List available webhook event types
Returns all event types that can be subscribed to. Includes session
events (e.g. `session.approved`, `session.declined`,
`session.resubmission-required`), identity events
(`identity.created`, `identity.updated`, `identity.flagged`,
`identity.archived`, `identity.restored`, `identity.tag-added`,
`identity.tag-removed`), and consortium events
(`consortium.match_found`, `consortium.match_resolved`).
The `session.resubmission-required` event fires when a session is
auto-rejected because the submitted ID photos were too blurry or
low-quality for OCR processing. The applicant must create a new
session with the same `external_ref` and resubmit clearer photos.
### `consortium.match_found` payload
Fires when the consortium executor finds a cross-org match for a
session at workflow time. Both involved organizations receive the
event. Payload fields:
```json
{
"event": "consortium.match_found",
"consortium_id": "cgrp_abc123",
"matched_session_id": "ses_def456",
"primary_session_id": "ses_abc123",
"similarity": 0.94,
"ghost_student_score": 78,
"ghost_student_tier": "high",
"is_sandbox": false
}
```
- `similarity` is a rounded float (face-embedding cosine similarity).
- `ghost_student_tier` is one of `low`, `medium`, `high`, `critical`.
### `identity.flagged` payload
Fires when an identity is flagged for review. As of Wave 4 (audit H41)
the payload **no longer includes** `flagged_by` or `flag_reason` —
those fields contained reviewer email and free-text PII. Use
`GET /identities/{identity_id}` to fetch them if your subscriber has
the right scopes. The new `has_reason` boolean lets you tell whether
a reason was recorded without exposing its contents.
```json
{
"event": "identity.flagged",
"identity_id": "idn_abc123",
"session_id": "ses_def456",
"has_reason": true,
"is_sandbox": false
}
```