Skip to main content
WEBHOOK
verification-update
{
  "id": "Webhook:019542f5-b3e7-1d02-0000-000000000030",
  "type": "VERIFICATION.APPROVED",
  "timestamp": "2025-08-15T14:32:00Z",
  "data": {
    "id": "Verification:019542f5-b3e7-1d02-0000-000000000010",
    "customerId": "Customer:019542f5-b3e7-1d02-0000-000000000001",
    "verificationStatus": "APPROVED",
    "errors": [],
    "createdAt": "2025-08-15T14:00:00Z"
  }
}
{
  "status": 400,
  "code": "INVALID_INPUT",
  "message": "<string>",
  "details": {}
}

Authorizations

X-Grid-Signature
string
header
required

Secp256r1 (P-256) asymmetric signature of the webhook payload, which can be used to verify that the webhook was sent by Grid. To verify the signature:

  1. Get the Grid public key provided to you during integration
  2. Decode the base64 signature from the header
  3. Create a SHA-256 hash of the request body
  4. Verify the signature using the public key and the hash

If the signature verification succeeds, the webhook is authentic. If not, it should be rejected.

Body

application/json
id
string
required

Unique identifier for this webhook delivery (can be used for idempotency)

Example:

"Webhook:019542f5-b3e7-1d02-0000-000000000007"

type
enum<string>
required

Status-specific event type in OBJECT.EVENT dot-notation (e.g., OUTGOING_PAYMENT.COMPLETED)

Available options:
VERIFICATION.APPROVED,
VERIFICATION.REJECTED,
VERIFICATION.RESOLVE_ERRORS,
VERIFICATION.IN_PROGRESS,
VERIFICATION.PENDING_MANUAL_REVIEW
timestamp
string<date-time>
required

ISO 8601 timestamp of when the webhook was sent

Example:

"2025-08-15T14:32:00Z"

data
object
required

Response

Webhook received successfully