Getting started

elKYC (Allpass) uses webhooks to notify your backend when an event happens in your client-side SDK. Webhooks are useful for asynchronous events like when a user completes a Verification, or passes any step. You should specify your backend endpoint url and get your AES-256-CBC key.

You can do it within workplace Integration page.

Every application has it's own AES-256-CBC key. Webhook data is encrypted with this key

The Allpass webhook request has the same structure as all Allpass responses:

export class ResponseEntity {
  status: boolean;
  @ApiProperty({ example: 200 })
  statusCode: number;
  @ApiProperty({ type: String })
  data: string;
  @ApiProperty({ example: '2021-08-20T14:52:33.648Z' })
  time: string;

  constructor(data: string) {
    this.status = true;
    this.statusCode = 200;
    this.data = data;
    this.time = new Date().toISOString();

Where data is encrypted string.

Decrypt data

Webhook data must be decrypted before use with your AES-256-CBC key. Example:

import crypto from 'crypto';

function decryptData(encryptedTextWithIv: string, key: string): string {
    const keyBuff = Buffer.from(key, 'hex');
    const iv = Buffer.from(encryptedTextWithIv.slice(0, 32), 'hex');
    const encryptedText = encryptedTextWithIv.slice(32);
    const decipher = crypto.createDecipheriv('aes-256-cbc', keyBuff, iv);
    let decrypted = decipher.update(encryptedText, 'hex', 'utf8');
    decrypted += decipher.final('utf8');

    return decrypted;

const aes256cbc = `*************`; // Your crypt key from integration page

const encryptedDataString = '... Encrypted data in Base64 ...';
const decryptedDataString = decryptData(aes256cbc, encryptedDataString);

console.log('Decrypted data object:', JSON.parse(decryptedDataString));

Encrypt data

Example of encrypting data for public-api request:

import crypto from 'crypto';

function encryptData(data: any, key: string): string {
    const keyBuff = Buffer.from(key, 'hex');
    const iv = crypto.randomBytes(16);
    const cipher = crypto.createCipheriv('aes-256-cbc', keyBuff, iv);
    let encrypted = cipher.update(JSON.stringify(data), 'utf8', 'hex');
    encrypted += cipher.final('hex');

    return iv.toString('hex') + encrypted;

const aes256cbc = `*************`; // Your crypt key from integration page
const data = {}; // you data object

try {
    const encryptedDataString = encryptData(data, aes256cbc);

    console.log('Encrypted data string:', encryptedDataString);
} catch (e) {

Last updated

elKYC - Allpass.ai 2023