API documentation
- HOOKAgent action pending approval webhook
- HOOKIncoming payment webhook and approval mechanism
- HOOKOutgoing payment status webhook
- HOOKTest webhook for integration verification
- HOOKBulk upload status webhook
- HOOKInvitation claimed webhook
- HOOKCustomer status change
- HOOKInternal account status webhook
- HOOKVerification status change
- HOOKCard state change
- HOOKCard funding source change
{
"id": "Webhook:019542f5-b3e7-1d02-0000-000000000030",
"type": "CARD.FUNDING_SOURCE_CHANGE",
"timestamp": "2026-05-08T14:30:00Z",
"data": {
"id": "Card:019542f5-b3e7-1d02-0000-000000000010",
"cardholderId": "Customer:019542f5-b3e7-1d02-0000-000000000001",
"state": "ACTIVE",
"stateReason": null,
"brand": "VISA",
"form": "VIRTUAL",
"last4": "4242",
"expMonth": 12,
"expYear": 2029,
"fundingSources": [
"InternalAccount:019542f5-b3e7-1d02-0000-000000000002",
"InternalAccount:019542f5-b3e7-1d02-0000-000000000003"
],
"currency": "USD",
"createdAt": "2026-05-08T14:10:00Z",
"updatedAt": "2026-05-08T14:30:00Z"
}
}{
"message": "<string>",
"details": {}
}Card funding source change
Webhook that is called when the funding sources bound to a card change. Fires whenever PATCH /cards/{id} updates the fundingSources array. The payload carries the full Card resource with the post-change fundingSources array.
This endpoint should be implemented by clients of the Grid API.
Authentication
The webhook includes a signature in the X-Grid-Signature header that allows you to verify that the webhook was sent by Grid.
To verify the signature:
- Get the Grid public key provided to you during integration
- Decode the base64 signature from the header
- Create a SHA-256 hash of the request body
- Verify the signature using the public key and the hash
If the signature verification succeeds, the webhook is authentic. If not, it should be rejected.
{
"id": "Webhook:019542f5-b3e7-1d02-0000-000000000030",
"type": "CARD.FUNDING_SOURCE_CHANGE",
"timestamp": "2026-05-08T14:30:00Z",
"data": {
"id": "Card:019542f5-b3e7-1d02-0000-000000000010",
"cardholderId": "Customer:019542f5-b3e7-1d02-0000-000000000001",
"state": "ACTIVE",
"stateReason": null,
"brand": "VISA",
"form": "VIRTUAL",
"last4": "4242",
"expMonth": 12,
"expYear": 2029,
"fundingSources": [
"InternalAccount:019542f5-b3e7-1d02-0000-000000000002",
"InternalAccount:019542f5-b3e7-1d02-0000-000000000003"
],
"currency": "USD",
"createdAt": "2026-05-08T14:10:00Z",
"updatedAt": "2026-05-08T14:30:00Z"
}
}{
"message": "<string>",
"details": {}
}Documentation Index
Fetch the complete documentation index at: https://grid.lightspark.com/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
Secp256r1 (P-256) asymmetric signature of the webhook payload, which can be used to verify that the webhook was sent by Grid. To verify the signature:
- Get the Grid public key provided to you during integration
- Decode the base64 signature from the header
- Create a SHA-256 hash of the request body
- Verify the signature using the public key and the hash
If the signature verification succeeds, the webhook is authentic. If not, it should be rejected.
Body
Unique identifier for this webhook delivery (can be used for idempotency)
"Webhook:019542f5-b3e7-1d02-0000-000000000007"
Status-specific event type in OBJECT.EVENT dot-notation (e.g., OUTGOING_PAYMENT.COMPLETED)
CARD.FUNDING_SOURCE_CHANGE ISO 8601 timestamp of when the webhook was sent
"2025-08-15T14:32:00Z"
Show child attributes
Show child attributes
Response
Webhook received successfully
Was this page helpful?