Skip to main content
A compliance export webhook sends a pointer to a signed compliance record. It does not send the full signed vCon inline. The event type is compliance_record.ready. It means a finalized signed compliance record is ready to fetch.

What the envelope contains

1

Event type

The event type is compliance_record.ready.
2

Call metadata

The envelope includes call metadata so your system can route and store the export.
3

Record pointer

The envelope includes an expiring download URL for the signed vCon.
4

Content-bound fetch

The download URL is bound to the record content hash.

Synthetic example

This example is synthetic. It shows the public shape of a pointer export, not a real call or customer record. 
{
  "type": "compliance_record.ready",
  "call": {
    "id": "synthetic-call-123",
    "started_at": "2026-06-27T12:00:00Z"
  },
  "record": {
    "format": "vcon",
    "content_hash": "sha512-synthetic-content-hash",
    "download_url": "https://example.com/synthetic-expiring-vcon-download"
  }
}
The download_url is short-lived. Fetch the signed vCon after you verify the webhook signature, then store the record according to your own retention policy.
Do not treat the webhook body as the signed compliance record. The signed vCon is fetched from the record download URL.

Delivery behavior

Compliance record exports are forward-only from endpoint enablement. Klariqo does not promise historical backfill for records created before the endpoint was enabled. Deliveries are at least once. Your endpoint may receive the same delivery more than once, so dedupe by the delivery id. Klariqo does not guarantee ordering between deliveries.

How to handle an event

1

Verify the signature

Verify the Standard Webhooks signature against the raw request body.
2

Dedupe the delivery

Check whether you have already processed the delivery id.
3

Read the envelope

Confirm the event type is compliance_record.ready.
4

Fetch the signed vCon

Use the expiring download URL to fetch the signed compliance record.
5

Store your copy

Store the signed vCon in your own system according to your retention and access rules.

Verify signatures

Verify a webhook before processing the envelope.

Fetch the signed vCon

Retrieve the signed record from the pointer.
Exported records support evidence, provenance, and audit-readiness. They do not make you compliant, prove consent by themselves, or replace your retention policy and counsel review.