Quick Start
1
Set your signing secret
2
Run the bot — verification is on by default
3
Local dev without a real platform
Which mode am I in?
How It Works
Configuration Options
Common Patterns
Built-in adapter, secret only — set the platform env var and run the bot; no code required. Custom adapter withHmacWebhookVerifier:
Best Practices
Never set PRAISONAI_INSECURE_WEBHOOKS in production
Never set PRAISONAI_INSECURE_WEBHOOKS in production
The override logs a warning on every request and disables all signature checks.
Rotate signing secrets with the platform
Rotate signing secrets with the platform
Update both the platform webhook config and your env var at the same time.
This page covers outbound bot webhook signature verification (verifying that requests to your bot are from the real platform). For inbound event triggers — pointing external services at your gateway to run an agent — see Gateway Inbound Hooks.
Related
Linear Bot
Linear webhook setup and secrets
Email Bot
AgentMail webhook mode
Gateway Inbound Hooks
Trigger agents from external services via POST /hooks/<path>
Platform Capabilities
accepts_webhooks and verifies_webhook_signature

