Skip to main content


Webhooks enables your server to be told about users' Upollo flags in real time, allowing you to act on repeated trials and account sharing.

Sign up for Upollo

Sign up at to set your webhook URLs and to get your webhook secret key.

Getting started

First you will need to setup a webhook URL which can be done under webhooks on the Access & Keys page in the Upollo developer centre. We strongly recommend using https urls for your webhooks.

Once you have added a URL you will be given a webhook key which you can use to verify the signature of the responses if you wish.

Webhook request structure

Below is a formatted example webhook JSON payload.

"analysis": {
"action": "CHALLENGE",
"flags": [
"firstFlagged": "2022-04-13T03:48:09.041096Z",
"mostRecentlyFlagged": "2022-04-13T03:48:09.041096Z"
"firstFlagged": "2022-04-13T03:48:11.208795Z",
"mostRecentlyFlagged": "2022-04-13T03:48:11.208795Z"
"firstFlagged": "2022-04-13T03:48:11.208797Z",
"mostRecentlyFlagged": "2022-04-13T03:48:11.208797Z"
"userInfo": {
"userID": "user",
"userEmail": ""
"deviceInfo": {
"deviceID": "cKmLrgoy7nX5Hnb24KMQyy",
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
"requestID": "5959061a-5a74-4596-99c1-908a2a053cae",
"supportedChallenges": ["CHALLENGE_TYPE_SMS"],
"eventType": "LOGIN",
"emailAnalysis": {
"valid": true,
"emailType": "EMAIL_TYPE_PUBLIC",
"multiAccountingMatchedUsers": [
"userId": "u_123",
"userEmail": ""
"timestamp": "2022-04-13T03:48:20.134747Z"

Verifying the webhook request

Each request has a "Upollo-Signature" header which contains a two part signature made up "t:" followed by a timestamp in seconds and "s0:" followed by the SHA512 hash of the JSON payload.

To verify the signature, compute a HMAC with the SHA512 hash function using your webhook secret key as the key and the JSON payload as the message. Compare this signature to the one you received in the "Upollo-Signature" header.

Upollo logoUpollo

Upollo empowers teams to learn more about their users so they can expand, retain, convert and upsell effectively.

Get Started for Free
About Us
  • About
  • Pricing
  • Blog
  • Contact

© 2024

Proudly built in Sydney, Australia 🦘