diff --git a/content/developers/overview/secret-scanning-partner-program.md b/content/developers/overview/secret-scanning-partner-program.md
index dfbff80a06c1..b8c6aab04761 100644
--- a/content/developers/overview/secret-scanning-partner-program.md
+++ b/content/developers/overview/secret-scanning-partner-program.md
@@ -363,6 +363,45 @@ const verify_signature = async (payload, signature, keyID) => {
 };
 ```
 
+**Validation sample in Python**
+
+```python
+# This example assumes that the public key identified by key id
+# 90a421169f0a406205f1563a953312f0be898d3c7b6c06b681aa86a874555f4a
+# is used to validate the message; production validators shoud be
+# prepared to check the key id and and fetch updated public keys
+# at runtime.
+
+from base64 import b64decode
+
+payload = b'[{"token":"some_token","type":"some_type","url":"some_url"}]'
+signature = b"MEUCIQDKZokqnCjrRtw0tni+2Ltvl/uiMJ1EGumEsp1BsNr32AIgQY1YXD2nlj+XNfGK4rBfkMJ1JDOQcYXxa2sY8FNkrKc="
+raw_sig = b64decode(signature)
+
+public_key = "\n".join(
+    [
+        "-----BEGIN PUBLIC KEY-----",
+        "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9MJJHnMfn2+H4xL4YaPDA4RpJqUq",
+        "kCmRCBnYERxZanmcpzQSXs1X/AljlKkbJ8qpVIW4clayyef9gWhFbNHWAA==",
+        "-----END PUBLIC KEY-----",
+    ]
+)
+
+from ecdsa import VerifyingKey, BadSignatureError, NIST256p
+from ecdsa.util import sigdecode_der
+from hashlib import sha256
+
+ecdsa_verifier = VerifyingKey.from_pem(string=public_key, hashfunc=sha256)
+try:
+    ecdsa_verifier.verify(
+        signature=raw_sig, data=payload, sigdecode=sigdecode_der
+    )
+    print("Message validated")
+except (BadSignatureError, ValueError):
+    print("Message not validated")
+
+```
+
 ### Implement secret revocation and user notification in your secret alert service
 
 For {% data variables.product.prodname_secret_scanning %} in public repositories, you can enhance your secret alert service to revoke the exposed secrets and notify the affected users. How you implement this in your secret alert service is up to you, but we recommend considering any secrets that {% data variables.product.prodname_dotcom %} sends you messages about as public and compromised.