> ## Documentation Index
> Fetch the complete documentation index at: https://docs.verisoul.ai/llms.txt
> Use this file to discover all available pages before exploring further.
# Webhook Payload Reference
> Complete reference for the email.intelligence.completed webhook payload
## Payload Structure
When email analysis completes, Verisoul sends a `POST` request to your configured webhook endpoint.
For a full reference of all email risk signals, trust signals, and domain types, see [Email Signals & Scores](/signals-scores/email).
***
## Example Success Payload
```json theme={null}
{
"request_id": "d69b8d6a-06ae-4071-b6a7-f9abe000b73b",
"batch_id": null,
"project_id": "ed8fe5d7-ead9-4b81-b1b0-74190582341c",
"event_type": "email.intelligence.completed",
"created_at": "2026-03-09T18:22:10Z",
"completed_at": "2026-03-09T18:22:15Z",
"status": "success",
"data": {
"input": {
"email": "john.doe@test.verisoul.com",
"claims": {
"name": { "first": "John", "last": "Doe" },
"country": "US"
}
},
"result": {
"decision": "trusted",
"risk_score": -0.4514,
"trust_signals": [
"email_age_greater_than_5_years",
"email_known_online_history",
"online_presence_detected",
"identity_name_match"
],
"risk_signals": [],
"domain": {
"risk_score": -0.72,
"fqdn": "test.verisoul.com",
"apex": "verisoul.com",
"type": "business",
"age_years": 4.2,
"country": "US"
},
"email": {
"username": "john.doe",
"normalized": "john.doe@test.verisoul.com",
"first_seen_at": "2022-06-15",
"age_years": 3.8,
"seen_countries": ["US"]
},
"deliverability": {
"risk_score": -1,
"send_recommendation": "send"
},
"breach_intelligence": {
"breach_count": 1,
"trusted_breach_count": 0,
"breach_list": [
{
"source": "Adobe",
"breach_date": "2013-10-04",
"trust_weight": "moderate",
"country": "global",
"industry": "software"
}
]
},
"identity_intelligence": {
"match_risk_score": -0.4,
"online_accounts_count": 3,
"online_accounts": ["google", "linkedin", "github"],
"connected_names": ["John Doe"],
"connected_phones": ["+1555*******"],
"claim_matches": {
"name": "match",
"phone": "skipped",
"country": "match"
}
}
}
},
"error": null
}
```
The `identity_intelligence` section inside `data.result` is only present when the request was submitted with `identity_intelligence: true`.
***
## Error Payload
```json theme={null}
{
"request_id": "5fee305e-4b6e-41c4-bff9-c9b53e175d70",
"batch_id": null,
"project_id": "ed8fe5d7-ead9-4b81-b1b0-74190582341c",
"event_type": "email.intelligence.completed",
"created_at": "2026-03-09T18:22:10Z",
"completed_at": "2026-03-09T18:22:15Z",
"status": "error",
"data": null,
"error": {
"email": "some.email@random.com",
"code": "timed_out",
"message": "Unable to compute score of email"
}
}
```
***
## Field Reference
### Top-Level Fields
| Field | Type | Description |
| -------------- | -------------- | --------------------------------------------------------------- |
| `request_id` | string | Unique identifier for this email intelligence request |
| `batch_id` | string \| null | Batch identifier, if the email was submitted as part of a batch |
| `project_id` | string | Your Verisoul project ID |
| `event_type` | string | Always `email.intelligence.completed` |
| `created_at` | string | When analysis started (ISO 8601) |
| `completed_at` | string | When analysis completed (ISO 8601) |
| `status` | string | `success` or `error` |
| `data` | object \| null | Analysis results (present on success) |
| `error` | object \| null | Error details (present on failure) |
### `data.input`
Echo of the submitted request, useful for correlating results.
| Field | Type | Description |
| -------- | ------ | ------------------------------------------ |
| `email` | string | The email address that was analyzed |
| `claims` | object | Claims submitted with the request (if any) |
### `data.result`
| Field | Type | Description |
| --------------- | --------- | --------------------------------------------------------------------------- |
| `decision` | string | Risk decision: `high_trust`, `trusted`, `moderate`, `risky`, or `high_risk` |
| `risk_score` | number | Overall risk score from -1 (high trust) to 1 (high risk) |
| `trust_signals` | string\[] | List of detected trust signals |
| `risk_signals` | string\[] | List of detected risk signals |
#### Decision Buckets
Every email receives a `decision` based on the overall `risk_score`:
| Decision | Score Range | Meaning |
| --------------- | ------------- | -------------------------------------------------- |
| **high\_trust** | below -0.50 | Strong trust signals across multiple dimensions |
| **trusted** | -0.50 to 0.00 | Positive trust indicators present |
| **moderate** | 0.00 to 0.25 | Neutral — no strong signals in either direction |
| **risky** | 0.25 to 0.75 | Some risk indicators detected |
| **high\_risk** | above 0.75 | Strong risk signals — likely fraudulent or invalid |
### `data.result.domain`
| Field | Type | Description |
| ------------ | ------ | ------------------------------------------------------------------------------ |
| `risk_score` | number | Domain risk score from -1 to 1 |
| `fqdn` | string | Fully qualified domain name |
| `apex` | string | Root/apex domain |
| `type` | string | Domain classification (see [domain types](/signals-scores/email#domain-types)) |
| `age_years` | number | Domain age in years |
| `country` | string | Country associated with the domain |
### `data.result.email`
| Field | Type | Description |
| ---------------- | --------- | ------------------------------------------------------- |
| `username` | string | Local part of the email address |
| `normalized` | string | Canonicalized email address |
| `first_seen_at` | string | Earliest known date this email appeared in data sources |
| `age_years` | number | Estimated age of the email address in years |
| `seen_countries` | string\[] | Countries where this email has been observed |
### `data.result.deliverability`
| Field | Type | Description |
| --------------------- | ------ | ------------------------------------------------------------ |
| `risk_score` | number | Deliverability risk: -1 (deliverable) to 1 (not deliverable) |
| `send_recommendation` | string | `send`, `send_with_caution`, or `do_not_send` |
For guidance on how to use these fields to make send decisions, see [Deliverability Risk](/email-intelligence/deliverability-risk).
### `data.result.breach_intelligence`
| Field | Type | Description |
| ---------------------- | --------- | ---------------------------------------------------------- |
| `breach_count` | number | Total number of data breaches this email appears in |
| `trusted_breach_count` | number | Number of breaches from verified/trusted sources |
| `breach_list` | object\[] | Detailed list of breaches (name, date, data types exposed) |
### `data.result.identity_intelligence`
Only present when `identity_intelligence: true` was set in the request.
| Field | Type | Description |
| ----------------------- | --------- | ----------------------------------------------------------------------------- |
| `match_risk_score` | number | Identity match risk from -1 (verified match) to 1 (no match / ghost identity) |
| `online_accounts_count` | number | Number of platforms where the email is registered |
| `online_accounts` | string\[] | Platforms where the email is registered (e.g., google, facebook, linkedin) |
| `connected_names` | string\[] | Names associated with this email across data sources |
| `connected_phones` | string\[] | Phone numbers linked to this email |
| `claim_matches` | object | Results of matching submitted claims against identity data |
### `data.result.identity_intelligence.claim_matches`
| Field | Type | Description |
| --------- | ------ | -------------------------------------------------- |
| `name` | string | `match`, `partial_match`, `no_match`, or `skipped` |
| `phone` | string | `match`, `partial_match`, `no_match`, or `skipped` |
| `country` | string | `match`, `partial_match`, `no_match`, or `skipped` |
### `error`
| Field | Type | Description |
| --------- | ------ | --------------------------------------------- |
| `email` | string | The email address that failed during analysis |
| `code` | string | Error code (e.g., `internal_server_error`) |
| `message` | string | Human-readable description of the failure |
***
## Signal and Domain Type Definitions
For detailed definitions of all signals and domain classifications, see:
* [Domain Types](/signals-scores/email#domain-types)
* [Risk Signals](/signals-scores/email#risk-signals)
* [Trust Signals](/signals-scores/email#trust-signals)