> ## Documentation Index
> Fetch the complete documentation index at: https://docs.agribackup.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Cryptographic Handshake Ping for Webhook Validation

> Deliver a signed webhook.ping test event to validate HMAC-SHA256 signature verification on a registered endpoint without triggering live compliance data.

Dispatches a mock `webhook.ping` event to the registered callback URL, signed with the webhook's current HMAC-SHA256 signing secret and delivered via the standard `X-AgriBackup-Signature` header. This lets your security engineering team verify that signature validation is correctly implemented before your integration goes live — no compliance data is processed or modified.

The ping payload follows the same structure as all production events, including `eventType`, `eventId`, `timestamp`, and `attempt` fields. Your endpoint should respond with HTTP `200` to acknowledge receipt.

## What to Verify

Use the ping to confirm the following in your webhook handler:

* The raw request body is read as bytes before any parsing.
* `HMAC-SHA256(signingSecret, rawBody)` is computed and hex-encoded correctly.
* The computed hash is compared to the `X-AgriBackup-Signature` header using a constant-time comparison.
* Your server returns `200 OK` within the expected timeout window.

<CodeGroup>
  ```python Python theme={null}
  import requests

  webhook_id = "wh_12345"
  headers = {"X-API-Key": "sk_live_YOUR_API_KEY"}

  response = requests.post(
      f"https://live.agribackup.com/api/v1/enterprise/eudr/webhooks/{webhook_id}/ping",
      headers=headers,
  )
  print(response.status_code)
  ```

  ```javascript Node.js theme={null}
  const webhookId = "wh_12345";
  const response = await fetch(
    `https://live.agribackup.com/api/v1/enterprise/eudr/webhooks/${webhookId}/ping`,
    {
      method: "POST",
      headers: { "X-API-Key": "sk_live_YOUR_API_KEY" },
    }
  );
  console.log(response.status);
  ```

  ```bash cURL theme={null}
  curl -X POST \
    "https://live.agribackup.com/api/v1/enterprise/eudr/webhooks/wh_12345/ping" \
    -H "X-API-Key: sk_live_YOUR_API_KEY"
  ```
</CodeGroup>


## OpenAPI

````yaml post /api/v1/enterprise/eudr/webhooks/{webhookId}/ping
openapi: 3.0.1
info:
  title: AgriBackup Enterprise EUDR API
  description: >-
    # Introduction


    AgriBackup is the cryptographic compliance engine for EU-bound commodity
    imports. Built on Deterministic Logic, Immutable Evidence, and
    High-Throughput Ingestion, our API provides Tier-1 enterprise routing for EU
    Deforestation Regulation (EUDR).


    ## The Integration Vector

    To integrate this Digital Trust Layer into your ERP, you must execute the
    following sequence:

    1. **Authentication:** Generate your `X-API-Key` from the client dashboard.

    2. **Telemetry:** Register your webhook URLs via `POST /webhooks`.

    3. **Ingestion:** Push your GeoJSON polygons via `POST /polygons`.

    4. **Logistics:** Lock the batch to a shipment via `POST /shipments/link`.


    ## Asynchronous Architecture

    Because satellite deforestation screening and Hedera DLT anchoring take
    time, ingestion endpoints return a `202 Accepted`. You must listen for the
    corresponding Webhook to confirm cryptographic execution.


    ## Base URLs

    * **Production:** `https://live.agribackup.com`

    * **Sandbox:** `https://sandbox.agribackup.com`
  contact:
    name: AgriBackup Architecture Team
    url: https://agribackup.com
    email: contact@agribackup.com
  license:
    name: Proprietary
    url: https://agribackup.com/terms
  version: v1.0
servers:
  - url: https://live.agribackup.com
    description: Production (Mainnet)
  - url: https://sandbox.agribackup.com
    description: Sandbox (Testnet)
security: []
tags:
  - name: Enterprise Risk Management
  - name: Enterprise Clearance Webhooks
    description: Asynchronous status receivers for TRACES NT
  - name: Enterprise Jobs
    description: Query status and metrics of asynchronous compliance jobs
  - name: Enterprise Suppliers
  - name: Enterprise Diagnostics
    description: Monitor API health, consensus ledger, and satellite systems availability
  - name: Enterprise Suppliers
    description: Map internal ERP vendor IDs to EU Operator UUIDs
  - name: Enterprise Webhooks
    description: Register endpoints for asynchronous compliance events
  - name: Enterprise Archival
    description: Endpoints for bulk compliance archiving and auditor extensibility
  - name: Enterprise Logistics
    description: Smart contract linking of batches to logistics shipments
  - name: Enterprise Declarations
    description: DDS generation with legal land tenure proofs
  - name: Enterprise Batches
  - name: Enterprise API Keys
  - name: Enterprise Diagnostics
  - name: Enterprise Logistics
  - name: Enterprise Jobs
  - name: Enterprise Evidence
    description: Cryptographic evidence ledger anchored on Hedera Hashgraph
  - name: Enterprise Declarations
  - name: Enterprise Credentials
  - name: Enterprise Evidence
  - name: Enterprise Risk Management
    description: Pre-assessment of country risk and satellite deforestation probabilities
  - name: Enterprise Batches
    description: Programmatic batch ingestion and management
  - name: Enterprise Polygons
  - name: Introduction
  - name: Enterprise Polygons
    description: Programmatic polygon ingestion and verification
  - name: Enterprise Archival
  - name: Enterprise Credentials
    description: Programmatic ingestion of vault-secured enterprise secrets
  - name: Enterprise API Keys
    description: Endpoints for managing B2B API Keys (Requires standard JWT login)
  - name: Enterprise Webhooks
paths:
  /api/v1/enterprise/eudr/webhooks/{webhookId}/ping:
    post:
      tags:
        - Enterprise Webhooks
      summary: Webhook Cryptographic Handshake (Ping)
      description: >-
        Dispatches a mock 'webhook.ping' event to the registered URL using the
        configured signing secret. This allows enterprise infosec teams to
        validate their HMAC-SHA256 signature verification algorithms in
        isolation without triggering a live data ingestion.
      operationId: pingWebhook
      parameters:
        - name: webhookId
          in: path
          required: true
          schema:
            type: string
      responses:
        '200':
          description: OK
          headers:
            X-RateLimit-Limit:
              description: >-
                The maximum number of requests you're permitted to make per
                hour.
              schema:
                type: integer
                format: int32
            X-RateLimit-Remaining:
              description: >-
                The number of requests remaining in the current rate limit
                window.
              schema:
                type: integer
                format: int32
            X-RateLimit-Reset:
              description: >-
                The time at which the current rate limit window resets in UTC
                epoch seconds.
              schema:
                type: integer
                format: int32
          content:
            '*/*':
              schema:
                type: object
      security:
        - ApiKeyAuth: []
      x-codeSamples:
        - lang: Python
          source: >-
            import agribackup

            from agribackup.rest import ApiException


            # Initialize Client

            configuration =
            agribackup.Configuration(host="https://live.agribackup.com/api/v1")

            configuration.api_key['ApiKeyAuth'] = 'sk_live_YOUR_API_KEY'


            with agribackup.ApiClient(configuration) as api_client:
                try:
                    api_instance = agribackup.EnterpriseWebhooksApi(api_client)
                    response = api_instance.ping_webhook()
                    print(response)
                except ApiException as e:
                    print("Exception when calling API: %s\n" % e)
        - lang: Node.js
          source: |-
            import { AgriBackupClient } from '@agribackup/sdk';

            // Initialize Client
            const client = new AgriBackupClient({
              apiKey: 'sk_live_YOUR_API_KEY',
              baseUrl: 'https://live.agribackup.com/api/v1'
            });

            async function execute() {
              try {
                const response = await client.webhooks.pingWebhook();
                console.log(response);
              } catch (error) {
                console.error(error);
              }
            }
        - lang: Java
          source: |-
            import com.agribackup.client.*;
            import com.agribackup.client.api.*;
            import com.agribackup.client.model.*;

            public class Example {
                public static void main(String[] args) {
                    ApiClient defaultClient = Configuration.getDefaultApiClient();
                    defaultClient.setBasePath("https://live.agribackup.com/api/v1");
                    defaultClient.setApiKey("sk_live_YOUR_API_KEY");

                    EnterpriseWebhooksApi apiInstance = new EnterpriseWebhooksApi(defaultClient);
                    try {
                        Object result = apiInstance.pingWebhook();
                        System.out.println(result);
                    } catch (ApiException e) {
                        System.err.println("Exception when calling API: " + e.getResponseBody());
                    }
                }
            }
        - lang: C#
          source: |-
            using System;
            using System.Threading.Tasks;
            using AgriBackup.SDK.Api;
            using AgriBackup.SDK.Client;
            using AgriBackup.SDK.Model;

            class Program {
                static async Task Main() {
                    Configuration config = new Configuration();
                    config.BasePath = "https://live.agribackup.com/api/v1";
                    config.AddApiKey("ApiKeyAuth", "sk_live_YOUR_API_KEY");

                    var apiInstance = new EnterpriseWebhooksApi(config);
                    try {
                        var result = await apiInstance.PingWebhookAsync();
                        Console.WriteLine(result);
                    } catch (ApiException e) {
                        Console.WriteLine("Exception when calling API: " + e.Message);
                    }
                }
            }
components:
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      description: Enterprise API Key provided via the AgriBackup developer console.
      name: X-API-Key
      in: header

````