Skip to main content
WEBHOOK
walletHashSigned
{
  "address": "0x742d35Cc6634C0532925a3b844Bc454e4438f44e",
  "signed_at": "2025-06-01T10:01:00Z"
}

Authorizations

X-Hook0-Signature
string
header
required

HMAC-SHA256 signature of the raw request body, computed using your webhook secret. Webhook receivers should always verify this header before processing the event. The header value is hex-encoded and prefixed by the algorithm and timestamp, e.g. t=1700000000,v1=abc123... (refer to the Webhook Security docs for the exact verification algorithm).

This scheme applies to webhook delivery (outbound POSTs from CDP to your endpoint), not to inbound CDP API requests.

Body

application/json

The wallet.hash.signed webhook event payload.

Delivered when a raw hash is signed. Emitted for both EVM and Solana wallets. The payload is one of six variants: API Key Wallet, User Wallet, or User Wallet (Delegated Signing), each delivered as an EVM or Solana variant.

address
string
required

The EVM wallet address that performed the signing.

Required string length: 1 - 128
Pattern: ^0x[0-9a-fA-F]{40}$
Example:

"0x742d35Cc6634C0532925a3b844Bc454e4438f44e"

signed_at
string<date-time>
required

When the signing occurred (ISO 8601 format).

Example:

"2025-06-01T10:01:00Z"

Response

Webhook received and processed successfully.