Skip to main content

Overview

Wolfia’s API provides secure, programmatic access to automate workflows and integrate with your existing tools. Whether you’re syncing users from identity providers, building custom integrations, or automating repetitive tasks, our API makes it simple to extend Wolfia’s capabilities to fit your organization’s unique needs.

Why use the Wolfia API?

The API is designed for teams that want to:
  • Automate user management – Sync users from Okta, Azure AD, or other identity providers automatically
  • Streamline onboarding – Invite new team members as part of your existing onboarding workflows
  • Build custom integrations – Connect Wolfia with internal tools and systems via MCP or custom applications
  • Ingest questionnaires from multiple sources – Automatically import questionnaires from JIRA, ServiceNow, and other ticketing systems
  • Embed AI-powered Q&A – Add Wolfia’s expert knowledge to your custom products and applications
  • Scale operations – Manage large teams without manual effort

Getting started

Prerequisites

Before you can use the API, you’ll need:
  • An active Wolfia account
  • Organization administrator permissions
  • A secure place to store API credentials

Creating your first API key

API keys are how you authenticate with Wolfia’s API. Only organization administrators can create and manage them.
1

Navigate to API settings

Go to Settings → API in your Wolfia account.
2

Create a new key

Click Create API Key and provide a descriptive name that identifies the integration or purpose.Good examples:
  • “Okta User Sync”
  • “HR Onboarding Bot”
  • “Production Integration”
3

Save your key securely

Your API key will be displayed once and looks like this:
wolfia-api-xxxxxxxxxxxxxxxx
Copy and save your API key immediately. You won’t be able to see it again. Store it in a secure location like a password manager or secrets management system.
4

Test your key

Make a test API call to verify your key works correctly. See the examples below for guidance.

Authentication

All API requests require authentication using your API key. Include it in the X-API-Key header: 
curl https://wolfia.com/api/organizations/invite \
  -H "X-API-Key: wolfia-api-YOUR_KEY_HERE" \
  -H "Content-Type: application/json"

Security best practices

  • Never hardcode API keys in source code
  • Use environment variables or secrets management systems (AWS Secrets Manager, Azure Key Vault, HashiCorp Vault)
  • Add API keys to your .gitignore file
  • Create new keys periodically (every 6 months recommended)
  • Deactivate old keys after rotating
  • Update all integrations before deactivating old keys
  • Create dedicated keys for each integration or environment
  • Label keys clearly (e.g., “Production Okta Sync”, “Staging HR Integration”)
  • This limits the impact if a key is compromised
  • Check the “Last Used” timestamp in your API settings regularly
  • Deactivate keys that haven’t been used in 30+ days
  • Investigate any unexpected usage patterns

Available endpoints

User management

Automate user invitations and manage your organization’s members programmatically.
EndpointMethodDescription
/organizations/invitePOSTInvite a new user to your organization

Learn more about user invitations

See detailed examples and integration patterns for inviting users via API

Managing your API keys

Viewing all keys

Navigate to Settings → API to see all active and inactive keys for your organization. Each key shows:
  • Name – The descriptive name you provided
  • Created – When the key was created
  • Last used – Timestamp of the most recent API call
  • Created by – Which admin created the key
  • Status – Active or inactive

Deactivating a key

If a key is compromised, no longer needed, or you’re rotating credentials:
  1. Go to Settings → API
  2. Find the key in the list
  3. Click Deactivate
  4. Confirm the action
The key will stop working immediately. Any systems using that key will receive 401 Unauthorized errors until updated with a new key.

Deleting a key

Deactivated keys can be permanently deleted:
  1. Find the deactivated key in your list
  2. Click Delete
  3. Confirm permanent deletion
Deletion is permanent and cannot be undone. Make sure the key is no longer in use before deleting.

Rate limits

Wolfia’s API includes reasonable rate limits to ensure reliability for all users:
  • Default limit: 1,000 requests per hour per organization
  • Burst capacity: 30 requests per minute
If you need higher limits for your integration, please contact us at support@wolfia.com to discuss your requirements.

Rate limit headers

API responses include headers to help you track your usage: 
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 995
X-RateLimit-Reset: 1640000000

Error handling

All API responses use standard HTTP status codes:
CodeMeaningAction
200SuccessRequest completed successfully
400Bad RequestCheck your request parameters
401UnauthorizedVerify your API key is valid and active
403ForbiddenCheck that you have permission for this action
404Not FoundThe requested resource doesn’t exist
409ConflictResource already exists (e.g., user already invited)
429Too Many RequestsYou’ve hit the rate limit—slow down and retry
500Server ErrorSomething went wrong on our end—retry with backoff

Best practices for error handling

  • Implement exponential backoff for 5xx errors
  • Don’t retry 4xx errors without fixing the request
  • Handle 409 gracefully – it usually means the resource already exists
  • Log all errors for debugging and monitoring

Getting help

We’re here to support your integration needs:

What’s next?

Invite users via API

Learn how to automate user invitations with detailed examples

Slack integration

Connect Wolfia to Slack for instant expert answers
I