> ## Documentation Index > Fetch the complete documentation index at: https://docs.avidoai.com/llms.txt > Use this file to discover all available pages before exploring further. # Validate an incoming webhook request > Checks the body (including timestamp and signature) against the configured webhook secret. Returns `{ valid: true }` if the signature is valid. ## OpenAPI ````yaml https://app.stainless.com/api/spec/documented/avido/openapi.documented.yml post /v0/validate-webhook openapi: 3.1.1 info: title: Avido API description: >- Avido's API for LLM usage events, tool calls, trace management, webhook validation, and more. See each endpoint's request/response schema for details. version: 0.1.0 contact: name: Avido Support email: support@avidoai.com url: https://avidoai.com/support servers: - url: https://api.avidoai.com description: Production API security: - ApiKey: [] ApplicationId: [] paths: /v0/validate-webhook: post: tags: - Webhook summary: Validate an incoming webhook request description: >- Checks the body (including timestamp and signature) against the configured webhook secret. Returns `{ valid: true }` if the signature is valid. operationId: validateWebhook requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/WebhookValidationRequest' responses: '200': description: Webhook is valid content: application/json: schema: $ref: '#/components/schemas/WebhookValidationResponse' examples: success: summary: Successfully validated webhook value: valid: true '400': description: bad request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '401': description: unauthorized content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '403': description: forbidden content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '422': description: invalid input content: application/json: schema: $ref: '#/components/schemas/ValidationErrorResponse' '500': description: internal server error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-codeSamples: - lang: JavaScript source: |- import Avido from 'avido'; const client = new Avido({ apiKey: process.env['AVIDO_API_KEY'], // This is the default and can be omitted applicationID: process.env['AVIDO_APPLICATION_ID'], // This is the default and can be omitted }); const response = await client.validateWebhook.validate({ body: { applicationId: '456e7890-e89b-12d3-a456-426614174000', prompt: 'I lost my card, please block it.', testId: '123e4567-e89b-12d3-a456-426614174000', }, signature: 'abc123signature', }); console.log(response.valid); - lang: Python source: |- import os from avido import Avido client = Avido( api_key=os.environ.get("AVIDO_API_KEY"), # This is the default and can be omitted application_id=os.environ.get("AVIDO_APPLICATION_ID"), # This is the default and can be omitted ) response = client.validate_webhook.validate( body={ "application_id": "456e7890-e89b-12d3-a456-426614174000", "prompt": "I lost my card, please block it.", "test_id": "123e4567-e89b-12d3-a456-426614174000", }, signature="abc123signature", ) print(response.valid) components: schemas: WebhookValidationRequest: type: object properties: signature: type: string description: HMAC signature for the request body. example: abc123signature timestamp: description: >- Timestamp for the request. Accepts unix milliseconds (string/number) and ISO date strings. example: '2024-01-01T00:00:00.000Z' type: string body: $ref: '#/components/schemas/WebhookValidationRequestBody' description: The payload received from Avido. Use this in signature verification. required: - signature - body additionalProperties: false title: WebhookRequest description: >- Raw JSON payload sent by an external webhook, including signature and timestamp. HMAC verification is used for security. WebhookValidationResponse: type: object properties: valid: type: boolean description: Indicates if the webhook payload was successfully validated. example: true required: - valid additionalProperties: false title: WebhookValidationResponse description: Response object indicating whether the webhook was valid. ErrorResponse: type: object properties: message: type: string description: A human-readable error message explaining the error. example: Resource not found required: - message additionalProperties: false title: ErrorResponse description: Standard error format for failed API operations. ValidationErrorResponse: type: object properties: message: type: string description: A human-readable error message indicating what went wrong. example: Invalid request data issues: type: array items: type: object properties: code: type: string message: type: string path: type: array items: type: string required: - code - message - path additionalProperties: false description: Array of detailed validation error objects. example: - code: invalid_string message: Invalid UUID path: - id required: - message - issues additionalProperties: false title: ValidationErrorResponse description: Details about validation errors in incoming requests. WebhookValidationRequestBody: type: object properties: applicationId: type: string format: uuid pattern: >- ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$ description: The unique identifier of the application this test belongs to. example: 456e7890-e89b-12d3-a456-426614174000 prompt: anyOf: - type: string - type: object propertyNames: type: string additionalProperties: {} description: The user prompt that triggered the test run. example: I lost my card, please block it. testId: type: string format: uuid pattern: >- ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$ description: The unique identifier for the test run. example: 123e4567-e89b-12d3-a456-426614174000 metadata: description: >- Metadata from the originating task. Only included when metadata is available. example: customerId: '1' priority: high type: object propertyNames: type: string additionalProperties: {} experiment: $ref: '#/components/schemas/WebhookExperimentPayload' required: - applicationId - prompt - testId title: WebhookValidationRequestBody description: >- Payload sent to the configured webhook whenever a task test is triggered. WebhookExperimentPayload: type: object properties: experimentId: type: string format: uuid pattern: >- ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$ description: The unique identifier of the experiment example: 123e4567-e89b-12d3-a456-426614174000 experimentVariantId: type: string format: uuid pattern: >- ^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$ description: The unique identifier of the experiment variant example: 123e4567-e89b-12d3-a456-426614174000 overrides: type: object propertyNames: type: string additionalProperties: $ref: '#/components/schemas/WebhookExperimentOverrideInferenceStep' required: - experimentId - experimentVariantId - overrides title: Webhook Experiment Payload description: Payload containing the experiment details. WebhookExperimentOverrideInferenceStep: type: object propertyNames: type: string additionalProperties: {} title: WebhookExperimentOverrideInferenceStep description: Step in the inference process for an experiment override. example: model: reasoning system: You are a helpful assistant. securitySchemes: ApiKey: type: apiKey in: header name: x-api-key description: Your unique Avido API key ApplicationId: type: apiKey in: header name: x-application-id description: Your unique Avido Application ID ````