{
  "id": "Webhook:019542f5-b3e7-1d02-0000-000000000007",
  "type": "INCOMING_PAYMENT.PENDING",
  "timestamp": "2025-08-15T14:32:00Z",
  "data": {
    "id": "Transaction:019542f5-b3e7-1d02-0000-000000000005",
    "status": "PENDING",
    "type": "INCOMING",
    "destination": {
      "destinationType": "UMA_ADDRESS",
      "umaAddress": "$recipient@uma.domain"
    },
    "customerId": "Customer:019542f5-b3e7-1d02-0000-000000000001",
    "platformCustomerId": "18d3e5f7b4a9c2",
    "senderUmaAddress": "$sender@external.domain",
    "receiverUmaAddress": "$recipient@uma.domain",
    "receivedAmount": {
      "amount": 50000,
      "currency": {
        "code": "USD",
        "name": "United States Dollar",
        "symbol": "$",
        "decimals": 2
      }
    },
    "counterpartyInformation": {
      "FULL_NAME": "John Sender",
      "BIRTH_DATE": "1985-06-15",
      "NATIONALITY": "US"
    },
    "reconciliationInstructions": {
      "reference": "REF-123456789"
    },
    "requestedReceiverCustomerInfoFields": [
      {
        "name": "NATIONALITY",
        "mandatory": true
      },
      {
        "name": "POSTAL_ADDRESS",
        "mandatory": false
      }
    ]
  }
}

{
  "receiverCustomerInfo": {}
}

Webhooks

Incoming payment webhook and approval mechanism

Webhook that is called when an incoming payment is received by a customer’s UMA address. This endpoint should be implemented by clients of the Grid API.

Authentication

The webhook includes a signature in the X-Grid-Signature header that allows you to verify that the webhook was sent by Grid. To verify the signature:

Get the Grid public key provided to you during integration
Decode the base64 signature from the header
Create a SHA-256 hash of the request body
Verify the signature using the public key and the hash

If the signature verification succeeds, the webhook is authentic. If not, it should be rejected.

Payment Approval Flow

When a transaction has status: "PENDING", this webhook serves as an approval mechanism:

The client should check the counterpartyInformation against their requirements
To APPROVE the payment synchronously, return a 200 OK response
To REJECT the payment, return a 403 Forbidden response with an Error object
To request more information, return a 422 Unprocessable Entity with specific missing fields
To process the payment asynchronously, return a 202 Accepted response and then call the /transactions/{transactionId}/approve or /transactions/{transactionId}/reject endpoint within 5 seconds. Note that synchronous approval/rejection is preferred where possible.

The Grid system will proceed or cancel the payment based on your response.

For transactions with other statuses (COMPLETED, FAILED, REFUNDED), this webhook is purely informational.

WEBHOOK

incoming-payment

{
  "id": "Webhook:019542f5-b3e7-1d02-0000-000000000007",
  "type": "INCOMING_PAYMENT.PENDING",
  "timestamp": "2025-08-15T14:32:00Z",
  "data": {
    "id": "Transaction:019542f5-b3e7-1d02-0000-000000000005",
    "status": "PENDING",
    "type": "INCOMING",
    "destination": {
      "destinationType": "UMA_ADDRESS",
      "umaAddress": "$recipient@uma.domain"
    },
    "customerId": "Customer:019542f5-b3e7-1d02-0000-000000000001",
    "platformCustomerId": "18d3e5f7b4a9c2",
    "senderUmaAddress": "$sender@external.domain",
    "receiverUmaAddress": "$recipient@uma.domain",
    "receivedAmount": {
      "amount": 50000,
      "currency": {
        "code": "USD",
        "name": "United States Dollar",
        "symbol": "$",
        "decimals": 2
      }
    },
    "counterpartyInformation": {
      "FULL_NAME": "John Sender",
      "BIRTH_DATE": "1985-06-15",
      "NATIONALITY": "US"
    },
    "reconciliationInstructions": {
      "reference": "REF-123456789"
    },
    "requestedReceiverCustomerInfoFields": [
      {
        "name": "NATIONALITY",
        "mandatory": true
      },
      {
        "name": "POSTAL_ADDRESS",
        "mandatory": false
      }
    ]
  }
}

{
  "receiverCustomerInfo": {}
}

Authorizations

X-Grid-Signature

string

header

required

Secp256r1 (P-256) asymmetric signature of the webhook payload, which can be used to verify that the webhook was sent by Grid. To verify the signature:

Get the Grid public key provided to you during integration
Decode the base64 signature from the header
Create a SHA-256 hash of the request body
Verify the signature using the public key and the hash

If the signature verification succeeds, the webhook is authentic. If not, it should be rejected.

Body

application/json

string

required

Unique identifier for this webhook delivery (can be used for idempotency)

Example:

"Webhook:019542f5-b3e7-1d02-0000-000000000007"

type

enum<string>

required

Status-specific event type in OBJECT.EVENT dot-notation (e.g., OUTGOING_PAYMENT.COMPLETED)

Available options:

INCOMING_PAYMENT.PENDING,

INCOMING_PAYMENT.COMPLETED,

INCOMING_PAYMENT.FAILED

timestamp

string<date-time>

required

ISO 8601 timestamp of when the webhook was sent

Example:

"2025-08-15T14:32:00Z"

data

Incoming Transaction · object

required

The resource object. Contains the full resource as the corresponding GET endpoint would return it.

Show child attributes

Response

Webhook received successfully. For PENDING transactions, this indicates approval to proceed with the payment. If requestedReceiverCustomerInfoFields were present in the webhook request, the corresponding fields for the recipient must be included in this response in the receiverCustomerInfo object.

receiverCustomerInfo

object

Information about the recipient, provided by the platform if requested in the webhook via requestedReceiverCustomerInfoFields and the payment is approved.

Delete API token by ID

Outgoing payment status webhook

⌘I

Using the API

API documentation

Incoming payment webhook and approval mechanism

Authentication

Payment Approval Flow

Authorizations

Body

Response