> For a complete index of all SignalWire documentation pages, fetch https://signalwire.com/docs/llms.txt

# validateToolToken

> Validate a per-tool HMAC token attached to a SWAIG function call.

[define-tool]: /docs/server-sdks/reference/typescript/agents/agent-base/define-tool

Validate a per-tool HMAC token attached to an incoming SWAIG function call.
Returns `false` for unknown tools, short-circuits to `true` for tools
registered without [`secure: true`][define-tool], and otherwise delegates to
`SessionManager.validateToolToken`. Raw-dict descriptors (e.g. `DataMap`
output) are always treated as secure.

<Note>
  Called automatically by the SWAIG dispatch path before a tool handler runs.
  You rarely need to invoke it directly; it is exposed for custom dispatch logic
  and test harnesses.
</Note>

## **Parameters**

<ParamField path="functionName" type="string" required={true} toc={true}>
  Name of the SWAIG function the token was issued for.
</ParamField>

<ParamField path="token" type="string" required={true} toc={true}>
  HMAC token to validate. Missing tokens on secure tools return `false`.
</ParamField>

<ParamField path="callId" type="string" required={true} toc={true}>
  Call ID the token is bound to. Empty strings are forwarded unchanged and
  rejected by the underlying validator.
</ParamField>

## **Returns**

`boolean` -- `true` when the token is valid for the given function and call,
or when the tool is registered as non-secure.