Token Vault
Webhook Integration

Webhook Integration

Overview of the HMAC-signed endpoints your webhook implements, plus the direct-access endpoints that agents and browsers use.

In Webhook Mode, Token Vault never sees your plaintext credentials. Your webhook owns the encryption key, stores all credential data, and handles decryption. Token Vault is a metadata, policy, and authorization layer only.

Your webhook serves two kinds of endpoints:

Loading diagram...

The Core Principle

Token Vault never accesses your credentials. Every operation that touches plaintext credential data happens between the agent/browser and your webhook directly. Token Vault is not in the path:

  • Storing tokens: the browser sends credentials directly to your webhook's /v1/store endpoint with a signed ticket. Token Vault issues the ticket but never sees the credential.
  • Agent access: Token Vault validates the agent's API key and policies, then issues a 307 redirect to your webhook's /v1/credential endpoint. The agent follows the redirect and gets the credential directly from your webhook. Token Vault never touches it.
  • MCP proxy: Token Vault forwards the proxy request to your webhook's /v1/proxy endpoint with a signed ticket. Your webhook decrypts the credential, injects it into the upstream request, and returns the response. Token Vault sees the upstream response but never the credential.

Protocol Version

The current protocol version is 2.2.0. All endpoints are prefixed with /v1/. Webhook implementations should return their version in /v1/health responses.

Endpoint Summary

Your webhook implements eight endpoints, split into two categories:

Token Vault → Webhook (HMAC-signed)

These endpoints are called by the Token Vault backend. Every request (except /v1/exchange) is signed with HMAC-SHA256.

EndpointPurposeAuth
POST /v1/exchangeOne-time code exchange to establish the HMAC secretOne-time code
GET|POST /v1/healthHealth check (GET unauthenticated, POST HMAC-signed)HMAC (POST)
POST /v1/storageMetadata CRUD: token listings, proxy configs, audit events, vault config, batch listingHMAC
POST /v1/proxyMCP proxy: webhook decrypts credential, injects into upstream request, returns raw responseHMAC + ticket
POST /v1/refresh-notifyToken refresh notification; webhook handles the OAuth refreshHMAC
POST /v1/refreshTV-mediated refresh: two-phase get/update of refresh tokens (opt-in via tv-refresh capability)HMAC

How /v1/refresh handles credentials

The /v1/refresh endpoint is the only flow where Token Vault briefly handles credential material in transit. Credentials are never stored -- they are forwarded to the OAuth provider and the result is sent straight back to your webhook for encryption. Your webhook opts in by reporting the tv-refresh capability during /v1/exchange. Without it, Token Vault falls back to /v1/refresh-notify and never touches any credentials.

Direct Access (NOT called by Token Vault)

These endpoints are called directly by agents and browsers. They authenticate with signed tickets issued by Token Vault, not HMAC headers. Token Vault is not in the request path.

EndpointPurposeAuthCalled by
GET /v1/credentialDecrypt and return a credentialSigned ticket (query param)Agent following 307 redirect from Token Vault
POST /v1/storeEncrypt and store a new credentialSigned ticket (JSON body)Browser (with CORS)

HMAC verification is mandatory

Every request from Token Vault includes an X-TokenVault-Signature header (except /v1/exchange). Your webhook must verify the HMAC-SHA256 signature before processing. Reject with 401 if invalid. See Authentication.

The direct-access endpoints (/v1/credential, /v1/store) use signed tickets instead of HMAC headers. Verify the ticket's HMAC signature, check expiry, and prevent nonce replay.

How It Works

1. Registration

Token Vault generates a one-time code. Your webhook exchanges it via /v1/exchange to establish the shared HMAC secret.

2. Storing a credential

The user adds a token through the dashboard. Token Vault issues a store ticket and the browser sends the credential directly to your webhook's /v1/store endpoint. Your webhook encrypts it with its own AES-256-GCM key and persists it. Token Vault never sees the plaintext.

3. Agent credential access

An agent requests a credential from Token Vault. Token Vault validates the API key, checks grants and ABAC policies, then returns a 307 redirect to your webhook's /v1/credential endpoint with a signed ticket. The agent follows the redirect and receives the credential directly from your webhook. Token Vault only decides whether access is allowed; it never touches the credential.

4. MCP proxy

An agent makes a request through the MCP proxy. Token Vault validates the proxy key and policies, then forwards the request to your webhook's /v1/proxy endpoint with a signed ticket. Your webhook decrypts the credential, injects it into the upstream request headers, makes the upstream call, and returns the response.

5. Token refresh

Two refresh paths are available:

  • Notify-only (/v1/refresh-notify): Token Vault sends provider hints (token URL, client ID). Your webhook owns the entire OAuth refresh cycle using its own client credentials. Token Vault never sees credential material. Use this for custom OAuth providers.
  • TV-mediated (/v1/refresh): Token Vault retrieves the refresh token from your webhook, performs the OAuth refresh using its own client credentials (Google, GitHub), and sends the new tokens back for your webhook to encrypt. Credentials are in transit only and never stored. Opt in via the tv-refresh capability.

Generate with AI

Token Vault publishes a complete machine-readable specification at /llm.txt. This file contains every endpoint schema, request/response format, authentication details, and implementation notes in a format optimized for LLM consumption.

Feed it to your preferred AI assistant along with your language and framework of choice to generate a working webhook implementation:

curl -s https://tokenvault.uk/llm.txt | pbcopy

Example prompt:

Here is the Token Vault webhook specification. Generate a complete webhook server implementation in Python using FastAPI. Include all seven endpoints, HMAC verification middleware, ticket verification, AES-256-GCM encryption, a SQLite storage backend, and inline comments explaining each step.

Getting Started

Example Webhook

Full reference implementation in Python (FastAPI). Clone it and run locally with Docker. Includes all seven endpoints, AES-256-GCM, ticket verification, and HMAC auth.

Endpoints

Detailed request and response schemas for every /v1/ endpoint.

Authentication

HMAC-SHA256 signing, ticket verification, and replay prevention.

Security Requirements

TLS, secret storage, HMAC verification, and deployment hardening.

Error Codes

Standard error responses and HTTP status codes your webhook should return.

Debug & Testing Tools

Interactive endpoint tester, security verification, and latency diagnostics for your webhook.

Push Notifications

Get real-time alerts and manual approval prompts on your phone via ntfy.

Request Authentication

How Token Vault authenticates webhook requests using HMAC-SHA256 signatures with replay prevention.

On this page

The Core PrincipleProtocol VersionEndpoint SummaryToken Vault → Webhook (HMAC-signed)Direct Access (NOT called by Token Vault)How It Works1. Registration2. Storing a credential3. Agent credential access4. MCP proxy5. Token refreshGenerate with AIGetting Started