> ## Documentation Index
> Fetch the complete documentation index at: https://www.dynamic.xyz/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Send a synthetic transaction review request to the configured webhook

> Drives a dry-run request through the same crypto and timeout machinery as the production signing path, against either the saved config or an override supplied in the body. No events are emitted and no signing is affected. Useful for verifying the customer's webhook responds correctly to each transaction shape before enabling enforcement.




## OpenAPI

````yaml https://app.dynamic.xyz/api-docs/public-api.yaml post /environments/{environmentId}/waas/transactionReviewConfig/test
openapi: 3.0.1
info:
  title: Dashboard API
  description: Dashboard API documentation
  version: 1.0.0
servers:
  - url: https://app.dynamicauth.com/api/v0
  - url: https://app.dynamic.xyz/api/v0
  - url: http://localhost:3333/api/v0
security: []
tags:
  - name: Analytics
    description: Query usage analytics and event counts for your environment.
  - name: SDK
    description: SDK-facing endpoints consumed by embedded Dynamic clients.
  - name: Organizations
    description: >-
      Manage organizations — the top-level container for all environments and
      projects.
  - name: Projects
    description: Manage projects that group related environments under an organization.
  - name: Environments
    description: >-
      Manage environments (live and sandbox) where your authentication
      configuration lives.
  - name: Users
    description: List, search, and manage authenticated users within an environment.
  - name: Invites
    description: >-
      Manage invitation links that grant specific external users access to your
      environment.
  - name: Tokens
    description: >-
      Create and manage API tokens used to authenticate requests to the Dynamic
      API.
  - name: Origins
    description: >-
      Configure allowed origins (CORS) for SDK and API access to your
      environment.
  - name: Allowlists
    description: >-
      Manage allowlists to control which wallet addresses or email addresses can
      access your environment.
  - name: Wallets
    description: View and manage wallets linked to users in your environment.
  - name: Members
    description: Manage team members and their roles within an organization.
  - name: Sessions
    description: View and revoke active user sessions within an environment.
  - name: Settings
    description: Read and update environment-level configuration settings.
  - name: Exchanges
    description: >-
      Configure exchange integrations (Coinbase, Binance, etc.) for fiat on-ramp
      within your environment.
  - name: Providers
    description: >-
      List, enable, disable, and configure authentication providers (OAuth,
      email, wallet, SMS, etc.) for your environment.
  - name: Captcha
    description: >-
      Configure captcha verification (provider, site key, secret key) for your
      environment.
  - name: Gates
    description: >-
      Define access gates that restrict environment entry to users who meet
      specific criteria.
  - name: Chains
    description: >-
      Manage the blockchain networks available for wallet connection in your
      environment.
  - name: Exports
    description: Export user and wallet data from your environment as downloadable files.
  - name: Events
    description: Browse the event log of actions performed within your environment.
  - name: Webhooks
    description: >-
      Create and manage webhooks to receive real-time events (user.created,
      wallet.linked, etc.) at your endpoint.
  - name: Custom Fields
    description: >-
      Define and manage custom metadata fields collected from users at sign-up
      or login.
  - name: MfaSettings
    description: >-
      Configure multi-factor authentication (MFA) policies for your
      organization.
  - name: Mfa
    description: Manage MFA enrollment and verification for individual users.
  - name: CustomHostnames
    description: >-
      Configure custom hostnames for white-labeling the Dynamic authentication
      experience.
  - name: TestAccount
    description: >-
      Manage test accounts used for automated testing and QA within an
      environment.
  - name: NameServices
    description: >-
      Configure name service integrations (ENS, Unstoppable Domains, etc.) for
      human-readable wallet addresses.
  - name: GlobalWallets
    description: >-
      Manage global wallets shared across multiple environments in an
      organization.
  - name: GlobalWalletConnections
    description: Configure which environments can access and use global wallets.
  - name: GlobalWalletAccessControl
    description: Control which users and roles can access and operate global wallets.
  - name: UserApiTokens
    description: >-
      Create and manage user-scoped API tokens for programmatic access on behalf
      of a user.
  - name: Waas
    description: Wallet-as-a-Service endpoints for creating and managing embedded wallets.
  - name: WalletConnect
    description: Configure WalletConnect integration settings for your environment.
  - name: Checkout
    description: >-
      Accept crypto payments and deposits from any wallet. Settle in any token
      you choose.
  - name: Flow
    description: >-
      Accept crypto payments, deposits, and withdrawals. Amount and destination
      are fixed server-side at create; the post-create lifecycle is driven with
      a capability session token.
  - name: FlowAnalytics
    description: >-
      Query aggregated analytics and paginated transaction lists for the Flow
      product.
  - name: Custom Networks
    description: >-
      Add and manage custom EVM-compatible networks beyond the built-in chain
      list.
  - name: Chainalysis
    description: >-
      Configure Chainalysis integration for blockchain address screening and
      risk assessment.
  - name: Visits
    description: Track and query user visit activity within your environment.
  - name: ExternalJwt
    description: >-
      Configure external JWT providers so existing auth tokens can be used with
      Dynamic.
  - name: SDK Views
    description: >-
      Manage SDK view configurations that customize the appearance of Dynamic
      modals and flows.
  - name: DeeplinkUrls
    description: Configure deep link URLs for mobile app integration with the Dynamic SDK.
  - name: OrganizationSettings
    description: >-
      Read and update organization-level settings such as approval workflow
      configuration.
  - name: AdminActions
    description: >-
      Manage admin action requests that require approval from another
      administrator.
  - name: ClientGrant
    description: |
      OAuth 2.0 Device Authorization Grant flow (RFC 8628) used by first-party
      Dynamic clients (CLI, MCP server, demo apps, IDE plugins) to obtain a
      revocable, 30-day client JWT without ever seeing the user's dashboard
      session token.
  - name: AuthorizedClients
    description: |
      Manage first-party clients (CLI / MCP / demo / IDE plugins) authorized
      to act as a dashboard user. Surfaced under Profile → Authorized Clients.
paths:
  /environments/{environmentId}/waas/transactionReviewConfig/test:
    post:
      tags:
        - Waas
      summary: Send a synthetic transaction review request to the configured webhook
      description: >
        Drives a dry-run request through the same crypto and timeout machinery
        as the production signing path, against either the saved config or an
        override supplied in the body. No events are emitted and no signing is
        affected. Useful for verifying the customer's webhook responds correctly
        to each transaction shape before enabling enforcement.
      operationId: testWaasTransactionReviewConfig
      parameters:
        - $ref: '#/components/parameters/environmentId'
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/WaasTransactionReviewTestRequest'
      responses:
        '200':
          description: Test webhook decision and diagnostic detail
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/WaasTransactionReviewTestResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '500':
          $ref: '#/components/responses/InternalServerError'
components:
  parameters:
    environmentId:
      in: path
      name: environmentId
      required: true
      description: ID of the environment
      schema:
        $ref: '#/components/schemas/uuid'
  schemas:
    WaasTransactionReviewTestRequest:
      type: object
      required:
        - scenario
      properties:
        scenario:
          $ref: '#/components/schemas/WaasTransactionReviewTestScenario'
        config:
          type: object
          description: >
            Optional config overrides. When provided, fields here take
            precedence over the saved configuration. Use this to test a config
            that has not been saved yet (e.g. driving a test from an unsaved
            form).
          properties:
            enabled:
              type: boolean
            webhookFailurePolicy:
              $ref: '#/components/schemas/WaasTransactionReviewFailurePolicy'
            webhookPublicKey:
              type: string
              nullable: true
            webhookSecret:
              type: string
              nullable: true
            webhookTimeoutMs:
              type: integer
              minimum: 500
              maximum: 30000
            webhookUrl:
              type: string
              format: uri
    WaasTransactionReviewTestResponse:
      type: object
      required:
        - decision
        - failurePolicyApplied
        - latencyMs
        - request
        - response
        - responseSignature
        - scenario
        - transportError
      properties:
        decision:
          type: object
          required:
            - proceed
          properties:
            proceed:
              type: boolean
            reason:
              type: string
        failurePolicyApplied:
          type: boolean
          description: >-
            True if the decision came from the failure policy (timeout,
            transport error, bad status, signature problem) rather than from a
            parsed webhook response.
        latencyMs:
          type: integer
          description: Wall-clock duration of the call in milliseconds.
        request:
          type: object
          required:
            - body
            - headers
            - url
          properties:
            body:
              type: object
              description: The exact payload sent to the webhook.
              additionalProperties: true
            headers:
              type: object
              description: >
                Headers sent to the webhook. When a secret is configured the
                x-dynamic-signature header is present but its HMAC value is
                redacted (returned as "[redacted]") so the computed signature is
                never echoed back to the caller.
              additionalProperties:
                type: string
            url:
              type: string
              format: uri
        response:
          type: object
          required:
            - body
            - headers
            - parsed
            - status
          properties:
            body:
              type: string
              nullable: true
              description: >-
                Raw response body as received from the webhook, or null on
                transport error.
            headers:
              type: object
              additionalProperties:
                type: string
            parsed:
              type: object
              nullable: true
              description: >-
                The JSON-parsed response when the body parsed cleanly and the
                status was 2xx, otherwise null.
              properties:
                proceed:
                  type: boolean
                reason:
                  type: string
            status:
              type: integer
              nullable: true
        responseSignature:
          type: object
          required:
            - status
          properties:
            status:
              type: string
              enum:
                - not_configured
                - missing
                - invalid
                - valid
        scenario:
          $ref: '#/components/schemas/WaasTransactionReviewTestScenario'
        transportError:
          type: string
          nullable: true
          description: Network or timeout error message, if any.
    uuid:
      type: string
      pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$
      minLength: 36
      maxLength: 36
      example: 95b11417-f18f-457f-8804-68e361f9164f
    WaasTransactionReviewTestScenario:
      type: string
      description: Synthetic transaction shape sent to the configured webhook for testing.
      enum:
        - signMessage
        - evmTransaction
        - evmTokenTransfer
        - evmUserOperation
        - evmTypedData
        - svmTransaction
        - svmMessage
        - btcTransaction
        - suiTransaction
        - suiMessage
        - stellarMessage
    WaasTransactionReviewFailurePolicy:
      type: string
      enum:
        - ALLOW
        - DENY
      description: >
        Determines what happens when the review webhook is unreachable or times
        out. ALLOW proceeds with signing; DENY blocks the transaction. Defaults
        to DENY when omitted from a configuration request.
    BadRequest:
      type: object
      properties:
        error:
          description: Human-readable error message
          type: string
    Unauthorized:
      type: object
      properties:
        error:
          description: Human-readable error message describing the authentication failure
          type: string
          example: No jwt provided!
    Forbidden:
      type: object
      properties:
        error:
          description: Human-readable error message
          type: string
          example: Access Forbidden
    InternalServerError:
      type: object
      properties:
        error:
          description: Human-readable error message
          type: string
          example: Internal Server Error
  responses:
    BadRequest:
      description: Bad Request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/BadRequest'
    Unauthorized:
      description: Unauthorized
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Unauthorized'
    Forbidden:
      description: Forbidden
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Forbidden'
    InternalServerError:
      description: Internal Server Error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/InternalServerError'

````