Skip to main content
WEBHOOK
account-status
{
  "account": {
    "accountId": "Account:019542f5-b3e7-1d02-0000-000000000005",
    "oldBalance": {
      "amount": 50000,
      "currency": {
        "code": "USD",
        "name": "United States Dollar",
        "symbol": "$",
        "decimals": 2
      }
    },
    "newBalance": {
      "amount": 10000,
      "currency": {
        "code": "USD",
        "name": "United States Dollar",
        "symbol": "$",
        "decimals": 2
      }
    },
    "customerId": "Customer:019542f5-b3e7-1d02-0000-000000000001",
    "platformCustomerId": "019542f5-b3e7-1d02-0000-000000000001"
  },
  "timestamp": "2025-08-15T14:32:00Z",
  "webhookId": "Webhook:019542f5-b3e7-1d02-0000-000000000007",
  "type": "ACCOUNT_STATUS"
}
{
  "status": 400,
  "code": "INVALID_INPUT",
  "message": "<string>",
  "details": {}
}

Authorizations

X-Grid-Signature
string
header
required

Secp256r1 (P-256) asymmetric signature of the webhook payload, which can be used to verify that the webhook was sent by Grid.

To verify the signature:

  1. Get the Grid public key provided to you during integration
  2. Decode the base64 signature from the header
  3. Create a SHA-256 hash of the request body
  4. Verify the signature using the public key and the hash

If the signature verification succeeds, the webhook is authentic. If not, it should be rejected.

Body

application/json
transaction
object
required
type
enum<string>
required

Type of webhook event

Available options:
INCOMING_PAYMENT,
OUTGOING_PAYMENT,
TEST,
BULK_UPLOAD,
INVITATION_CLAIMED,
KYC_STATUS,
ACCOUNT_STATUS
Example:

"INCOMING_PAYMENT"

timestamp
string<date-time>
required

ISO8601 timestamp when the webhook was sent (can be used to prevent replay attacks)

Example:

"2025-08-15T14:32:00Z"

webhookId
string
required

Unique identifier for this webhook delivery (can be used for idempotency)

Example:

"Webhook:019542f5-b3e7-1d02-0000-000000000007"

accountId
string
required

The id of the account whose balance has changed

requestedReceiverCustomerInfoFields
object[]

Information required by the sender's VASP about the recipient. Platform must provide these in the 200 OK response if approving. Note that this only includes fields which Grid does not already have from initial customer registration.

oldBalance
object
newBalance
object
customerId
string

The ID of the customer associated with the internal account

Example:

"Customer:019542f5-b3e7-1d02-0000-000000000001"

platformCustomerId
string

The ID of the customer as associated in your platform

Example:

"019542f5-b3e7-1d02-0000-000000000001"

Response

Webhook received successfully