This page collects debugging tools for Web Bot Auth implementations. Start by validating the key directory.
Paste the full HTTPS URL for a /.well-known/http-message-signatures-directory endpoint to check whether it returns a usable directory.
Paste a JWK to compute its RFC 7638 SHA-256 thumbprint for use as keyid.
Paste the signed request target, verification JWK, and HTTP Message Signature headers here.