|
| 1 | +.. _integrations_webhook: |
| 2 | + |
| 3 | +Webhook integration |
| 4 | +=================== |
| 5 | + |
| 6 | +Webhooks provide a way for DejaCode to automatically send data to external systems |
| 7 | +when certain events occur. This allows you to trigger workflows, update other tools, |
| 8 | +or synchronize data in real time, without the need for polling the API. |
| 9 | + |
| 10 | +When an event is fired in DejaCode, the associated webhook sends an HTTP ``POST`` |
| 11 | +request to the configured target URL. The request contains a JSON payload describing |
| 12 | +the event and relevant data. |
| 13 | + |
| 14 | +Use cases |
| 15 | +--------- |
| 16 | + |
| 17 | +Webhooks can be used to: |
| 18 | + |
| 19 | +- Notify a project management tool when a request is created or updated |
| 20 | +- Push updates to a monitoring or reporting dashboard |
| 21 | +- Synchronize status changes with an external ticketing system |
| 22 | +- Trigger automation in CI/CD pipelines |
| 23 | + |
| 24 | +Available events |
| 25 | +---------------- |
| 26 | + |
| 27 | +The following events can be configured as webhook triggers: |
| 28 | + |
| 29 | +- ``request.added`` — A new request is created |
| 30 | +- ``request.updated`` — An existing request is modified |
| 31 | +- ``request_comment.added`` — A comment is added to a request |
| 32 | +- ``vulnerability.data_update`` — Vulnerability data is updated |
| 33 | + |
| 34 | +.. note:: |
| 35 | + |
| 36 | + The list of available events may vary based on your DejaCode configuration. |
| 37 | + Check the Admin UI for the current list. |
| 38 | + |
| 39 | +Webhook configuration |
| 40 | +--------------------- |
| 41 | + |
| 42 | +Webhooks are managed from the **Admin UI**. |
| 43 | + |
| 44 | +1. Go to the **Administration dashboard**. |
| 45 | +2. Navigate to **Webhooks**. |
| 46 | +3. Click **Add webhook** to create a new one. |
| 47 | +4. Fill in the following fields: |
| 48 | + |
| 49 | + - **Target URL** — The endpoint that will receive the POST requests. |
| 50 | + - **Event** — The event name that will trigger the webhook. |
| 51 | + - **Is active** — Enable or disable the webhook. |
| 52 | + - **Extra payload** — Additional JSON data to include in the request body. |
| 53 | + - **Extra headers** — Additional HTTP headers to include in the request. |
| 54 | + |
| 55 | +5. Save the webhook. |
| 56 | + |
| 57 | +When the selected event occurs, DejaCode will send a POST request to the target URL |
| 58 | +with the event payload. |
| 59 | + |
| 60 | +Payload structure |
| 61 | +----------------- |
| 62 | + |
| 63 | +The default webhook payload is JSON-formatted and contains at least: |
| 64 | + |
| 65 | +- ``hook`` — The data related to the webhook, like event name, e.g. ``request.created`` |
| 66 | +- ``data`` — Object containing event-specific data |
| 67 | + |
| 68 | +If **extra payload** is defined, it is merged into the JSON body. |
| 69 | +If **extra headers** are defined, they are added to the HTTP request. |
| 70 | + |
| 71 | +Example payload:: |
| 72 | + |
| 73 | + { |
| 74 | + "hook": { |
| 75 | + "uuid": "22c9203f-e90b-4135-a142-583ef4f41e72", |
| 76 | + "event": "request.added", |
| 77 | + "target": "https://target.com/path/" |
| 78 | + }, |
| 79 | + "data": { |
| 80 | + "api_url": "/api/v2/requests/fbc77986-06ff-4dbb-81c3-95cd36dbed66/", |
| 81 | + "absolute_url": "/requests/fbc77986-06ff-4dbb-81c3-95cd36dbed66/", |
| 82 | + "uuid": "fbc77986-06ff-4dbb-81c3-95cd36dbed66", |
| 83 | + "title": "New vulnerability detected", |
| 84 | + "request_template": "/api/v2/request_templates/f28a034f-d6df-4fa7-9283-a93730858616/", |
| 85 | + "request_template_name": "Address Vulnerabilities in Product Packages", |
| 86 | + "status": "open", |
| 87 | + "priority": "Urgent", |
| 88 | + "assignee": "username", |
| 89 | + "product_context": null, |
| 90 | + "notes": "", |
| 91 | + "serialized_data": { |
| 92 | + "Product Team Contact": "contact email", |
| 93 | + "Need By Date": "", |
| 94 | + "Notes": "" |
| 95 | + }, |
| 96 | + "is_private": false, |
| 97 | + "requester": "username", |
| 98 | + "content_type": "product", |
| 99 | + "content_object": null, |
| 100 | + "content_object_display_name": null, |
| 101 | + "cc_emails": [], |
| 102 | + "last_modified_by": null, |
| 103 | + "created_date": "2025-08-14T13:48:26.909014+04:00", |
| 104 | + "last_modified_date": "2025-08-14T13:48:26.909035+04:00", |
| 105 | + "comments": [], |
| 106 | + "dataspace": "Dataspace" |
| 107 | + } |
| 108 | + } |
| 109 | + |
| 110 | +Security considerations |
| 111 | +----------------------- |
| 112 | + |
| 113 | +- Always validate incoming webhook requests on your server. |
| 114 | +- If possible, restrict the target URL to accept requests only from trusted IP ranges. |
| 115 | +- Consider adding a signature header in **extra headers** to verify authenticity. |
0 commit comments