Skip to main content

Payload Structure

When email analysis completes, Verisoul sends a POST request to your configured webhook endpoint.

Example Success Payload

{
  "request_id": "d69b8d6a-06ae-4071-b6a7-f9abe000b73b",
  "batch_id": null,
  "project_id": "ed8fe5d7-ead9-4b81-b1b0-74190582341c",
  "event_type": "email.intelligence.completed",
  "created_at": "2026-03-09T18:22:10Z",
  "completed_at": "2026-03-09T18:22:15Z",
  "status": "success",
  "data": {
    "input": {
      "email": "john.doe@test.verisoul.com",
      "claims": {
        "name": { "first": "John", "last": "Doe" },
        "country": "US"
      }
    },
    "result": {
      "decision": "trusted",
      "risk_score": -0.4514,
      "trust_signals": [
        "email_age_greater_than_5_years",
        "email_known_online_history",
        "online_presence_detected",
        "identity_name_match"
      ],
      "risk_signals": [],
      "domain": {
        "risk_score": -0.72,
        "fqdn": "test.verisoul.com",
        "apex": "verisoul.com",
        "type": "business",
        "age_years": 4.2,
        "country": "US"
      },
      "email": {
        "username": "john.doe",
        "normalized": "john.doe@test.verisoul.com",
        "first_seen_at": "2022-06-15",
        "age_years": 3.8,
        "seen_countries": ["US"]
      },
      "deliverability": {
        "risk_score": -1,
        "send_recommendation": "send"
      },
      "breach_intelligence": {
        "breach_count": 1,
        "trusted_breach_count": 0,
        "breach_list": [
          {
            "source": "Adobe",
            "breach_date": "2013-10-04",
            "trust_weight": "moderate",
            "country": "global",
            "industry": "software"
          }
        ]
      },
      "identity_intelligence": {
        "match_risk_score": -0.4,
        "online_accounts": ["google", "linkedin", "github"],
        "connected_names": ["John Doe"],
        "connected_phones": ["+1555*******"],
        "claim_matches": {
          "name": "match",
          "phone": "skipped",
          "country": "match"
        }
      }
    }
  },
  "error": null
}
The identity_intelligence section inside data.result is only present when the request was submitted with identity_intelligence: true.

Error Payload

{
  "request_id": "5fee305e-4b6e-41c4-bff9-c9b53e175d70",
  "batch_id": null,
  "project_id": "ed8fe5d7-ead9-4b81-b1b0-74190582341c",
  "event_type": "email.intelligence.completed",
  "created_at": "2026-03-09T18:22:10Z",
  "completed_at": "2026-03-09T18:22:15Z",
  "status": "error",
  "data": null,
  "error": {
    "email": "some.email@random.com",
    "code": "timed_out",
    "message": "Unable to compute score of email"
  }
}

Field Reference

Top-Level Fields

FieldTypeDescription
request_idstringUnique identifier for this email intelligence request
batch_idstring | nullBatch identifier, if the email was submitted as part of a batch
project_idstringYour Verisoul project ID
event_typestringAlways email.intelligence.completed
created_atstringWhen analysis started (ISO 8601)
completed_atstringWhen analysis completed (ISO 8601)
statusstringsuccess or error
dataobject | nullAnalysis results (present on success)
errorobject | nullError details (present on failure)

data.input

Echo of the submitted request, useful for correlating results.
FieldTypeDescription
emailstringThe email address that was analyzed
claimsobjectClaims submitted with the request (if any)

data.result

FieldTypeDescription
decisionstringRisk decision: high_trust, trusted, moderate, risky, or high_risk
risk_scorenumberOverall risk score from -1 (high trust) to 1 (high risk)
trust_signalsstring[]List of detected trust signals
risk_signalsstring[]List of detected risk signals

Decision Buckets

Every email receives a decision based on the overall risk_score:
DecisionScore RangeMeaning
high_trustbelow -0.60Strong trust signals across multiple dimensions
trusted-0.60 to -0.20Positive trust indicators present
moderate-0.20 to 0.20Neutral — no strong signals in either direction
risky0.20 to 0.60Some risk indicators detected
high_riskabove 0.60Strong risk signals — likely fraudulent or invalid

data.result.domain

FieldTypeDescription
risk_scorenumberDomain risk score from -1 to 1
fqdnstringFully qualified domain name
apexstringRoot/apex domain
typestringDomain classification (see domain types)
age_yearsnumberDomain age in years
countrystringCountry associated with the domain

data.result.email

FieldTypeDescription
usernamestringLocal part of the email address
normalizedstringCanonicalized email address
first_seen_atstringEarliest known date this email appeared in data sources
age_yearsnumberEstimated age of the email address in years
seen_countriesstring[]Countries where this email has been observed

data.result.deliverability

FieldTypeDescription
risk_scorenumberDeliverability risk: -1 (deliverable) to 1 (not deliverable)
send_recommendationstringsend, send_with_caution, or do_not_send

data.result.breach_intelligence

FieldTypeDescription
breach_countnumberTotal number of data breaches this email appears in
trusted_breach_countnumberNumber of breaches from verified/trusted sources
breach_listobject[]Detailed list of breaches (name, date, data types exposed)

data.result.identity_intelligence

Only present when identity_intelligence: true was set in the request.
FieldTypeDescription
match_risk_scorenumberIdentity match risk from -1 (verified match) to 1 (no match / ghost identity)
online_accountsstring[]Platforms where the email is registered (e.g., google, facebook, linkedin)
connected_namesstring[]Names associated with this email across data sources
connected_phonesstring[]Phone numbers linked to this email
claim_matchesobjectResults of matching submitted claims against identity data

data.result.identity_intelligence.claim_matches

FieldTypeDescription
namestringmatch, partial_match, no_match, or skipped
phonestringmatch, partial_match, no_match, or skipped
countrystringmatch, partial_match, no_match, or skipped

error

FieldTypeDescription
emailstringThe email address that failed during analysis
codestringError code (e.g., internal_server_error)
messagestringHuman-readable description of the failure

Signal and Domain Type Definitions

For detailed definitions of all signals and domain classifications, see: