> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dr.green/llms.txt
> Use this file to discover all available pages before exploring further.

# Post apiv1kycwebhook



## OpenAPI

````yaml /openapi/drgreen-api.yaml post /api/v1/kyc/webhook
openapi: 3.1.0
info:
  title: Dr Green API
  version: 1.0.0
  x-deploy-version: '1.0'
  description: >-
    REST API for the Dr Green platform. Audience: external developers building
    forward-facing storefronts on behalf of Digital Key (NFT) holders.


    **Authentication:** Every authenticated request signs a canonical payload
    with ECDSA secp256k1 + SHA-256 and sends two headers: `x-auth-apikey`
    (Base64 PEM public key) and `x-auth-signature` (Base64 signature). The DAPP
    UI may alternatively use a JWT bearer token. See the markdown reference at
    `docs/02-authentication.md`.


    **Response envelope:** every response wraps in `{success, statusCode,
    message, data}`. Error responses use the same shape with `success: false`;
    validation errors put a string array in `data`.


    **This spec is enriched.** The live spec at `/api-json` is OpenAPI 3.0.0
    with no `servers`, no security schemes, and sparse response declarations.
    This version (3.1.0) adds them to make the spec usable for codegen and
    Swagger UI. It does NOT change the underlying API contract.
  contact:
    name: Dr Green Engineering
    url: https://dapp.drgreennft.com
  license:
    name: Proprietary
    url: https://drgreennft.com
servers:
  - url: https://api.drgreennft.com/api/v1
    description: Production
  - url: https://stage-api.drgreennft.com/api/v1
    description: Staging (intermittent — see 03-environment.md)
security:
  - apiKey: []
    apiSignature: []
tags: []
externalDocs:
  description: Full developer documentation (markdown + worked examples)
  url: https://drgreennft.com/api-docs
paths:
  /api/v1/kyc/webhook:
    post:
      operationId: KycController_kycWebhook
      parameters: []
      responses:
        '201':
          description: ''
        '400':
          $ref: '#/components/responses/BadRequest'
        '404':
          $ref: '#/components/responses/NotFound'
        '500':
          $ref: '#/components/responses/InternalServerError'
      security: []
components:
  responses:
    BadRequest:
      description: >-
        Validation failure. data is an array of human-readable strings from
        class-validator, one per field violation.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
          example:
            statusCode: 400
            message: Validation failed
            data:
              - email must be a valid email
              - phoneNumber should not be empty
    NotFound:
      description: Resource doesn't exist or isn't visible to this caller.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
    InternalServerError:
      description: >-
        Unexpected server failure. Transient 5xx with 'upstream connect error or
        disconnect/reset before headers' is the Envoy proxy in front of the
        backend — retry with exponential backoff.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
  schemas:
    ErrorEnvelope:
      type: object
      required:
        - statusCode
        - message
      description: Error responses use the same envelope as success, with success=false.
      properties:
        success:
          type: boolean
          example: false
          nullable: true
        statusCode:
          type: integer
          example: 400
        message:
          oneOf:
            - type: string
            - type: array
              items:
                type: string
          description: >-
            Single string for most errors. Array of strings from class-validator
            for 400 validation failures.
        data:
          type: 'null'
  securitySchemes:
    apiKey:
      type: apiKey
      in: header
      name: x-auth-apikey
      description: >-
        The holder's Base64-encoded PEM SPKI public key. Issued via POST /keys
        in the DAPP UI. See docs/02-authentication.md.
    apiSignature:
      type: apiKey
      in: header
      name: x-auth-signature
      description: >-
        Base64-encoded ECDSA-SHA256 signature over the canonical payload. Curve:
        secp256k1. Canonical payload rules depend on HTTP method —
        POST/PATCH/PUT sign the JSON body; GET/DELETE with query sign
        urlencode(query); GET/DELETE with no query sign '{}'. See
        docs/02-authentication.md for the full spec.

````