> ## Documentation Index
> Fetch the complete documentation index at: https://developers.techwolf.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

# TechWolf Webhooks

Webhooks let you receive real-time change notifications from TechWolf. When
something changes in your tenant, TechWolf sends a POST request to your endpoint
over HTTPS. We use **thin events**: each payload only signals that something
changed and provides identifiers (e.g. tenant, resource `external_id`), not the
full details of the changed resource. Querying the SkillEngine API is required
to get the authoritative state of the changed resource.

This section describes:

* [Supported webhook events](/integrations/webhooks/event_types) - event types,
  versions, when they are emitted, and how to react
* [Protocol and delivery](/integrations/webhooks/protocol-delivery) - transport,
  payload format, headers, and delivery guarantees
* [Security](/integrations/webhooks/security) - signature verification (Ed25519)
  and optional OAuth2 endpoint authentication

Consumers only need to support the event types they care about. The **health
check** event type is mandatory for every consumer so TechWolf can verify your
endpoint is live and functioning.

## Consumer responsibilities

* Expose an HTTPS endpoint and allowlist our
  [source IPs](/integrations/webhooks/protocol-delivery#source-ip-addresses).
* Accept the **health check** event type on every webhook endpoint so TechWolf
  can verify the endpoint is live.
* [Verify signatures](/integrations/webhooks/security) and validate timestamp
  freshness; return 2XX on successful receipt of a valid message, 401 on
  verification failure, 400 on invalid request.
* Handle at-least-once delivery: deduplicate by event `id` and implement
  idempotent processing.
* Fetch full state from the SkillEngine API; the payload only contains
  identifiers and metadata, not the resource itself.
* **Recommended:** run a periodic reconciliation in addition to webhooks to
  correct any drift.

<CardGroup cols={3}>
  <Card title="Event types" icon="bolt" href="/integrations/webhooks/event_types">
    Events with versioned payloads.
  </Card>

  <Card title="Protocol & delivery" icon="server" href="/integrations/webhooks/protocol-delivery">
    HTTPS POST, CloudEvents 1.0, at-least-once delivery, 15s timeout.
  </Card>

  <Card title="Security" icon="lock" href="/integrations/webhooks/security">
    Ed25519 signature verification and optional OAuth2 for your endpoint.
  </Card>
</CardGroup>
