Customers capability changed
Triggered when the customers.capability.changed webhook event is emitted. Your API will receive a POST request at the webhook URL you configured.
Authorizations
HMAC-SHA256 signature of the raw request body, computed using your webhook secret. Webhook receivers should always verify this header before processing the event. The header value is hex-encoded and prefixed by the algorithm and timestamp, e.g. t=1700000000,v1=abc123... (refer to the Webhook Security docs for the exact verification algorithm).
This scheme applies to webhook delivery (outbound POSTs from CDP to your endpoint), not to inbound CDP API requests.
Body
The customers.capability.changed webhook event payload.
Common envelope fields included in every Customers webhook event payload.
Unique identifier for this webhook event. Use this for idempotency.
"3a7f8b2e-1c4d-4e9a-b5f6-d8a2c0e7f194"
The type of webhook event.
customers.capability.changed "customers.capability.changed"
The UTC ISO 8601 timestamp at which the underlying state change occurred, not the time at which this webhook was delivered.
"2026-04-01T12:00:02Z"
Payload body for the customers.capability.changed event. Emitted when the status of a capability changes. Several capabilities may change in a single event, with each change represented by a distinct entry in the capabilities array.
{
"customerId": "customer_38d54acb-0868-431c-a88e-1ffcb62655eb",
"capabilities": [
{ "code": "custodyFiat", "status": "active" }
]
}Response
Webhook received and processed successfully.