Skip to main content

Delivery and headers

Ground sends POST requests to your registered url with:
  • Content-Type: application/json
  • Ground-Event-Id
  • Ground-Event-Type
  • Ground-Signature
Body is the JSON event payload (for example, a deposit object or withdrawal object).

Signature format

Stripe-style HMAC:
  • Header: Ground-Signature: t=<unix_timestamp>,v1=<hex_hmac>
  • HMAC: v1 = HMAC_SHA256(key = secret, message = t + "." + rawBody)
  • rawBody is the exact request body string (verify before JSON.parse)

Node / Express verification example

Node