KYT decision webhook

Response contract

The approve / reject / hold responses and whitelist validation.

The merchant's KYT endpoint MUST respond with HTTP 2xx and a JSON body within the SLA window. Any response that fails field-level validation is treated as a failure regardless of HTTP status.

Response body

{
  "decision":    "approve | reject | hold",
  "sweep_to":    "0x...",
  "refund_to":   "0x...",
  "reason":      "string | null",
  "retry_after": 300
}

Field rules

FieldTypeRule
decisionenumMUST be present. MUST be one of approve, reject, hold.
sweep_tohex stringMUST be present if and only if decision = approve. MUST be a valid EVM address. MUST be null or absent for reject and hold.
refund_tohex stringMUST be present if and only if decision = reject. MUST be a valid EVM address. MUST be null or absent for approve and hold.
reasonstring|nullOptional for all decision values. When present, MUST be a UTF-8 string ≤ 512 characters. Stored for audit.
retry_afterintegerMUST be present if and only if decision = hold. MUST be a positive integer (seconds). MUST be null or absent for approve and reject.

A response that violates any conditionality rule is treated as a failure, regardless of HTTP status. See Endpoint health and suspension for the impact on the failure counter.

Decision semantics

approve — Sweep the deposit to the address in sweep_to. On-chain execution follows.

reject — Return the deposit to the address in refund_to. On-chain execution follows.

hold — Do not execute. Tekmerion schedules a re-invocation after retry_after seconds. See Hold and retries.

Destination address requirements

Addresses supplied in sweep_to and refund_to MUST be members of the merchant's registered destination whitelist. The whitelist is established during onboarding through the Factory authorisation flow and updated through the same process.

The whitelist is enforced on-chain at execution time. If sweep_to or refund_to is not in the whitelist:

  • Tekmerion records the decision as received.
  • The attempt is marked non-executable.
  • Funds remain unswept until the destination is whitelisted and the attempt is resolved through ops intervention.

Providing an out-of-whitelist address in a sweep_to or refund_to field MUST NOT be treated as a valid response.

What constitutes an invalid response

A response is invalid and treated as a failure when:

  • HTTP status is non-2xx.
  • The response body is not valid JSON.
  • decision is missing or contains a value outside approve, reject, hold.
  • A conditional field (sweep_to, refund_to, retry_after) is present when it MUST be absent, or absent when it MUST be present.
  • sweep_to or refund_to is not a syntactically valid EVM address.
  • retry_after is not a positive integer.

Invalid responses count toward the endpoint's consecutive-failure counter.

Verifying requests

How to authenticate an incoming KYT request.

SLA and timeouts

The SLA window and what happens on timeout.

On this page

Response bodyField rulesDecision semanticsDestination address requirementsWhat constitutes an invalid response