API Reference

VINCTA receives compliance data via webhooks from vendor systems. All webhooks use HMAC-SHA256 authentication.

Base URL: https://app.vincta.io

Authentication

HMAC-SHA256 Signature

All webhook requests must include a signature header computed over the raw request body.

const crypto = require('crypto');
 
function verifySignature(payload, signature, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(payload, 'utf8')
    .digest('hex');
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );
}

Signature Headers by Vendor

Webhook Endpoints

Transaction Monitoring

Unit21: POST /api/webhooks/unit21

HAWK AI: POST /api/webhooks/hawk-ai

KYC Decisions

Alloy: POST /api/webhooks/alloy

Screening Hits

ComplyAdvantage: POST /api/webhooks/complyadvantage

Response Format

Success (200)

{
  "status": "accepted",
  "vincta_alert_id": "550e8400-e29b-41d4-a716-446655440000",
  "case_id": "660e8400-e29b-41d4-a716-446655440001",
  "case_number": "CASE-2024-0042"
}

Error Responses

Rate Limits

Vendor Configuration

Unit21

1. Navigate to Settings → Webhooks
2. Add endpoint: https://app.vincta.io/api/webhooks/unit21
3. Select events: alert.created, alert.updated
4. Copy webhook secret to VINCTA settings

Alloy

1. Navigate to Settings → Webhooks
2. Add endpoint: https://app.vincta.io/api/webhooks/alloy
3. Select events: evaluation.completed

HAWK AI

1. Navigate to Administration → Integrations
2. Add HTTP endpoint: https://app.vincta.io/api/webhooks/hawk-ai
3. Configure shared secret authentication

ComplyAdvantage

1. Navigate to Settings → API & Webhooks
2. Add webhook URL: https://app.vincta.io/api/webhooks/complyadvantage
3. Select events: screening.hit, screening.updated

Retry Policy