Skip to main content
Truv supports security controls for regulated integrations, including webhook signature verification, mutual TLS (mTLS) for APIs and webhooks, and additional authentication options for webhook delivery.

Privacy & Compliance

User consent, secure transport, compliance materials, and where to request documentation.

Webhook Security

Signature verification, delivery timing, retries, and webhook allowlisting guidance.

mTLS

Mutual TLS for Truv APIs and webhook delivery, including certificate setup paths.

Trust Center

Current security documents, reports, and questionnaires.
Use this section when you need to answer one of four practical questions:
  • How do I verify webhook deliveries from Truv?
  • When should I use mTLS instead of standard API authentication?
  • What privacy and compliance materials are available?
  • Where do I find the implementation details for webhook security and mTLS?
For implementation details, start with the focused pages in this section and then use the endpoint reference pages for webhook configuration and event payloads.

Webhook signature verification

Every webhook request from Truv includes an X-WEBHOOK-SIGN header. Validate that signature against the raw request body with your Access Secret before you process the event. Use Webhook Security for verification examples, retry behavior, IP allowlisting, and handling guidance.

mTLS for APIs and webhooks

Truv supports mTLS for both public API traffic and webhook delivery:
  • Public APIs: api-mtls.truv.com for Production and api-sandbox-mtls.truv.com for Sandbox
  • Webhooks: Truv-signed certificates, client-signed certificates, and optional custom headers
Use mTLS for the setup path, certificate options, and allowlisting details.

Privacy and compliance

All API requests must use HTTPS with TLS 1.2 or higher. Access to end-user data requires explicit user consent through the connection flow. Users authenticate directly with their provider and grant access to the requested data. Use Privacy & Compliance for current guidance on consent, transport security, retention planning, and how to request supporting documentation.

Contact

Security Team

security@truv.com

Compliance Requests

compliance@truv.com