{
  "invitation": {
    "code": "019542f5",
    "createdAt": "2025-09-01T14:30:00Z",
    "claimedAt": "2025-09-01T15:45:00Z",
    "inviterUma": "$inviter@uma.domain",
    "inviteeUma": "$invitee@uma.domain",
    "status": "CLAIMED",
    "url": "https://uma.me/i/019542f5"
  },
  "timestamp": "2025-09-01T15:45:00Z",
  "webhookId": "Webhook:019542f5-b3e7-1d02-0000-000000000008",
  "type": "INVITATION_CLAIMED"
}

{
  "status": 400,
  "code": "INVALID_INPUT",
  "message": "<string>",
  "details": {}
}

Webhooks

Invitation claimed webhook

Webhook that is called when an invitation is claimed by a customer. This endpoint should be implemented by platform clients of the Grid API.

When a customer claims an invitation, this webhook is triggered to notify the platform that:

The invitation has been successfully claimed
The invitee UMA address is now associated with the invitation
The invitation status has changed from PENDING to CLAIMED

This allows platforms to:

Track invitation usage and conversion rates
Trigger onboarding flows for new customers who joined via invitation
Apply referral bonuses or rewards to the inviter
Update their UI to reflect the claimed status

Authentication

The webhook includes a signature in the X-Grid-Signature header that allows you to verify that the webhook was sent by Grid. To verify the signature:

Get the Grid public key provided to you during integration
Decode the base64 signature from the header
Create a SHA-256 hash of the request body
Verify the signature using the public key and the hash

If the signature verification succeeds, the webhook is authentic. If not, it should be rejected.

WEBHOOK

invitation-claimed

{
  "invitation": {
    "code": "019542f5",
    "createdAt": "2025-09-01T14:30:00Z",
    "claimedAt": "2025-09-01T15:45:00Z",
    "inviterUma": "$inviter@uma.domain",
    "inviteeUma": "$invitee@uma.domain",
    "status": "CLAIMED",
    "url": "https://uma.me/i/019542f5"
  },
  "timestamp": "2025-09-01T15:45:00Z",
  "webhookId": "Webhook:019542f5-b3e7-1d02-0000-000000000008",
  "type": "INVITATION_CLAIMED"
}

{
  "status": 400,
  "code": "INVALID_INPUT",
  "message": "<string>",
  "details": {}
}

Authorizations

X-Grid-Signature

string

header

required

Secp256r1 (P-256) asymmetric signature of the webhook payload, which can be used to verify that the webhook was sent by Grid.

To verify the signature:

Get the Grid public key provided to you during integration
Decode the base64 signature from the header
Create a SHA-256 hash of the request body
Verify the signature using the public key and the hash

If the signature verification succeeds, the webhook is authentic. If not, it should be rejected.

Body

application/json

transaction

object

required

Option 1
Option 2

Show child attributes

type

enum<string>

required

Type of webhook event

Available options:

INVITATION_CLAIMED

Example:

"INVITATION_CLAIMED"

timestamp

string<date-time>

required

ISO8601 timestamp when the webhook was sent (can be used to prevent replay attacks)

Example:

"2025-08-15T14:32:00Z"

webhookId

string

required

Unique identifier for this webhook delivery (can be used for idempotency)

Example:

"Webhook:019542f5-b3e7-1d02-0000-000000000007"

invitation

object

required

Show child attributes

requestedReceiverCustomerInfoFields

object[]

Information required by the sender's VASP about the recipient. Platform must provide these in the 200 OK response if approving. Note that this only includes fields which Grid does not already have from initial customer registration.

Show child attributes

Response

Webhook received successfully

Bulk upload status webhook

Kyc customer status change

Using the API

API documentation

Invitation claimed webhook

Authentication

Authorizations

Body

Response