Skip to main content
WEBHOOK
outgoing-payment
{
  "transaction": {
    "id": "Transaction:019542f5-b3e7-1d02-0000-000000000005",
    "status": "COMPLETED",
    "type": "OUTGOING",
    "senderUmaAddress": "$sender@uma.domain",
    "receiverUmaAddress": "$recipient@external.domain",
    "sentAmount": {
      "amount": 10550,
      "currency": {
        "code": "USD",
        "name": "United States Dollar",
        "symbol": "$",
        "decimals": 2
      }
    },
    "receivedAmount": {
      "amount": 9706,
      "currency": {
        "code": "EUR",
        "name": "Euro",
        "symbol": "€",
        "decimals": 2
      }
    },
    "customerId": "Customer:019542f5-b3e7-1d02-0000-000000000001",
    "platformCustomerId": "18d3e5f7b4a9c2",
    "settlementTime": "2025-08-15T14:30:00Z",
    "createdAt": "2025-08-15T14:25:18Z",
    "description": "Payment for invoice #1234",
    "exchangeRate": 0.92,
    "quoteId": "Quote:019542f5-b3e7-1d02-0000-000000000006",
    "paymentInstructions": [
      {
        "accountOrWalletInfo": {
          "reference": "UMA-Q12345-REF",
          "accountType": "US_ACCOUNT",
          "accountNumber": 987654321,
          "routingNumber": 123456789,
          "accountCategory": "CHECKING",
          "bankName": "Chase Bank"
        }
      },
      {
        "accountOrWalletInfo": {
          "accountType": "SOLANA_WALLET",
          "assetType": "USDC",
          "address": "4Nd1m6Qkq7RfKuE5vQ9qP9Tn6H94Ueqb4xXHzsAbd8Wg"
        }
      }
    ]
  },
  "timestamp": "2025-08-15T14:32:00Z",
  "webhookId": "Webhook:019542f5-b3e7-1d02-0000-000000000007",
  "type": "OUTGOING_PAYMENT"
}
{
  "status": 400,
  "code": "INVALID_INPUT",
  "message": "<string>",
  "details": {}
}

Authorizations

X-Grid-Signature
string
header
required

Secp256r1 (P-256) asymmetric signature of the webhook payload, which can be used to verify that the webhook was sent by Grid.

To verify the signature:

  1. Get the Grid public key provided to you during integration
  2. Decode the base64 signature from the header
  3. Create a SHA-256 hash of the request body
  4. Verify the signature using the public key and the hash

If the signature verification succeeds, the webhook is authentic. If not, it should be rejected.

Body

application/json
transaction
object
required
type
enum<string>
required

Type of webhook event

Available options:
INCOMING_PAYMENT,
OUTGOING_PAYMENT,
TEST,
BULK_UPLOAD,
INVITATION_CLAIMED,
KYC_STATUS,
ACCOUNT_STATUS
Example:

"OUTGOING_PAYMENT"

timestamp
string<date-time>
required

ISO8601 timestamp when the webhook was sent (can be used to prevent replay attacks)

Example:

"2025-08-15T14:32:00Z"

webhookId
string
required

Unique identifier for this webhook delivery (can be used for idempotency)

Example:

"Webhook:019542f5-b3e7-1d02-0000-000000000007"

requestedReceiverCustomerInfoFields
object[]

Information required by the sender's VASP about the recipient. Platform must provide these in the 200 OK response if approving. Note that this only includes fields which Grid does not already have from initial customer registration.

Response

Webhook received successfully