WASViking Docs
⌘K
Integrations

Webhooks

Subscribe to signed JSON events for SIEM ingestion, automation, or anything that doesn't fit a built-in integration.

Webhooks are the catch-all integration. Anything not covered by Jira, Slack, or Teams can subscribe to events directly. Payloads are signed JSON over HTTPS.

For the full event catalog and signature verification examples, see API Reference → Webhook events.

Common patterns

SIEM ingestion

Subscribe to:

  • finding.created
  • finding.escalated
  • finding.sla_breached
  • secret.verified_live
  • sbom.intel_match

Push the verified payload straight into your SIEM index. WASViking® signs every event with HMAC-SHA256; verification rejects forged deliveries before they touch your pipeline.

CMDB / asset inventory sync

Subscribe to:

  • asset.first_seen
  • asset.disappeared
  • asset.reappeared

Use these to keep an external CMDB in sync with what WASViking sees on your surface.

Notification fan-out

If your team prefers a single-system fan-out (PagerDuty for criticals, Slack for warnings, email digest for lows), wire all events into your fan-out engine via webhook and let it route.

Registering

curl -sS https://api.wasviking.com/v1/webhooks \
  -H "Authorization: ApiKey ${KEY}" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://example.com/wasviking-hook",
    "events": ["finding.escalated", "finding.sla_breached"],
    "description": "SIEM ingestion"
  }'

The response includes the signing secret. Store it; it is shown once.

Rotating the secret

curl -sS https://api.wasviking.com/v1/webhooks/{id}/rotate \
  -H "Authorization: ApiKey ${KEY}"

Both the old and new secrets verify for a 24-hour overlap window. Roll your consumer to the new secret inside that window, then revoke the old one explicitly.

Test delivery

curl -sS https://api.wasviking.com/v1/webhooks/{id}/test \
  -H "Authorization: ApiKey ${KEY}"

WASViking sends a webhook.test event to your endpoint. The payload shape matches a real event so your verification logic can be exercised in CI.

Delivery guarantees

  • At-least-once. Network errors retry with exponential backoff for up to 24 hours.
  • Per-finding ordering. Events for the same finding are delivered in order. There is no global ordering guarantee.
  • Signed. Every delivery includes Wasviking-Signature and Wasviking-Delivery headers. Verify both.

Failure handling

If your endpoint returns non-2xx, WASViking retries with backoff: 1m, 5m, 30m, 2h, 8h, then stops at 24h. Failures are visible at Integrations → Webhooks → Deliveries so you can inspect the response body and replay.

Replay endpoint:

curl -sS https://api.wasviking.com/v1/webhooks/{id}/deliveries/{delivery_id}/replay \
  -H "Authorization: ApiKey ${KEY}"

Cap and rate

Each webhook subscription has a delivery cap of 50,000 events per day by default. Bursty workloads are smoothed; sustained excess returns 429 on subscription writes and surfaces in the portal Usage tab.