Overview

To subscribe to Examity Webhook Events, you need to set up an HTTPS API POST endpoint. You can then subscribe the endpoint url on Examity Operations Console.

Events

Appointment Status Changed Events

These events are triggered when an appointment status is changed.

  • appointment.scheduled
  • appointment.no-show
  • appointment.cancelled
  • appointment.waiting-for-proctor
  • appointment.verifying
  • appointment.in-progress
  • appointment.incomplete
  • appointment.pending-at-auditor
  • appointment.approved-by-auditor
  • appointment.completed
  • appointment.rescheduled

Every one of these events has the following payload format:

{
  "event_name": "appointment.no-show",
  "test_mode": true,
  "data": {
    "appointment_id": 0,
    "client_id": 0,
    "start_time": "2021-01-05T16:30:00",
    "end_time": "2021-01-05T17:30:00",
    "enrollment_external_id": "test_enrollment_external_id",
    "user_detail": {
      "user_id": 0,
      "email": "test@example.com",
      "first_name": "test_first",
      "last_name": "test_last"
    },
    "course": {
      "course_id": 0,
      "course_name": "test_course"
    },
    "exam": {
      "exam_id": 0,
      "exam_name": "test_exam",
      "level": {
        "exam_level_id": 4,
        "exam_level": "Live Premium",
        "status_id": 1
      }
    },
    "status": {
      "status_id": 2,
      "status": "NoShow"
    },
    "flags": []
  }
}

Verify Signature

You can optionally check the request to your endpoint is coming from Examity. In the request headers from Examity, there will be a header with key x-examity-signature and another header with key x-examity-timestamp. Verify the request with the following steps:

Step 1: Calculate signed_payload string by concatenating:
  • Value of x-examity-timestamp as string
  • The character .
  • The actual JSON payload (i.e., the request body)
Step 2: Determine the expected signature

Compute an HMAC with the SHA256 hash function. Use your client's webhook_key as the key, and use the signed_payload string as the message.

Step 3: Compare the signatures

Compare the signature (x-examity-signature) in the header to the expected signature. For an equality match, compute the difference between the current timestamp and the received timestamp, then decide if the difference is within your tolerance.