Inbound Webhooks API
The Inbound Webhooks API receives events from external systems. The current shipped inbound endpoint ingests AI Literacy completion events from an external Learning Management System and updates the matched Qarion user's literacy fields.
All paths below are under /api/v1.0.
Endpoints
| Method | Endpoint | Description |
|---|---|---|
POST | /webhooks/lms/literacy-completion | Record AI Literacy training completion for a user. |
LMS Literacy Completion
POST /api/v1.0/webhooks/lms/literacy-completion
This endpoint is authenticated with a shared bearer token configured by LMS_WEBHOOK_BEARER_TOKEN. If the token is not configured, the endpoint returns 501.
Headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes | Bearer <LMS_WEBHOOK_BEARER_TOKEN>. |
X-Space-Id | Yes | Target space UUID or target space slug. |
The user identified by the payload must belong directly to the target space or to the target space's organization. If not, Qarion returns the same not-found style response used for an unknown user.
Request Body
{
"user_email": "user@example.com",
"program_name": "AI Act Foundations 2026",
"completion_date": "2026-02-15T00:00:00Z",
"next_renewal_date": "2027-02-15T00:00:00Z"
}
| Field | Required | Description |
|---|---|---|
user_email | Yes | Email address of the Qarion user to update. |
program_name | Yes | Completed literacy program name. |
completion_date | Yes | ISO 8601 completion timestamp. A trailing Z is accepted. |
next_renewal_date | No | ISO 8601 renewal timestamp. A trailing Z is accepted. |
Response
{
"status": "success",
"user_id": "67b1bc7e-90d4-4df0-b232-fbb6b947e8cf"
}
On success, Qarion updates the user:
| User field | Value |
|---|---|
ai_literacy_status | completed |
ai_literacy_completion_date | Parsed completion_date |
ai_literacy_program | program_name |
ai_literacy_next_renewal | Parsed next_renewal_date, when supplied |
Errors
| Status | Description |
|---|---|
400 | X-Space-Id is missing, required payload fields are missing, or a date field is not ISO 8601. |
401 | Authorization header is missing, malformed, or uses the wrong token. |
404 | Space was not found, user email was not found, or the user is not in the target space or organization. |
501 | LMS inbound webhook token is not configured. |