Verified steps

In the Persona Dashboard, navigate to Webhooks and create a new endpoint URL for your environment
Select the event types inquiry.completed and verification.created and save the webhook secret
In your handler, read the Persona-Signature header which contains a timestamp and HMAC-SHA256 signature
Reconstruct the signed payload by concatenating the timestamp, a period, and the raw request body, then compute HMAC-SHA256 with your webhook secret
Reject requests where the computed signature does not match or where the timestamp is older than 300 seconds to prevent replay attacks

Known gotchas

Persona sends the raw JSON body; do not parse and re-serialize it before computing the signature or the HMAC will not match
A single user action can fire multiple events in quick succession; design your handler to be idempotent using the event id as a deduplication key
Webhook delivery is not guaranteed in strict order; use the payload's created_at field, not arrival order, to sequence state transitions

docs.withpersona.com · 6 steps · unrated

Create a Persona inquiry using a verification template and retrieve the completed inquiry result

docs.withpersona.com · 6 steps · unrated

Set up Stripe webhooks for charge.dispute.created and implement signature verification

stripe.com · 6 steps · unrated

Give your agent this knowledge — and 200+ more routes

One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus: claude mcp add --transport http waymark https://mcp.waymark.network/mcp

Configure Persona webhooks for inquiry.completed and verification.created events and validate the request signature

Verified steps

Known gotchas

Related routes

Give your agent this knowledge — and 200+ more routes