# Get webhook signature verification public key

Get the public key used to verify webhook signatures. Use this key to verify that webhook payloads are authentically from Situ by validating the X-Signature header against the webhook body using HMAC-SHA256.

Endpoint: GET /external-api/v1/webhook-verification-key
Version: 1.0.1
Security: apiKey

## Response 200 fields (application/json):

  - `data` (object, required)
    The public key object for webhook signature verification.

  - `data.publicKey` (string, required)
    The public key in base64 format used to verify webhook signatures.
    Example: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1234..."

  - `data.algorithm` (string, required)
    The algorithm used for signature generation.
    Example: "HMAC-SHA256"

  - `data.keyFormat` (string, required)
    The format of the public key.
    Example: "base64"

## Response 500 fields (application/problem+json):

  - `detail` (string)
    A human-readable explanation specific to this occurrence of the problem.
    Example: "The request could not be understood due to malformed syntax."

  - `instance` (string)
    A URI reference or identifier that describes the specific occurrence of the problem.
    Example: "/api/v1/enquiries/abc"

  - `status` (integer, required)
    The HTTP status code.
    Example: 400

  - `title` (string, required)
    A short, human-readable summary of the problem type.
    Example: "Bad Request"

  - `type` (string, required)
    The error code as a machine-readable key.
    Enum: "RESOURCE_NOT_FOUND", "VALIDATION_ERROR", "RESOURCE_ALREADY_EXISTS", "DUPLICATE_CLIENT_REFERENCE", "GEOCODE_FAILURE", "MALFORMED_REQUEST", "INTERNAL_SERVER_ERROR", "MAX_RESOURCE_COUNT_REACHED", "SANDBOX_SPECIFIC_ACTION_ERROR"


## Response 401 fields

## Response 403 fields