# Webhooks Webhooks allow you to **subscribe to events triggered on a Falkor Pathway**. When an event is triggered to the webhook's configured URL, an **HTTP POST payload** is sent along with an **HMAC sha256 signature**. ## Webhook Setup **Step 1**\ When a pathway is created, webhooks are automatically registered in a disabled state. To set up a webhook, go to the **API & Webhooks** section of the pathway. From there, select the MPI Manager options icon and choose **Setup**. ![](/files/-MKEU-RezsfPhBFVnSvl) **Step 2**\ Provide a **secure URL** and **Webhook Secret**. A secrets is used to create a signature of the payload data and is sent in the `-Webhook-Signature` header. This ensures that you can **validate** that the payload is in fact from **the platform.** We do recommend you provide a **strong cryptographic** token**.** {% hint style="info" %} **``** will be the name of the platform being used. For example: **`ByteKast-Webhook-Signature`**, **`TrainiApp-Webhook-Signature`** OR **`Falkor-Webhook-Signature`** {% endhint %} **Step 3**\ Once your chosen webhook is set up, you can **enable** it by clicking the switch to **on**. Once enabled, you can begin to manually send deliveries to **test** integrations on your server. ## Validating Payloads During a webhook setup, your provided **secret** is used to **sign** the payload with an **HMAC SHA256** signature. This signature is available in the payload header as `Falkor-Webhook-Signature` To **validate** this signature you will use the same secret to along with the sent payload to **recreate** the matching signature. For example, in PHP this would simply be: ``` /** * Consume the header and signature sent by Falkor. The signature * will be generated using HMAC SHA256 with the provided shared * secret. */ $payloadSignature = explode('sha256=',$_SERVER['HTTP_FALKOR_WEBHOOK_SIGNATURE']); $payloadData = file_get_contents('php://input'); /** * Rebuild the matching signature using the same shared secret * and the payload sent by Falkor. */ $yourSecretToken = 'ff820d62b80b7c2789286f691b5e89bd'; // Rebuild Matching Signature $matchSignature = hash_hmac('sha256', $payloadData, $yourSecretToken); /** * Check the sent signature matches the rebuilt signature. */ if ($payloadSignature[1] == $matchSignature): // Signature Matched else: // Did Not Match endif; ``` ## Available Webhook Events ### **Enrolments** Triggered when **enrolments** for a pathway **change**. This can be when a user enrols, or completes a pathway or activity. {% content-ref url="/pages/-MJAyMJxEKYDBU8DOXq5" %} [Enrolments](/falkor-dev-docs/pathways/webhooks/enrolments.md) {% endcontent-ref %} ### Classroom & Event Bookings Triggered when **attendance** for a classroom or event **changes**. This is when the user registers their attendance or checks-in to the activity. {% content-ref url="/pages/-MILDPFWLxDgFPdIt3GU" %} [Classroom & Events](/falkor-dev-docs/pathways/webhooks/events.md) {% endcontent-ref %} ### Rewards Triggered when **rewards are obtained** by users, i.e. is when the user receives/unlocks the reward on a pathway. {% content-ref url="/pages/-MILDRr4fQ97Jk3YIun7" %} [Rewards](/falkor-dev-docs/pathways/webhooks/rewards.md) {% endcontent-ref %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://everyday-digital.gitbook.io/falkor-dev-docs/pathways/webhooks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.