Webhook API

This API request creates a webhook object that defines a remote data store as a destination for scheduled results.

See the Query API for how to schedule a query set using a remote data store.

Create a Remote Data Store

Create a remote data store by doing a POST request to /v0/webhooks.

Request Parameters

Name Type Required Default Description Example
url String Yes - Remote data store URL including protocol and path. http://myserver.com/path/to/store
token String No - The token is provided in an Authorization header as a Bearer token by default, or as a Splunk token for Splunk formatted data. “C728DF57BE22F0B2391DD3F7C402063F7E3241B50EB758755B96FBADAAA7A361”
label String No - Human readable label stored with the newly created object. “Webhook For My Hosts”
fingerprint String Only for self-signed server certificates - The SHA256 fingerprint of the destination certificate. See details on obtaining the fingerprint. “6dd13227e7e2865abeefb2f8ad3db9d7f66dede03b76176aed7563923a0b044b”
disabled Boolean No false The initial disabled state of the webhook. Usually true. true
format String No compact format of the results. Allowable non-default values are: ctim, azure-compact, azure-expanded splunk-compact, splunk-expanded, s3-compact, s3-expanded, compact, and expanded. See details on result formats. “expanded”
bucket String Only for S3 - Bucket for the S3 format. “my-s3-bucket”
region String Only for S3 - Region for the S3 format. “us-west-2”
accesskey String Only for S3 - Access key for the S3 format. “AKIAIOSFODNN7EXAMPLE”
secretkey String Only for S3 - Secret key for the S3 format. “wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY”

Request Payload Format

{
    "disabled":        <disabled>,
    "config": {
        "url":         <url>,
        "token":       <token>,
        "fingerprint": <fingerprint>,
        "label":       <label>,
        "format":      <format>,
        "bucket":      <bucket>,
        "region":      <region>,
        "accesskey":   <accesskey>,
        "secretkey":   <secretkey>
     }
}

Example of Success

http https://$service/v0/webhooks \
     "Authorization:Bearer $token" \
config:='{"url":"https://mywebserver.com","format":"expanded","fingerprint":"C728DF57BE22F0B2391DD3F7C402063F7E3241B50EB758755B96FBADAAA7A361"}'
HTTP/1.1 200 OK { "application": "", "config": { "accessKey": "***", "fingerprint": "***", "format": "expanded", "label": "", "secretKey": "***", "token": "***", "url": "https://mywebserver.com" }, "created": "2021-02-23T23:48:51.931561755Z", "creator": "14566a47-6b79-48ea-99db-313322c5a292", "disabled": false, "errormessage": "", "id": "xYGh5xZyPk0tpj6tTyWYHQ", "lastcalled": "2021-02-23T23:48:51.941085297Z", "laststatus": "success", "organization": "898ef6d3-a0e2-43b0-879a-18bd8f36a5ef", "updated": "2021-02-23T23:48:51.931561755Z" }

Example Of Failure

http https://$service/v0/webhooks \
     "Authorization:Bearer $token" \
config:='{"url":"https://myotherwebserver.com","format":"expanded","fingerprint":"C728DF57BE22F0B2391DD3F7C402063F7E3241B50EB758755B96FBADAAA7A361"}'
HTTP/1.1 400 Bad Request { "errors": [ "Failed to verify fingerprint of server certificate." ] }

Get a Remote Data Store

View a specific remote data store by performing a GET request to /v0/webhooks/{webhookid}.

List Remote Data Stores

View all user organization remote data stores by performing a GET request to /v0/webhooks.

Return to Table of Contents