisp",
          "statusCode": 400,
          "address": "johnsmith@gmail.com",
          "status": "invalid"
        }
      }
    }
  }
}

Update API endpoint

When an end user completes a step-up notification and step-ups are being processed customer-side, call this API to update the case status. The authenticationId is passed in the response body of the original Assessment API call. The authenticationId and inquiryId is used to identify which case to update.

The Update API can be used to update cases when any process outside of Kount 360 requires a case update. Some examples might include:

Customers working with a call center and Customer Relationship Management (CRM) to update a case
Third-party integrations to manage a case
Making a call to Kount 360 to update a case

For more information, go to Update API help.

Sandbox:

https://api-sandbox.kount.com/business/identity-proofing/v1/update

Production:

https://api.kount.com/business/identity-proofing/v1/update

Update a case with a webhook

Webhooks enable you to receive live updates over HTTP when a status change occurs. Webhook events gives you the ability to receive automated updates on orders. When enabled, webhook events from Kount 360 are sent to a URL hosted by you in a JSON payload.

Note

To ensure reliable webhook notifications, our system employs an automatic retry mechanism. In certain scenarios, such as network fluctuations or timeout issues, this could result in the same event payload being delivered more than once. Integrations must be designed to recognize a duplicate event and ensure that processing it multiple times does not result in inconsistent data, like creating duplicate records or double-charging a user.

The following webhook events are used in Kount 360. Webhook events are divided by product.

Payments Fraud

Order Update: Sends a notification when an order is approved or declined, a note added, an agent assigned, a Chargeback or Refund report is marked, and/or a reason code is added.
Order Status Change: Deprecated. Use Order Update instead. This webhook sends an event when an order is approved or declined.
Reason Code Update: This webhook sends an event notification when a reason code is added or changed.
Chargeback Bulk Added: Only sends a notification when a bulk chargeback report is uploaded in the user interface invoking BatchUpdateReversals.

Identity Proofing and Account Protection

Decision Status Update: A webhook event that sends a notification when the decision, caseStatus, queue, rejectionCode, tags, assignee, or verifiedFraud are changed.
Document Verification Status Update: A webhook event that sends a notification when a Multi-factor Authentication (MFA) status (MFA.StatusUpdate) is updated.

To implement a webhook, you must:

Create a webhook by providing the URL to the API endpoint and selecting the events you want to be notified about. Refer to Manage Webhooks.
Get the public key provided in the Kount 360 portal to verify the authenticity of the events received. Equifax creates an RSA 4096 key pair. The private key is used by Equifax to sign the message and the public key is available to you for verifying the signature of events that your server receives.

Note

You might also need to create an IP range allowlist so that the webhook calls are allowed into your network. Go to Create an IP Range Allowlist for more information.

When a fraud agent changes the decision of a Identity Proofing case to Allow, Deny, or opens a case that is closed and webhooks are implemented, a webhook is sent to the customer to update the case status.

sidebar. Example of a webhook payload

{
  "apiVersion": "v1",
  "authenticationId": "11111111-1111-1111-1111-111111111111",
  "clientId": "xxxxxx",
  "creationDateTime": "",
  "eventDateTime": "2025-05-22T16:08:09.224Z",
  "eventType": "IdentityProofing.StatusChange",
  "fields": {
    "assignee": "joe@joe.com",
    "caseStatus": "CLOSED",
    "decision": "Allow",
    "queue": "",
    "tags": [
      "tag1",
      "tag2"
    ],
    "verifiedFraud": false
  },
  "fieldsUpdated": [
    {
      "fieldName": "decision",
      "newValue": "Allow",
      "oldValue": "Review"
    },
    {
      "fieldName": "caseStatus",
      "newValue": "CLOSED",
      "oldValue": "UNASSIGNED"
    }
  ],
  "inquiryId": "PF122312211"
}

Was this article helpful?

1 out of 1 found this helpful