For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Log inSign up
Support
GuidesReference
GuidesReference
    • Core
      • Overview
      • Webhook signature validation
        • make_webhook_validation_dependency
        • validate_request
        • validate_webhook_signature
    • Agents
      • Overview
      • AgentBase
      • AgentServer
      • BedrockAgent
      • CLI Tools
      • Configuration
      • ContextBuilder
      • DataMap
      • FunctionResult
      • Helper Functions
      • LiveWire
      • MCP Gateway
      • PomBuilder
      • Prefabs
      • Search
      • SkillBase
      • Skills
      • SWAIGFunction
      • SWMLBuilder
      • SWMLService
      • WebService
    • RELAY
      • Overview
      • Actions
      • Call
      • Constants
      • Events
      • Message
      • RelayClient
      • RelayError
    • REST Client
      • Overview
      • Addresses
      • Calling
      • Chat
      • Compat
      • Datasphere
      • Fabric
      • Imported Numbers
      • Logs
      • Lookup
      • MFA
      • Number Groups
      • Phone Numbers
      • Project
      • PubSub
      • Queues
      • Recordings
      • Registry
      • RestClient
      • Short Codes
      • SignalWireRestError
      • SIP Profile
      • Verified Callers
      • Video
LogoLogoSignalWire Docs
Log inSign up
Support
On this page
  • Parameters
  • Returns
  • Example
CoreWebhook signature validation

validate_request

|View as Markdown|Open in Claude|
Was this page helpful?
Edit this page
Previous

validate_webhook_signature

Next
Built with

A legacy-compatible signature validator with a drop-in shape for callers migrating from the Compatibility SDK. It accepts either a raw request body or pre-parsed form parameters. When given a raw body string it delegates to validate_webhook_signature; when given parsed form params it validates them directly.

For new custom servers, prefer validate_webhook_signature and pass the raw request body. Use validate_request when you only have access to pre-parsed form parameters.

Parameters

signing_key
strRequired

Your Signing Key from the Dashboard. A missing or empty value raises ValueError.

signature
strRequired

The signature header value. A missing or empty value returns False.

url
strRequired

The full URL SignalWire POSTed to.

params_or_raw_body
Union[str, Mapping[str, Any], List[Tuple[str, Any]], None]Required

Either a raw body str (delegates to validate_webhook_signature) or pre-parsed form params as a dict or list of (key, value) tuples. None is treated as empty params. Any other type raises TypeError.

Returns

bool — True on a signature match, False otherwise.

Example

1from fastapi import FastAPI, Request, Response, status
2from signalwire.core.security import validate_request
3
4app = FastAPI()
5SIGNING_KEY = "PSK_your_signing_key"
6
7@app.post("/compat-webhook")
8async def compat_webhook(request: Request):
9    form = await request.form()
10    signature = request.headers.get("x-signalwire-signature", "")
11
12    if not validate_request(
13        signing_key=SIGNING_KEY,
14        signature=signature,
15        url=str(request.url),
16        params_or_raw_body=dict(form),
17    ):
18        return Response(status_code=status.HTTP_403_FORBIDDEN)
19
20    return {"ok": True}