> ## Documentation Index
> Fetch the complete documentation index at: https://docs.webhook.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Verify the org's tamper-evident audit chain



## OpenAPI

````yaml https://api.webhook.co/openapi.json post /v1/audit/verify
openapi: 3.1.0
info:
  title: webhook.co API
  version: 1.0.0
  description: >-
    The webhook.co REST API: create ingest endpoints, inspect captured events,
    manage delivery destinations and subscriptions, and replay events. All
    requests are authenticated with a bearer `whk_` API key. Responses are JSON;
    every successful response is HTTP 200. Errors use a JSON `{error, message}`
    envelope, except 401/403 which are empty-bodied with a WWW-Authenticate
    header.
  license:
    name: Apache-2.0
    url: https://www.apache.org/licenses/LICENSE-2.0
servers:
  - url: https://api.webhook.co
    description: Production
security:
  - bearerAuth: []
tags:
  - name: Endpoints
    description: Create, inspect, and manage ingest endpoints and their secrets.
  - name: Events
    description: Browse, fetch, tail, and replay captured events.
  - name: Deliveries
    description: Observe outbound delivery attempts.
  - name: Replay Destinations
    description: Manage the allowlist of remote delivery destinations.
  - name: Subscriptions
    description: Configure auto-delivery routing rules.
  - name: Audit
    description: Verify the tamper-evident audit chain.
  - name: Identity
    description: Inspect the authenticated principal.
paths:
  /v1/audit/verify:
    post:
      tags:
        - Audit
      summary: Verify the org's tamper-evident audit chain
      operationId: auditVerify
      responses:
        '200':
          description: Success.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuditVerifyResponse'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '429':
          $ref: '#/components/responses/TooManyRequests'
        '500':
          $ref: '#/components/responses/InternalError'
      security:
        - bearerAuth: []
components:
  schemas:
    AuditVerifyResponse:
      oneOf:
        - type: object
          properties:
            ok:
              type: boolean
              const: true
            rowsVerified:
              type: integer
              minimum: 0
              maximum: 9007199254740991
          required:
            - ok
            - rowsVerified
          additionalProperties: false
        - type: object
          properties:
            ok:
              type: boolean
              const: false
            rowsVerified:
              type: integer
              minimum: 0
              maximum: 9007199254740991
            break:
              type: object
              properties:
                kind:
                  type: string
                  enum:
                    - wrong_org
                    - bad_genesis_seq
                    - bad_genesis_prev_hash
                    - duplicate_seq
                    - seq_gap
                    - broken_link
                    - hash_mismatch
                seq:
                  type: integer
                  exclusiveMinimum: 0
                  maximum: 9007199254740991
                detail:
                  type: string
              required:
                - kind
                - seq
                - detail
              additionalProperties: false
          required:
            - ok
            - rowsVerified
            - break
          additionalProperties: false
    Error:
      type: object
      description: The JSON error envelope for capability faults.
      properties:
        error:
          type: string
          description: A stable capability-error code.
        message:
          type: string
          description: A human-readable description.
      required:
        - error
        - message
  responses:
    Unauthorized:
      description: >-
        Missing or invalid bearer credential. Empty body; the WWW-Authenticate
        header carries the challenge.
      headers:
        WWW-Authenticate:
          description: RFC 6750 Bearer challenge.
          schema:
            type: string
    Forbidden:
      description: >-
        The credential is valid but lacks the required scope. Empty body;
        WWW-Authenticate carries the challenge.
      headers:
        WWW-Authenticate:
          description: RFC 6750 Bearer challenge.
          schema:
            type: string
    TooManyRequests:
      description: A rate limit or soft cap was exceeded.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    InternalError:
      description: An unexpected server error. The body is a plain-text sentinel.
      content:
        text/plain:
          schema:
            type: string
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: opaque
      description: A `whk_`-prefixed API key (opaque; not a JWT).

````