
type: "EMBEDDED_WALLET" that participates in the standard Grid customer, quote, transaction, and webhook flows.
Why a Grid Global Account?
- Self-custody. Grid never has unilateral access to move user funds, and neither do you. The customer’s device is the only party that can authorize a transaction.
- Stablecoin-denominated. Balances are held as stablecoins like Brale-issued USDB. Use the standard
/quotesAPI to convert in from fiat or out to any supported Grid bank-account rail (ACH, PIX, CLABE, UPI, IBAN, UMA, …). - Grid-native. You reuse the customer, internal-account, quote, transaction, and webhook primitives you already integrated for Payouts or P2P. The only thing that’s new is an auth + signing layer at the account.
- Built on Bitcoin. Global Accounts run on Spark, a Lightning-compatible Bitcoin L2 that supports instant, low-fee Bitcoin and Stablecoin transfers. You get the benefits of running on Bitcoin, the most neutral, decentralized, and secure network for money.
Payment flow
Grid Global Accounts ride on the same/quotes + /quotes/{id}/execute pattern as every other Grid payment. The only thing that’s different is that outbound transfers need a client signature.
- Incoming funds. Funding an account works like any other internal account. Create a quote with the Global Account as the
destination, execute it, and Grid converts the source currency into USDB and credits the account. No customer approval needed — incoming value is passive. - Outgoing funds. Withdrawals and transfers out require the customer to authorize them on their device. Grid returns a
payloadToSignin the quote’spaymentInstructions; the client signs those bytes with its session signing key and passes the base64 signature as theGrid-Wallet-Signatureheader on/quotes/{id}/execute. Only then does Grid release the funds.
Architecture
Three parties participate in every signed action:
The client never talks to Grid directly. Every request flows client → integrator backend → Grid.
Auth credentials, client keys, and session signing keys
Three distinct pieces of crypto collaborate to authorize actions on the Global Account (withdrawals, credential changes, session revocations, wallet exports, and wallet privacy updates):
The flow is always the same: verify an auth credential → receive a short-lived session signing key → build a Grid wallet signature over the
payloadToSign bytes on the client → pass that signature as the Grid-Wallet-Signature header on the request that actually moves funds or changes account state. This applies to withdrawals, adding or removing credentials, refreshing or revoking sessions, exporting the wallet seed, updating customer email for tied email OTP credentials, and updating wallet privacy.
Core capabilities
Additional capabilities
Some Global Accounts capabilities require platform enablement before you can build with them. Book a demo to see how they fit your platform.Where to next
Implementation overview
End-to-end walkthrough: create a customer, register a passkey, fund the account, and execute a signed withdrawal.
Agents (experimental)
Native Grid support for connected AI agents, managed permissions, and partner approval surfaces.
Authentication
Passkey, OAuth (OIDC), and email OTP registration and reauthentication flows.
Client keys & signing
Generate the P-256 key pair, decrypt the session signing key, and sign payloads on Web, iOS, and Android.
Sandbox testing
Magic values for OTP and signatures, plus sandbox OIDC token rules that exercise the full request shape without standing up real auth providers.