Webhooks are enabled by Anchorage Digital upon request. Notify your integration point of contact to enable webhooks for your organization.
Subscribing to webhooks via API
API permission group configuration
Update your permission group to include the global permission Configure webhooks. Either create a new permission group or edit an existing one.
See Permission Groups for instructions.
Webhook validation key
The webhook validation key validates the authenticity of the Api-Signature header on incoming notifications. Keep this value tamper-proof.
Idempotency with messageId
Each message includes a message_id — treat it as an idempotent ID to detect duplicate deliveries. Also use timestamp to validate event freshness.
Webhook schema
| Field | Description |
|---|
payload | Base64-encoded payload containing the relevant transactionId or other IDs depending on event type |
timestamp | Unix timestamp of when the message was sent |
message_id | Unique ID for this event message — use as idempotent ID |
event_type | The event topic and name for the subscription |
{
"payload": "[]byte",
"timestamp": "int64",
"message_id": "string",
"event_type": "string"
}
Create a webhook endpoint
List available event types
List the full set of event types configured for your organization before creating subscriptions.
{
"data": [
{
"description": "Notification of a new RIA program customer who has successfully completed and passed Onboarding KYC.",
"id": "program-customer-onboard.completed"
},
{
"description": "Notification of a successful withdrawal completed on-chain",
"id": "withdrawal.completed"
},
{
"description": "Notification of a subaccount that currently is low on funds",
"id": "subaccount.low-balance"
},
{
"description": "Notification of a failed transfer",
"id": "transfer.failed"
},
{
"description": "Notification of successful completion of deposit attribution",
"id": "deposit.attributed"
},
{
"description": "Notification of a successful withdrawal initiated but still pending quorum approval and/or risk review",
"id": "withdrawal.initiated"
},
{
"description": "Notification of a collateral package state change",
"id": "collateral-package-state-change.collateral-package-state-change"
},
{
"description": "Notification of a successful transfer that is now completed",
"id": "transfer.completed"
},
{
"description": "Notification of an open RIA program customer process that has requested further information.",
"id": "program-customer-onboard.rfi"
},
{
"description": "Notification of a new deposit pending attribution",
"id": "deposit.pending-attribution"
},
{
"description": "Notification of a failed withdrawal",
"id": "withdrawal.failed"
},
{
"description": "Notification of a subaccount withdrawal request status change",
"id": "subaccount.subaccount-withdrawal-request-status-change"
},
{
"description": "Notification of a transfer that has successfully been initiated",
"id": "transfer.initiated"
},
{
"description": "Notification of a subaccount that has successfully completed and passed Onboarding KYC.",
"id": "subaccount.opened"
}
],
"page": {
"next": null
}
}
Create webhook subscriptions
Subscribe an endpoint to one or more event types. A notification is sent to all subscribed endpoints each time the event fires.
Validate the signature and decode the payload
Verify the Api-Signature header using the validation key, then Base64-decode the payload field.
import * as ed from '@noble/ed25519';
const pubKey = 'c14b7f3da18abb17b7304f925a68b18c1ea0dad6663b6b54cb67a737ecb77cd0';
function toHex(str: string) {
var result = '';
for (var i = 0; i < str.length; i++) {
result += str.charCodeAt(i).toString(16);
}
return result;
}
const message = `...`; // raw message body
const signature = '...'; // Api-Signature header value
const isValid = await ed.verifyAsync(signature, toHex(message), pubKey);
console.log("Is valid: ", isValid);
console.log("Payload: ", atob(JSON.parse(message).payload));
Manage endpoints and subscriptions
Once configured, update or cancel webhook endpoints and subscriptions as needed.
Additional resources
