{
  "transaction": {
    "id": "Transaction:019542f5-b3e7-1d02-0000-000000000005",
    "status": "COMPLETED",
    "type": "OUTGOING",
    "senderUmaAddress": "$sender@uma.domain",
    "receiverUmaAddress": "$recipient@external.domain",
    "sentAmount": {
      "amount": 10550,
      "currency": {
        "code": "USD",
        "name": "United States Dollar",
        "symbol": "$",
        "decimals": 2
      }
    },
    "receivedAmount": {
      "amount": 9706,
      "currency": {
        "code": "EUR",
        "name": "Euro",
        "symbol": "€",
        "decimals": 2
      }
    },
    "customerId": "Customer:019542f5-b3e7-1d02-0000-000000000001",
    "platformCustomerId": "18d3e5f7b4a9c2",
    "settlementTime": "2025-08-15T14:30:00Z",
    "createdAt": "2025-08-15T14:25:18Z",
    "description": "Payment for invoice #1234",
    "exchangeRate": 0.92,
    "quoteId": "Quote:019542f5-b3e7-1d02-0000-000000000006",
    "paymentInstructions": {
      "reference": "UMA-Q12345-REF",
      "bankAccountInfo": {
        "accountType": "US_ACCOUNT",
        "accountNumber": 987654321,
        "routingNumber": 123456789,
        "accountCategory": "CHECKING",
        "bankName": "Chase Bank"
      }
    }
  },
  "timestamp": "2025-08-15T14:32:00Z",
  "webhookId": "Webhook:019542f5-b3e7-1d02-0000-000000000007",
  "type": "OUTGOING_PAYMENT"
}

This response does not have an example.

Webhooks

Outgoing payment status webhook

Webhook that is called when an outgoing payment’s status changes. This endpoint should be implemented by clients of the Grid API.

Authentication

The webhook includes a signature in the X-Grid-Signature header that allows you to verify that the webhook was sent by Grid. To verify the signature:

Get the Grid public key provided to you during integration
Decode the base64 signature from the header
Create a SHA-256 hash of the request body
Verify the signature using the public key and the hash

If the signature verification succeeds, the webhook is authentic. If not, it should be rejected.

This webhook is informational only and is sent when an outgoing payment completes successfully or fails.

WEBHOOK

outgoing-payment

{
  "transaction": {
    "id": "Transaction:019542f5-b3e7-1d02-0000-000000000005",
    "status": "COMPLETED",
    "type": "OUTGOING",
    "senderUmaAddress": "$sender@uma.domain",
    "receiverUmaAddress": "$recipient@external.domain",
    "sentAmount": {
      "amount": 10550,
      "currency": {
        "code": "USD",
        "name": "United States Dollar",
        "symbol": "$",
        "decimals": 2
      }
    },
    "receivedAmount": {
      "amount": 9706,
      "currency": {
        "code": "EUR",
        "name": "Euro",
        "symbol": "€",
        "decimals": 2
      }
    },
    "customerId": "Customer:019542f5-b3e7-1d02-0000-000000000001",
    "platformCustomerId": "18d3e5f7b4a9c2",
    "settlementTime": "2025-08-15T14:30:00Z",
    "createdAt": "2025-08-15T14:25:18Z",
    "description": "Payment for invoice #1234",
    "exchangeRate": 0.92,
    "quoteId": "Quote:019542f5-b3e7-1d02-0000-000000000006",
    "paymentInstructions": {
      "reference": "UMA-Q12345-REF",
      "bankAccountInfo": {
        "accountType": "US_ACCOUNT",
        "accountNumber": 987654321,
        "routingNumber": 123456789,
        "accountCategory": "CHECKING",
        "bankName": "Chase Bank"
      }
    }
  },
  "timestamp": "2025-08-15T14:32:00Z",
  "webhookId": "Webhook:019542f5-b3e7-1d02-0000-000000000007",
  "type": "OUTGOING_PAYMENT"
}

This response does not have an example.

Authorizations

X-Grid-Signature

string

header

required

Secp256r1 (P-256) asymmetric signature of the webhook payload, which can be used to verify that the webhook was sent by Grid.

To verify the signature:

Get the Grid public key provided to you during integration
Decode the base64 signature from the header
Create a SHA-256 hash of the request body
Verify the signature using the public key and the hash

If the signature verification succeeds, the webhook is authentic. If not, it should be rejected.

Body

application/json

timestamp

string<date-time>

required

ISO8601 timestamp when the webhook was sent (can be used to prevent replay attacks)

Example:

"2025-08-15T14:32:00Z"

webhookId

string

required

Unique identifier for this webhook delivery (can be used for idempotency)

Example:

"Webhook:019542f5-b3e7-1d02-0000-000000000007"

type

enum<string>

required

Type of webhook event

Available options:

INCOMING_PAYMENT,

OUTGOING_PAYMENT,

TEST,

BULK_UPLOAD,

INVITATION_CLAIMED,

KYC_STATUS,

ACCOUNT_STATUS

transaction

object

required

Show child attributes

Response

Webhook received successfully

Incoming payment webhook and approval mechanism Test webhook for integration verification

⌘I

Using the API

API documentation

Outgoing payment status webhook

Authentication

Authorizations

Body

Response