Webhook Usage

This page documents additional steps that a webhook consumer may wish to take in response to receiving a webhook notification.

Validation

Each webhook is sent with an HMACSHA256 hash in the Authorization header. See Authenticate a Webhook for information about how to validate that the webhook and its payload are correctly signed.

Extended information

The webhook will typically only include identifiers. Below is a set of reccomendations to follow to obtain extended information about the user or other aspect of the event.

See Get an access token for information about using client credentials to obtain an access token, which is required to make requests to PublicAPI.

User

Given a webhook payload that includes the user identifier userkey:

• Get the full user object via /api​/user​/list​/user​/{login}

User profile

To find out information that the user has stored as responses to profile questions:

• Load all profile questions with /api​/profile​/list​/profile

• List the user’s responses with /api​/profile​/list​/profile​/field​/user​/{userkey}

Module

Given a webhook payload that includes the module identifier modulekey:

• Get the full module object via /api​/module​/list​/module​/{modulekey}

• Get the user’s score information via /api​/certificate​/module​/list​/user​/{userkey}​/module​/{modulekey}

Course

Given a webhook payload that includes the course identifier coursekey:

• Get the full course object via /api​/course​/list​/course​/{coursekey}

• Get the user’s score information via /api​/certificate​/course​/list​/user​/{userkey}​/course​/{coursekey}