TechWolf Webhooks
Webhooks let you receive real-time change notifications from TechWolf. When something changes in your tenant, TechWolf sends a POST request to your endpoint over HTTPS. We use thin events: each payload only signals that something changed and provides identifiers (e.g. tenant, resourceexternal_id), not the full details of the changed resource. Querying the SkillEngine API is required to get the authoritative state of the changed resource.
This section describes:
- Supported webhook events - event types, versions, when they are emitted, and how to react
- Protocol and delivery - transport, payload format, headers, and delivery guarantees
- Security - signature verification (Ed25519) and optional OAuth2 endpoint authentication
Consumer responsibilities
- Expose an HTTPS endpoint and allowlist our source IPs.
- Accept the health check event type on every webhook endpoint so TechWolf can verify the endpoint is live.
- Verify signatures and validate timestamp freshness; return 2XX on successful receipt of a valid message, 401 on verification failure, 400 on invalid request.
- Handle at-least-once delivery: deduplicate by event
idand implement idempotent processing. - Fetch full state from the SkillEngine API; the payload only contains identifiers and metadata, not the resource itself.
- Recommended: run a periodic reconciliation in addition to webhooks to correct any drift.
Event types
Events with versioned payloads.
Protocol & delivery
HTTPS POST, CloudEvents 1.0, at-least-once delivery, 15s timeout.
Security
Ed25519 signature verification and optional OAuth2 for your endpoint.