Clausum sends outbound webhooks to the endpoints you configure in the dashboard. Each delivery is an HTTP POST with a JSON body and HMAC signature headers. See Receiving webhooks for verification and handling.
Event catalog
| Event | When it fires |
|---|
transaction.created | A transaction is recorded in Clausum |
transaction.blocked | A transaction was hard-blocked during assessment |
transaction.succeeded | A transaction completed successfully |
transaction.failed | A transaction failed |
fraud.detected | Fraud was reported via the API or detected by rules |
fraud.confirmed | A reported fraud was confirmed by your team |
case.created | A case (expediente) was opened |
case.updated | A case changed status or fields |
dispute.created | A dispute / chargeback was opened |
dispute.updated | A dispute changed |
dispute.resolved | A dispute was resolved |
Payload shape
{
"event": "fraud.detected",
"timestamp": "2026-05-29T18:30:00.000Z",
"data": {
"case_id": "b1f2...",
"reference_number": "CLM-LX9A2B",
"transaction_id": "txn_123",
"external_transaction_id": "pi_3Nxyz",
"reason": "chargeback",
"amount": 89900,
"currency": "USD",
"email": "fraudster@example.com",
"blocklist_entries": 2
}
}
data object varies by event and may include transaction, dispute, case_id, and fraud_details.
Every delivery includes:
| Header | Description |
|---|
X-Clausum-Signature | t=<timestamp>,v1=<hmac_sha256> |
X-Clausum-Event | The event type |
X-Clausum-Timestamp | ISO 8601 timestamp of the delivery |
Delivery & retries
- Deliveries time out after a few seconds; respond with a
2xx quickly and process asynchronously.
- Failed deliveries increment a failure counter and are retried; persistent failures can disable the webhook.
- Acknowledge with any
2xx. Non-2xx responses are treated as failures.
Make your handler idempotent — the same event may be delivered more than once. De-duplicate using data identifiers such as transaction_id or case_id together with event and timestamp.
