Webhooks

Watchman supports registering a callback URL (also called a webhook) for searches or a given entity ID (Company or Customer). This allows services to monitor for changes to the OFAC data. There’s an example app that receives webhooks written in Go. Watchman sends either a Company or Customer model in JSON to the webhook URL.

Webhook URLs MUST be secure (https://…) and an Authorization header is sent with an auth token provided when setting up the webhook. Callers should always verify this auth token matches what was originally provided.

When Watchman sends a webhook to your application, the body will contain a JSON representation of the Company or Customer model as the body to a POST request. You can see an example in Go.

An Authorization header will also be sent with the authToken provided when setting up the watch. Clients should verify this token to ensure authenticated communicated.

Webhook notifications are ran after the OFAC data is successfully refreshed, which is determined by the DATA_REFRESH_INTERVAL environmental variable.

Watching a specific customer or company by ID

Moov Watchman supports sending a webhook periodically when a specific Company or Customer is to be watched. This is designed to update another system about an OFAC entry’s sanction status.

Watching a customer or company name

Moov Watchman supports sending a webhook periodically with a free-form name of a Company or Customer. This allows external applications to be notified when an entity matching that name is added to the OFAC list. The match percentage will be included in the JSON payload.