What are webhook tools?
PromptWall can call your APIs to get verified data before answering. You register endpoints in the tool registry, and PromptWall decides when to call them based on the user’s prompt.Register a tool
Verify HMAC signatures
PromptWall signs every call to your webhook with HMAC-SHA256 using thesigning_secret it returned. Your webhook must verify:
X-PromptWall-Signature header.
Security
- Webhooks MUST respond within
timeout_ms(default 5s) - Must return 2xx for success
- SSRF protection blocks private IPs and non-HTTPS URLs
- Rate-limited per-tool based on
rate_limit_rpm - Credentials encrypted with customer-specific KMS key