gate.session.approved event to your webhook endpoint. Unlike other Foil webhooks, this one has a request/response contract: your handler must return an encrypted credentials envelope that the CLI decrypts and writes into the developer’s project.
This page covers the Gate-specific bits. For everything common to all Foil webhooks — signature verification, retries, headers, the delivery log — see Webhooks.
Set up the endpoint
Create a webhook endpoint subscribed togate.session.approved, then point your Gate service at it via webhook_endpoint_id. See Webhooks → Endpoints for both the dashboard flow and the API.
Verify the signature
Standard Foil HMAC verification — see Webhooks → Authentication for ready-to-paste code in Node.js, Python, Go, Ruby, and PHP.Handle the payload
The envelope is the standard webhook envelope. Thegate.session.approved data object is:
| Field | Description |
|---|---|
service_id | The registry service being provisioned. Use it if one webhook handles multiple services. |
gate_session_id | Idempotency key. Use this to avoid creating duplicate accounts on retries. |
gate_account_id | Stable identifier for this signup. Store it alongside your internal account. |
account_name | The name the developer chose (defaults to their project directory name). |
metadata | Optional key-value pairs the developer passed during signup. |
delivery | CLI-provided encrypted delivery metadata. Encrypt your response outputs to this key. |
foil.verdict | human or inconclusive. Bot verdicts are blocked before reaching your webhook. |
Return credentials
Your webhook must return an encrypted delivery envelope, not raw keys or onboarding links. Gate owns the service metadata likedocs_url; your webhook should only return the encrypted customer outputs.
env_vars only, for example:
Idempotency
Gate may retry your webhook. Usegate_session_id to make requests idempotent:
id — apply here too. See Webhooks → Retries.
What’s next
- Agent tokens — verify the tokens Gate issues
- Dashboard login — let developers access your dashboard