Webhooks

Woolf supports incoming webhooks that enable your systems to receive real-time updates from the AMS. These updates allow you to automate workflows, synchronize statuses, and ensure compliance monitoring across platforms.

Overview

A webhook is an HTTP callback triggered by specific events. Woolf will send a POST request to your configured endpoint when an event you subscribe to occurs. Each payload contains relevant event data that can be used to trigger workflows in your systems.

Webhooks are especially useful for:

Tracking resource verification or rejection
Notifying your LMS of asset imports
Syncing submissions and accreditation data in real-time

How to Set Up Webhooks

Enter the URL where you want to receive events. Make sure it can handle incoming requests.
Select the events you want to subscribe to from the provided list.

Once configured, your webhook will begin receiving event payloads from Woolf. You can monitor webhook activity, delivery status, and error logs from the dashboard.

🔒 Ensure your endpoint supports HTTPS and is able to respond with a 200 OK status. Failure to respond correctly may result in retry attempts or webhook disabling.

Webhook Event Payloads

Event	Status	Payload	Trigger
`IMPORTED_ASSET`	Available	`Asset`	When the system finishes fetching assets provided through the API.
`REJECTED_RESOURCE`	Available	`Resource`	When the Accreditation Team rejects a submitted resource due to non-compliance or missing information.
`DEGREE_STUDENT_COMPLETED_APPLICATION`	Available	`DegreeStudent`	When a student signs the enrollment agreement.
`DEGREE_STUDENT_ACTIVATED`	Available	`DegreeStudent`	When a student transitions to the `ACTIVE` state.
`DEGREE_STUDENT_ARCHIVED`	Available	`DegreeStudent` and `archiveReason`	When a student with progress is archived.
`DEGREE_STUDENT_DELISTED`	Available	`DegreeStudent` and `archiveReason`	When a student is automatically delisted after 60 days of inactivity.
`DEGREE_STUDENT_COMPLETED`	Available	`DegreeStudent`	When a student graduates from a degree program.

Security

All webhook payloads are signed using a shared secret token. This allows your server to verify the authenticity of incoming requests.
Signature headers and verification logic will be provided upon setup. Rotate your secret key periodically.

Best Practices

Respond quickly with 200 OK. Avoid long-running logic during webhook handling.
Use background workers or queues to process events asynchronously.
Log all incoming webhook payloads for audit and retry purposes.
Validate incoming requests using the signature verification method.