Test webhook for integration verification
Webhook that is sent once to verify your webhook endpoint is correctly set up. This is sent when you configure or update your platform settings with a webhook URL.
Authentication
The webhook includes a signature in the X-Grid-Signature header that allows you to verify that the webhook was sent by the Grid API.
To verify the signature:
- Get the Grid public key provided to you during integration
- Decode the base64 signature from the header
- Create a SHA-256 hash of the request body
- Verify the signature using the public key and the hash
If the signature verification succeeds, the webhook is authentic. If not, it should be rejected.
This webhook is purely for testing your endpoint integration and signature verification.
Authorizations
Secp256r1 (P-256) asymmetric signature of the webhook payload, which can be used to verify that the webhook was sent by Grid.
To verify the signature:
- Get the Grid public key provided to you during integration
- Decode the base64 signature from the header
- Create a SHA-256 hash of the request body
- Verify the signature using the public key and the hash
If the signature verification succeeds, the webhook is authentic. If not, it should be rejected.
Body
- Option 1
- Option 2
- Option 3
- Option 4
- Option 5
- Option 6
- Option 1
- Option 2
Type of webhook event
INCOMING_PAYMENT, OUTGOING_PAYMENT, TEST, BULK_UPLOAD, INVITATION_CLAIMED, KYC_STATUS, ACCOUNT_STATUS "TEST"
ISO8601 timestamp when the webhook was sent (can be used to prevent replay attacks)
"2025-08-15T14:32:00Z"
Unique identifier for this webhook delivery (can be used for idempotency)
"Webhook:019542f5-b3e7-1d02-0000-000000000007"
Information required by the sender's VASP about the recipient. Platform must provide these in the 200 OK response if approving. Note that this only includes fields which Grid does not already have from initial customer registration.
Response
Webhook received successfully. This confirms your webhook endpoint is properly configured.