Using the API
{
"id": "Webhook:019542f5-b3e7-1d02-0000-000000000007",
"type": "CUSTOMER.KYC_APPROVED",
"timestamp": "2025-08-15T14:32:00Z",
"data": {
"id": "Customer:019542f5-b3e7-1d02-0000-000000000001",
"platformCustomerId": "9f84e0c2a72c4fa",
"customerType": "INDIVIDUAL",
"umaAddress": "$john.doe@uma.domain.com",
"kycStatus": "APPROVED",
"fullName": "John Michael Doe",
"birthDate": "1990-01-15",
"nationality": "US",
"address": {
"line1": "123 Main Street",
"line2": "Apt 4B",
"city": "San Francisco",
"state": "CA",
"postalCode": "94105",
"country": "US"
},
"createdAt": "2025-07-21T17:32:28Z",
"updatedAt": "2025-07-21T17:32:28Z",
"isDeleted": false
}
}{
"status": 400,
"code": "INVALID_INPUT",
"message": "<string>",
"details": {}
}Customer status change
Webhook that is called when the status of a customer is updated, including KYC and KYB status changes. This endpoint should be implemented by clients of the Grid API.
Authentication
The webhook includes a signature in the X-Grid-Signature header that allows you to verify that the webhook was sent by Grid.
To verify the signature:
- Get the Grid API public key provided to you during integration
- Decode the base64 signature from the header
- Create a SHA-256 hash of the request body
- Verify the signature using the public key and the hash
If the signature verification succeeds, the webhook is authentic. If not, it should be rejected.
{
"id": "Webhook:019542f5-b3e7-1d02-0000-000000000007",
"type": "CUSTOMER.KYC_APPROVED",
"timestamp": "2025-08-15T14:32:00Z",
"data": {
"id": "Customer:019542f5-b3e7-1d02-0000-000000000001",
"platformCustomerId": "9f84e0c2a72c4fa",
"customerType": "INDIVIDUAL",
"umaAddress": "$john.doe@uma.domain.com",
"kycStatus": "APPROVED",
"fullName": "John Michael Doe",
"birthDate": "1990-01-15",
"nationality": "US",
"address": {
"line1": "123 Main Street",
"line2": "Apt 4B",
"city": "San Francisco",
"state": "CA",
"postalCode": "94105",
"country": "US"
},
"createdAt": "2025-07-21T17:32:28Z",
"updatedAt": "2025-07-21T17:32:28Z",
"isDeleted": false
}
}{
"status": 400,
"code": "INVALID_INPUT",
"message": "<string>",
"details": {}
}Authorizations
Secp256r1 (P-256) asymmetric signature of the webhook payload, which can be used to verify that the webhook was sent by Grid. To verify the signature:
- Get the Grid public key provided to you during integration
- Decode the base64 signature from the header
- Create a SHA-256 hash of the request body
- Verify the signature using the public key and the hash
If the signature verification succeeds, the webhook is authentic. If not, it should be rejected.
Body
Unique identifier for this webhook delivery (can be used for idempotency)
"Webhook:019542f5-b3e7-1d02-0000-000000000007"
Status-specific event type in OBJECT.EVENT dot-notation (e.g., OUTGOING_PAYMENT.COMPLETED)
CUSTOMER.KYC_APPROVED, CUSTOMER.KYC_REJECTED, CUSTOMER.KYC_SUBMITTED, CUSTOMER.KYC_MANUALLY_APPROVED, CUSTOMER.KYC_MANUALLY_REJECTED, CUSTOMER.KYB_APPROVED, CUSTOMER.KYB_REJECTED, CUSTOMER.KYB_SUBMITTED, CUSTOMER.KYB_MANUALLY_APPROVED, CUSTOMER.KYB_MANUALLY_REJECTED ISO 8601 timestamp of when the webhook was sent
"2025-08-15T14:32:00Z"
- Individual Customer
- Business Customer
Show child attributes
Show child attributes
Response
Webhook received successfully
Was this page helpful?