● Reference
Webhooks
32 events, one envelope, HMAC-SHA256 signed (MD-Signature). Acknowledge with any 2xx within 10 seconds; deliveries retry with exponential backoff for 72 hours.
{
"id": "evt_01JX4M...",
"type": "judgment.validated",
"created": "2026-06-11T17:42:09Z",
"livemode": false,
"data": { "judgment_id": "jdg_8kQ2", "status": "ready", "audit_ref": "aud_77fQ..." }
}
Subscribe
Register an endpoint with POST /v1/webhook_endpoints. Each endpoint gets its own signing secret (returned once, on create) and an enabled_events filter — omit it (or pass ["*"]) to receive everything.
curl -X POST https://sandbox.api.microndelta.com/v1/webhook_endpoints \
-H "Authorization: Bearer md_test_xxxxxxxxxxxxxxxx" \
-H "MD-Version: 2026-06-11" \
-H "Content-Type: application/json" \
-d '{ "url": "https://example.com/md/webhooks",
"enabled_events": ["judgment.created", "packet.created"] }'
Event catalog
| Event | Fires when |
|---|---|
| ● judgment.validated | A judgment passed validation. |
| ● matter.authority.granted | An authority model was granted on a matter. |
| ● debtor.graph.updated | The adversary graph changed: node or edge added, merged, or rescored. |
| ● campaign.action.assigned | A claw campaign assigned an action to an operator queue. |
| ● alert.movement.detected | Monitoring detected asset movement on a watched target. |
| ● attribution.claim.scored | An attribution claim received a confidence score. |
| ● packet.exchange_freeze.exported | An exchange-freeze packet was exported for service. |
| ● sanctions.screen.hit | A sanctions screen returned a hit; the gate is now active. |
| ● ledger.recovery_event.recorded | A recovery event was recorded to the ledger. |
| ● waterfall.calculated | A distribution waterfall was calculated. |
| ● matter.created | A matter was opened. |
| ● matter.closed | A matter was closed (paid, settled, exhausted, stayed, or administrative). |
| ● matter.authority.revoked | An authority grant was revoked or expired. |
| ● judgment.created | A judgment record was created from intake. Renamed from judgment.intaken; the old name is accepted as an enabled_events alias under 2026-06-11 and will be removed in the next date version. |
| ● judgment.validation_failed | A judgment failed readiness; failing gates are named in the payload. |
| ● judgment.deadline.approaching | A judgment deadline enters its warning window. |
| ● claimant.added | A claimant was added to a matter. |
| ● claimant.verified | A claimant completed verification. |
| ● debtor.added | A debtor entity was added to the adversary graph. |
| ● relationship.asserted | A relationship edge was asserted between graph entities. |
| ● attribution.claim.created | An attribution claim was created (pre-scoring). |
| ● attribution.network.updated | Network attribution recomputed cluster membership. |
| ● crypto.trace.completed | A crypto trace run completed. |
| ● crypto.exposure.updated | Exchange exposure for a traced wallet changed. |
| ● campaign.created | A claw campaign was created. |
| ● campaign.completed | A claw campaign reached a terminal state. |
| ● packet.created | An enforcement packet was assembled. |
| ● packet.turnover.exported | A turnover packet was exported for service. |
| ● remediation.case.opened | An issuer remediation case was opened. |
| ● remediation.case.resolved | An issuer remediation case was resolved. |
| ● sanctions.screen.cleared | A prior sanctions hit was reviewed and cleared; the gate lifts. |
| ● report.generated | A requested report finished generating. |
Event names are stable and safe to build against. New events ship additively with a changelog entry; renames keep the old name as an alias for one date version.