CryptoPass API Docs
cryptopass.com Documentation

Webhook

Webhook

6. Webhook from CryptoPass (create/update)

  • Method: POST (HTTPS only)
  • Headers:

- Content-Type: application/json - Authorization: Bearer <webhook_api_key> (optional) - X-Cryptopass-Signature: sha256=<HMAC_HEX_OF_RAW_BODY_WITH_webhook_secret>

Important: verify the signature and use replay_protection_id for idempotency.

Request

Request body for cryptopass.created (example):

{
  "event": "cryptopass.created",
  "provider_slug": "myexchange",
  "external_user_id": "ext-user-12345",
  "timestamp": "2025-10-27T12:34:56Z",
  "cryptopass": {
    "id": 1234,
    "order_id": 5678,
    "status": "active",
    "level": { "duration_days": 365 },
    "user": { "email": "optional@example.com", "sumsub_applicant_id": "optional-abc123" },
    "verification": {
      "kyc_status": "passed",
      "aml_status": "passed",
      "ownership_status": "passed"
    },
    "wallets": [{
      "address": "0xabc...",
      "chain": "ETH",
      "ownership_signature": "0x...",
      "ownership_status": "passed",
      "risk_score": 14
    }],
    "documents": { "pdf_report_url": "https://.../report.pdf" }
  },
  "meta": { "replay_protection_id": "jti-123", "version": "1.0" }
}

Response

Response: 200 OK with { "ok": true }.

Retries: we retry non-2xx with backoff. Handle idempotently via replay_protection_id.