Skip to main content

Overview

Wolfia’s API provides secure, programmatic access to automate workflows and integrate with your existing tools. Whether you’re syncing users from identity providers, building custom integrations, or automating repetitive tasks, our API makes it simple to extend Wolfia’s capabilities to fit your organization’s unique needs.

Why use the Wolfia API?

The API is designed for teams that want to:
  • Automate user management – Sync users from Okta, Azure AD, or other identity providers automatically
  • Streamline onboarding – Invite new team members as part of your existing onboarding workflows
  • Build custom integrations – Connect Wolfia with internal tools and systems via MCP or custom applications
  • Ingest questionnaires from multiple sources – Automatically import questionnaires from JIRA, ServiceNow, and other ticketing systems
  • Embed AI-powered Q&A – Add Wolfia’s expert knowledge to your custom products and applications
  • Scale operations – Manage large teams without manual effort

Getting started

Prerequisites

Before you can use the API, you’ll need:
  • An active Wolfia account
  • Organization administrator permissions
  • A secure place to store API credentials

Creating your first API key

API keys are how you authenticate with Wolfia’s API. Only organization administrators can create and manage them.
1

Navigate to API settings

Go to Settings → API in your Wolfia account.
2

Create a new key

Click Create API Key and provide a descriptive name that identifies the integration or purpose.Good examples:
  • “Okta User Sync”
  • “HR Onboarding Bot”
  • “Production Integration”
3

Save your key securely

Your API key will be displayed once and looks like this:
wolfia-api-xxxxxxxxxxxxxxxx
Copy and save your API key immediately. You won’t be able to see it again. Store it in a secure location like a password manager or secrets management system.
4

Test your key

Make a test API call to verify your key works correctly. See the examples below for guidance.

Authentication

All API requests require authentication using your API key. Include it in the X-API-Key header: 
curl https://api.wolfia.com/v1/organizations/invite \
  -H "X-API-Key: wolfia-api-YOUR_KEY_HERE" \
  -H "Content-Type: application/json"

Security best practices

  • Never hardcode API keys in source code
  • Use environment variables or secrets management systems (AWS Secrets Manager, Azure Key Vault, HashiCorp Vault)
  • Add API keys to your .gitignore file
  • Create new keys periodically (every 6 months recommended)
  • Deactivate old keys after rotating
  • Update all integrations before deactivating old keys
  • Create dedicated keys for each integration or environment
  • Label keys clearly (e.g., “Production Okta Sync”, “Staging HR Integration”)
  • This limits the impact if a key is compromised
  • Check the “Last Used” timestamp in your API settings regularly
  • Deactivate keys that haven’t been used in 30+ days
  • Investigate any unexpected usage patterns

Available endpoints

User management

Automate user invitations and manage your organization’s members programmatically.
EndpointMethodDescription
/v1/organizations/invitePOSTInvite a new user to your organization

Invite users

See detailed examples and integration patterns for inviting users

Conversation insights

Retrieve and analyze all conversations across your Wolfia workspace.
EndpointMethodDescription
/v1/insights/conversationsGETRetrieve paginated conversation history

Retrieve conversation insights

Build custom analytics dashboards and monitor AI performance

Knowledge base uploads

Upload files to your knowledge base using pre-signed S3 URLs.
EndpointMethodDescription
/v1/content-source/prepare-uploadPOSTGet pre-signed URLs for file uploads
/v1/content-source/confirm-uploadPOSTConfirm uploads and trigger processing

Upload knowledge base files

Programmatically add documents to your knowledge base

Questionnaires

Upload, list, search, and retrieve security questionnaires and RFPs.
EndpointMethodDescription
/v1/questionnaire/upload/filePOSTUpload a questionnaire file
/v1/questionnaire/upload/textPOSTUpload text content for processing
/v1/questionnaire/listGETList all questionnaires with pagination
/v1/questionnaire/searchGETSearch questionnaires by text or field filters
/v1/questionnaire/{id}/overviewGETGet detailed questionnaire status and statistics

Questionnaires

Upload, list, search, and track questionnaire processing status

Content tags

List tags used to categorize questionnaires and knowledge base content.
EndpointMethodDescription
/v1/tags/GETList all content tags

Content tags

Retrieve tag IDs for categorizing questionnaires on upload

Organization management

Manage multi-tenant organizations programmatically.
EndpointMethodDescription
/v1/organizations/tenant/createPOSTCreate a child organization
/v1/organizations/tenant/listGETList available organizations
/v1/organizations/tenant/switchPOSTSwitch between organizations

Manage organizations

Create, list, and switch between organizations for multi-tenant management

Trust portal analytics

Access trust center engagement metrics, document interactions, and revenue attribution.
EndpointMethodDescription
/v1/trustportal/analyticsGETPortal overview analytics
/v1/trustportal/analytics/documentsGETDocument interaction metrics
/v1/trustportal/analytics/accountsGETActive account metrics
/v1/trustportal/analytics/revenueGETRevenue attribution metrics

Trust portal analytics

Build reports on trust center engagement and revenue impact

Trust portal updates

Create, manage, and schedule trust center update notifications.
EndpointMethodDescription
/v1/trustportal/updatesPOSTCreate a new update
/v1/trustportal/updatesGETList all updates
/v1/trustportal/updates/subscribersGETList subscribers

Trust portal updates

Automate trust center update notifications and subscriber management

Managing your API keys

Viewing all keys

Navigate to Settings → API to see all active and inactive keys for your organization. Each key shows:
  • Name – The descriptive name you provided
  • Created – When the key was created
  • Last used – Timestamp of the most recent API call
  • Created by – Which admin created the key
  • Status – Active or inactive

Deactivating a key

If a key is compromised, no longer needed, or you’re rotating credentials:
  1. Go to Settings → API
  2. Find the key in the list
  3. Click Deactivate
  4. Confirm the action
The key will stop working immediately. Any systems using that key will receive 401 Unauthorized errors until updated with a new key.

Deleting a key

Deactivated keys can be permanently deleted:
  1. Find the deactivated key in your list
  2. Click Delete
  3. Confirm permanent deletion
Deletion is permanent and cannot be undone. Make sure the key is no longer in use before deleting.

Rate limits

Wolfia’s API includes reasonable rate limits to ensure reliability for all users:
  • Default limit: 1,000 requests per hour per organization
  • Burst capacity: 30 requests per minute
If you need higher limits for your integration, please contact us at support@wolfia.com to discuss your requirements.

Rate limit headers

API responses include headers to help you track your usage: 
X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 995
X-RateLimit-Reset: 1640000000

Error handling

All API responses use standard HTTP status codes:
CodeMeaningAction
200SuccessRequest completed successfully
400Bad RequestCheck your request parameters
401UnauthorizedVerify your API key is valid and active
403ForbiddenCheck that you have permission for this action
404Not FoundThe requested resource doesn’t exist
409ConflictResource already exists (e.g., user already invited)
429Too Many RequestsYou’ve hit the rate limit—slow down and retry
500Server ErrorSomething went wrong on our end—retry with backoff

Best practices for error handling

  • Implement exponential backoff for 5xx errors
  • Don’t retry 4xx errors without fixing the request
  • Handle 409 gracefully – it usually means the resource already exists
  • Log all errors for debugging and monitoring

Getting help

We’re here to support your integration needs:

What’s next?

Invite users

Automate user invitations with detailed examples

Conversation insights

Retrieve and analyze conversation history

Knowledge base uploads

Upload files to your knowledge base programmatically

Questionnaires

Upload, list, search, and track questionnaires

Content tags

List tags for categorizing questionnaires

Organization management

Create and manage multi-tenant organizations

Trust portal analytics

Access engagement metrics and revenue attribution

Trust portal updates

Schedule and manage trust center notifications