For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Log inSign up
Support
GuidesReference
GuidesReference
    • Core
      • Overview
    • Agents
      • Overview
      • AgentBase
        • addAnswerVerb
        • addFunctionInclude
        • addHint
        • addHints
        • addInternalFiller
        • addLanguage
        • addMcpServer
        • addPatternHint
        • addPostAiVerb
        • addPostAnswerVerb
        • addPreAnswerVerb
        • addPronunciation
        • addSkill
        • addSkillByName
        • addSwaigQueryParams
        • asRouter
        • autoMapSipUsernames
        • clearPostAiVerbs
        • clearPostAnswerVerbs
        • clearPreAnswerVerbs
        • clearSwaigQueryParams
        • defineContexts
        • defineTool
        • defineTools
        • defineTypedTool
        • enableDebugEvents
        • enableDebugRoutes
        • enableMcpServer
        • enableSipRouting
        • extractSipUsername
        • getApp
        • getBasicAuthCredentials
        • getFullUrl
        • getMcpServers
        • getName
        • getPostPrompt
        • getPrompt
        • getPromptPom
        • getRegisteredTools
        • getTool
        • handleMcpRequest
        • hasSkill
        • isMcpServerEnabled
        • listSkills
        • manualSetProxyUrl
        • onDebugEvent
        • onFunctionCall
        • onSummary
        • onSwmlRequest
        • promptAddSection
        • promptAddSubsection
        • promptAddToSection
        • promptHasSection
        • registerSipUsername
        • registerSwaigFunction
        • removeSkill
        • removeSkillByName
        • renderSwml
        • resetContexts
        • run
        • serve
        • setDynamicConfigCallback
        • setFunctionIncludes
        • setGlobalData
        • setInternalFillers
        • setLanguages
        • setNativeFunctions
        • setParam
        • setParams
        • setPostPrompt
        • setPostPromptLlmParams
        • setPostPromptUrl
        • setPromptLlmParams
        • setPromptPom
        • setPromptText
        • setPronunciations
        • setupGracefulShutdown
        • setWebHookUrl
        • updateGlobalData
        • validateBasicAuth
        • validateToolToken
      • AgentServer
      • Configuration
      • ContextBuilder
      • DataMap
      • FunctionResult
      • Helper Functions & Utilities
      • LiveWire
      • PomBuilder
      • Prefabs
      • SkillBase
      • SkillManager
      • SkillRegistry
      • Skills
      • SwaigFunction
      • SwmlBuilder
      • SWMLService
    • RELAY
      • Overview
      • Actions
      • Call
      • Constants
      • Events
      • Message
      • RelayClient
      • RelayError
    • REST Client
      • Overview
      • Addresses
      • Calling
      • ChatResource
      • Compat
      • Datasphere
      • Fabric
      • ImportedNumbersResource
      • Logs
      • LookupResource
      • MFA
      • Number Groups
      • Phone Numbers
      • Project
      • PubSubResource
      • Queues
      • Recordings
      • Registry
      • RestClient
      • RestError
      • Short Codes
      • SIP Profile
      • Verified Callers
      • Video
LogoLogoSignalWire Docs
Log inSign up
Support
On this page
  • Parameters
  • Returns
AgentsAgentBase

validateToolToken

|View as Markdown|Open in Claude|
Was this page helpful?
Edit this page
Previous

AgentServer

Next
Built with

Validate a per-tool HMAC token attached to an incoming SWAIG function call. Returns false for unknown tools, short-circuits to true for tools registered without secure: true, and otherwise delegates to SessionManager.validateToolToken. Raw-dict descriptors (e.g. DataMap output) are always treated as secure.

Called automatically by the SWAIG dispatch path before a tool handler runs. You rarely need to invoke it directly; it is exposed for custom dispatch logic and test harnesses.

Parameters

functionName
stringRequired

Name of the SWAIG function the token was issued for.

token
stringRequired

HMAC token to validate. Missing tokens on secure tools return false.

callId
stringRequired

Call ID the token is bound to. Empty strings are forwarded unchanged and rejected by the underlying validator.

Returns

boolean — true when the token is valid for the given function and call, or when the tool is registered as non-secure.