Ctrl+K

Verify Webhook Notification

post/api/v2/webhook/{webhookId}/verify

Verify that a webhook notification comes from BitGo based on webhook signature and payload. If the X-Signature-SHA256 header is absent from the notification, use the Create webhook secret endpoint to generate a secret for your enterprise or organization. The requester must be an admin of the specified enterprise or organization.

Path Parameters

  • webhookIdstringRequired
    Webhook public id
    Example: 59cd72485007a239fb00282ed480da1f
    Pattern: ^[0-9a-f]{32}$
    Min length: >= 1 characters

Request Body

signature string required
Webhook notification signature calculated based on the payload and webhook secret. Found in the HTTP header X-Signature-SHA256 of the notification.
Example: f34538037a1ae6f79bd7cee9d9a5552f21bee3027983d7730f424d94d9bab04a
Match pattern: ^[0-9a-f]{64}$
notificationPayload string required
Webhook notification payload as JSON string
Example: {"userId":"66cd72485007a239fb00282ed480da1f","username":"username@email.com","tokenCreateTime":"2024-09-18T14:36:41.793Z","59cd72485007a239fb00282ed480da1f"}"

200 Response

webhookId string required
isValid boolean required

400 Response

name string
Error code
context object required
Properties that apply to a specific error name
error string required
Human-readable error message
requestId string required
Client request id

403 Response

name string
Error code
context object required
Properties that apply to a specific error name
error string required
Human-readable error message
requestId string required
Client request id

404 Response

name string
Error code
context object required
Properties that apply to a specific error name
error string required
Human-readable error message
requestId string required
Client request id