Using the API
{
"id": "Webhook:019542f5-b3e7-1d02-0000-000000000007",
"type": "CUSTOMER.KYC_APPROVED",
"timestamp": "2025-08-15T14:32:00Z",
"data": {
"id": "Customer:019542f5-b3e7-1d02-0000-000000000001",
"platformCustomerId": "9f84e0c2a72c4fa",
"customerType": "INDIVIDUAL",
"umaAddress": "$john.doe@uma.domain.com",
"kycStatus": "APPROVED",
"fullName": "John Michael Doe",
"birthDate": "1990-01-15",
"nationality": "US",
"address": {
"line1": "123 Main Street",
"line2": "Apt 4B",
"city": "San Francisco",
"state": "CA",
"postalCode": "94105",
"country": "US"
},
"createdAt": "2025-07-21T17:32:28Z",
"updatedAt": "2025-07-21T17:32:28Z",
"isDeleted": false
}
}{
"status": 400,
"code": "INVALID_INPUT",
"message": "<string>",
"details": {}
}Kyc customer status change
Webhook that is called when the KYC status of a customer is updated. This endpoint should be implemented by clients of the Grid API.
Authentication
The webhook includes a signature in the X-Grid-Signature header that allows you to verify that the webhook was sent by Grid.
To verify the signature:
- Get the Grid API public key provided to you during integration
- Decode the base64 signature from the header
- Create a SHA-256 hash of the request body
- Verify the signature using the public key and the hash
If the signature verification succeeds, the webhook is authentic. If not, it should be rejected.
KYC/B Flow
This webhook is triggered when KYC/B has reached a decision on a customer. Generally most customers will finish KYC within a few minutes. Others might be rejected because of incorrect data passed in or may have been flagged for manual review. The webhook will only trigger for final states. This will be APPROVED, REJECTED, EXPIRED, CANCELED, MANUALLY_APPROVED, MANUALLY_REJECTED.
- APPROVED: The customer has been approved.
- REJECTED: The customer has been rejected after a KYC check.
- PENDING_REVIEW: KYC check is in progress.
- EXPIRED: KYC check has expired. This is generally because a customer did not submit all required information needed within a session.
- CANCELED: KYC check was canceled.
- MANUALLY_APPROVED: The customer was manually approved.
- MANUALLY_REJECTED: The customer was manually rejected.
- NOT_STARTED: KYC has not started on the customer.
{
"id": "Webhook:019542f5-b3e7-1d02-0000-000000000007",
"type": "CUSTOMER.KYC_APPROVED",
"timestamp": "2025-08-15T14:32:00Z",
"data": {
"id": "Customer:019542f5-b3e7-1d02-0000-000000000001",
"platformCustomerId": "9f84e0c2a72c4fa",
"customerType": "INDIVIDUAL",
"umaAddress": "$john.doe@uma.domain.com",
"kycStatus": "APPROVED",
"fullName": "John Michael Doe",
"birthDate": "1990-01-15",
"nationality": "US",
"address": {
"line1": "123 Main Street",
"line2": "Apt 4B",
"city": "San Francisco",
"state": "CA",
"postalCode": "94105",
"country": "US"
},
"createdAt": "2025-07-21T17:32:28Z",
"updatedAt": "2025-07-21T17:32:28Z",
"isDeleted": false
}
}{
"status": 400,
"code": "INVALID_INPUT",
"message": "<string>",
"details": {}
}Authorizations
Secp256r1 (P-256) asymmetric signature of the webhook payload, which can be used to verify that the webhook was sent by Grid. To verify the signature:
- Get the Grid public key provided to you during integration
- Decode the base64 signature from the header
- Create a SHA-256 hash of the request body
- Verify the signature using the public key and the hash
If the signature verification succeeds, the webhook is authentic. If not, it should be rejected.
Body
Unique identifier for this webhook delivery (can be used for idempotency)
"Webhook:019542f5-b3e7-1d02-0000-000000000007"
Status-specific event type in OBJECT.EVENT dot-notation (e.g., OUTGOING_PAYMENT.COMPLETED)
CUSTOMER.KYC_APPROVED, CUSTOMER.KYC_REJECTED, CUSTOMER.KYC_SUBMITTED, CUSTOMER.KYC_MANUALLY_APPROVED, CUSTOMER.KYC_MANUALLY_REJECTED ISO 8601 timestamp of when the webhook was sent
"2025-08-15T14:32:00Z"
The resource object. Contains the full resource as the corresponding GET endpoint would return it.
Show child attributes
Show child attributes
Response
Webhook received successfully
Was this page helpful?