> ## Documentation Index
> Fetch the complete documentation index at: https://www.cashfree.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# DigiLocker Webhooks
> Receive Cashfree DigiLocker webhooks for consent grants, document fetches, and verification completion so your backend can update KYC records automatically.
Webhooks are event-based notifications that are received when a specific event related to the DigiLocker verification occurs.
In rare cases, such as network retries, read timeouts, processing delays, or delivery failures, the same webhook might be sent more than once for the same event. To prevent unintended side effects, implement idempotency in your webhook handler to handle duplicate deliveries.
## Add webhooks
Add your webhook URL in our system for us to deliver webhook events.
Follow the instructions below to configure the webhook URL. Ensure to provide the publicly accessible HTTPS URL to your webhook endpoint.
1. Log in to the [Merchant Dashboard](https://merchant.cashfree.com/merchants/) and click **Developers**.
2. Click **Webhooks** listed under the **Secure ID** card.
3. Click **Add Webhook URL** in the **Webhook** screen.
4. In the **Add Webhook** popup, enter the webhook URL.
5. Click **Test & Add Webhook**.
## Webhook event
| Event type | Description |
| :---------------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------- |
| `DIGILOCKER_VERIFICATION_SUCCESS` | Triggered when the user's DigiLocker verification is successfully completed. |
| `DIGILOCKER_VERIFICATION_LINK_EXPIRED` | Triggered when the DigiLocker URL expires due to user inaction. |
| `DIGILOCKER_VERIFICATION_CONSENT_DENIED` | Triggered when the user denies consent for DigiLocker verification. |
| `DIGILOCKER_VERIFICATION_CONSENT_EXPIRED` | Triggered when the user's document consent for DigiLocker verification expires, which occurs 1 hour after the user grants consent. |
| `DIGILOCKER_VERIFICATION_FAILURE` | Triggered when the DigiLocker verification fails due to a system error. |
### Sample webhook events
The following events are triggered at different stages of the DigiLocker verification process:
```json theme={"dark"}
{
"event_type":"DIGILOCKER_VERIFICATION_SUCCESS",
"event_time":"2006-01-02T15:04:05Z",
"version":"v1",
"data":{
"user_details": {
"name": "John Doe",
"dob": "02-02-1995",
"gender": "M",
"eaadhaar": "Y",
"mobile": "9999999999"
},
"status": "AUTHENTICATED",
"document_requested": [
"AADHAAR",
"PAN",
"DRIVING_LICENSE"
],
"document_consent": [
"AADHAAR",
"PAN",
"DRIVING_LICENSE"
],
"document_consent_validity": "2025-09-30T07:10:00Z",
"verification_id": "ABC00123",
"reference_id": 12345
}
}
```
```json theme={"dark"}
{
"event_type":"DIGILOCKER_VERIFICATION_LINK_EXPIRED",
"event_time":"2006-01-02T15:04:05Z",
"version":"v1",
"data":{
"user_details": {},
"status": "EXPIRED",
"document_requested": [
"AADHAAR"
],
"document_consent": null,
"document_consent_validity": null,
"verification_id": "ABC00123",
"reference_id": 12345
}
}
```
```json theme={"dark"}
{
"event_type":"DIGILOCKER_VERIFICATION_CONSENT_DENIED",
"event_time":"2006-01-02T15:04:05Z",
"version":"v1",
"data":{
"user_details": {},
"status": "CONSENT_DENIED",
"document_requested": [
"AADHAAR"
],
"document_consent": null,
"document_consent_validity": null,
"verification_id": "ABC00123",
"reference_id": 12345
}
}
```
```json theme={"dark"}
{
"event_type":"DIGILOCKER_VERIFICATION_CONSENT_EXPIRED",
"event_time":"2006-01-02T15:04:05Z",
"version":"v1",
"data":{
"user_details": {
"name": "John Doe",
"dob": "02-02-1995",
"gender": "M",
"eaadhaar": "Y",
"mobile": "9999999999"
},
"status": "AUTHENTICATED",
"document_requested": [
"AADHAAR",
"PAN",
"DRIVING_LICENSE"
],
"document_consent": [
"AADHAAR",
"PAN",
"DRIVING_LICENSE"
],
"document_consent_validity": "2025-09-30T07:10:00Z",
"verification_id": "ABC00123",
"reference_id": 12345
}
}
```
```json theme={"dark"}
{
"event_type":"DIGILOCKER_VERIFICATION_FAILURE",
"event_time":"2006-01-02T15:04:05Z",
"version":"v1",
"data":{
"user_details": {},
"status": "FAILURE",
"document_requested": [
"AADHAAR"
],
"document_consent": null,
"document_consent_validity": null,
"verification_id": "ABC00123",
"reference_id": 12345
}
}
```
## Webhook signature
You will receive the webhook signature in the webhook header. Here is a sample header from a webhook request.
| Header name | Header value |
| ------------------- | :------------------------------------------: |
| content-length | 1099 |
| x-webhook-attempt | 1 |
| content-type | application/json |
| x-webhook-signature | 07r5C3VMwsGYeldGOCYxe5zoHhIN1zLfa8O0U/yngHI= |
| x-webhook-timestamp | 1746427759733 |
Always capture the webhook payload in its raw text format before parsing into JSON. Parsing and re-serialising the payload can change the structure (for example, array ordering, spacing, or `null` handling) and cause a signature mismatch during verification. Use the exact raw body string from the request when computing the signature.
## Webhook payload fields
The webhook payload contains important metadata in its top-level fields.
| Field | Type | Description |
| ------------ | -------- | --------------------------------------------------------------------------------------------- |
| `event_type` | `string` | Indicates the type of event that triggered the webhook. |
| `event_time` | `string` | The UTC timestamp of when the event occurred, formatted in ISO 8601 (`YYYY-MM-DDTHH:MM:SSZ`). |
| `version` | `string` | Indicates the webhook format being used. Default version is "v1". |
| `data` | `object` | Contains event-specific details related to this feature. |
Verifying the signature is mandatory before processing any response. Refer to [Signature Verification](/api-reference/vrs/webhook-signature-verification) for more details.