Docs

Webhook test console

Generate test payloads for signed HTTP webhooks and optional XRPC receiver callbacks.

Compatible with the closed-beta ATM app APIs and versioned ATM event headers. Check atm-api-version on every webhook or XRPC receiver event.

Interactive event builder

Use this builder to create local test commands for your receiver. The dashboard remains the source of truth for real delivery status, attempts, failures, and redrive.

EventReceiver

test command

curl -X POST "https://your-app.example/webhooks/atm" \
  -H "ATM-Signature: t=...,v1=..." \
  -H "Content-Type: application/json" \
  --data '{
  "id": "evt_test_123",
  "deliveryId": "del_test_123",
  "environment": "test",
  "type": "payment.completed",
  "appDid": "did:plc:app",
  "createdAt": "2026-06-05T00:00:00.000Z",
  "data": {
    "paymentId": "pay_test_123",
    "amount": 2500,
    "currency": "usd"
  }
}'

What to verify

HTTP receivers verify the raw request body before JSON parsing.
XRPC receivers verify ATM service-auth, audience, lxm, expiry, and replay state.
Handlers store delivery id before side effects.
Handlers branch on event type and validate the typed data payload.
Test and live environment events never share secrets or fulfillment state.

Failure drills

Bad signature	Receiver returns 401; ATM records failed delivery.
Duplicate event	Receiver returns success after confirming the delivery id was already processed.
Temporary outage	Receiver returns 5xx; ATM keeps the event redriveable.
Unknown event	Receiver stores delivery id and returns success if no action is needed.

Dashboard redrive

Redrive should be a normal development flow. Use test events to confirm retry behavior before live access, then keep live receivers idempotent so support/admin redrives are safe.