Tahdah API
    Tahdah API
    • Introduction
    • Webhooks
    • TrustGroups
      • About Trust Groups
      • Endpoints
        • List Trust Groups
        • Create a Trust Group
        • Update Trust Group
        • List Trust Group Legal Entity Members
        • List Trust Group Candidate Members
        • Add Trust Group Member
        • Remove Trust Group Member
      • Webhooks
        • Member Added
        • Member Updated
    • EventCredits
      • Webhooks
        • Event Credits Updated
      • Add Credits to Legal Entity
        PUT
    • Tracker
      • Webhooks
      • Get Candidate Trackers
        GET
      • Get Legal Entity Targets
        GET
    • LearningExperiences
      • EndPoints
        • Register Learners on a Learning Experience
        • Get Learning Experiences
        • Get Learning Experience
      • Webhooks
    • DigitalBadges
      • Issue Digital Badge
        POST
      • Get Badge Templates
        GET
    • LegalEntities
      • Endpoints
        • Legal Entity Details
        • Create Legal Entity
        • Connect a Person to a Legal Entity
      • Webhooks
    • Candidates
      • EndPoints
        • Create Candidate
        • Update a Candidate
        • Delete Candidate
        • Add/Remove tags to a candidate
      • Webhooks
    • Catalogues
      • Endpoints
      • Webhooks
        • Catalogue Entry Created
    • Schemas
      • Inbound
      • Events
        • EventTemplateCreditRequest
        • EventTemplateCredit
      • Catalogue
        • CatalogueEntry
      • TrustGroupMember
      • temp
      • LegalEntity
      • legalEntityIdentifier
      • Candidate

    Webhooks

    You can opt to send all webhooks to a single endpoint or you can use different endpoints for each webhook. When you enable a webhook you need to enter the url that you want your webhooks to be sent to. Once you have entered a URL this can be reused.

    Secret#

    Before recieving webhooks you will need to generate a signing secret which you will need to add to your application.

    Webhook-Verb#

    The Webhook-Verb header is included with every webhook call to your endpoint and this tells you which webhook is being sent.
    Examples of verbs are
    TrustGroups.MemberAdded
    EventCredits.Updated
    If you are using one endpoint to process mulitple webhooks you will need to use the Webhook-Verb header to pass the processing on to the relevant logic to process the body of the webhook either via a switch statement or a dependency injection factory method. We recommend if you are using a single endpoint to use a factory method that automatically registers classes that implement a given interface so that your code can be kept clean and easily maintainable.

    Webhook-Signature#

    Before sending any webhooks we generate a hash of the body of the webhook using your secret as a salt. To verify that the webhook is genuine and sent from tahdah you should first carry out the same hashing and ensure that the hash we provide you with matches the one you calculate.
    Our hashing algorithm is a standard salted HMAC256 hash. You can use the code below to verify the webhook
    //Read the request body
var requestBody = Request.InputStream;
requestBody.Seek(0, System.IO.SeekOrigin.Begin);
var requestJson = new StreamReader(requestBody).ReadToEnd();

// We recommend storing your webhook endpoint secret in an environment variable
// for security, but you could include it as a string directly in your code
var secret = "wh_5627AHddd;

var hmac256 = new HMACSHA256(Encoding.UTF8.GetBytes(secret));
byte[] messageHash = hmac256.ComputeHash(Encoding.UTF8.GetBytes(requestJson));
var result = BitConverter.ToString(messageHash).Replace("-", "").ToLower();

// If the signature doesn't match what was expected, reject the request
if ((Request.Headers["Webhook-Signature"] ?? "") != result)
    return new HttpStatusCodeResult(HttpStatusCode.Forbidden);
    Modified at 2025-03-12 14:17:45
    Previous
    Introduction
    Next
    About Trust Groups
    Built with