IndigiArmorIndigiArmorDocs

Webhooks

Register webhook endpoints to receive real-time HTTP callbacks when scans trigger risk signals. Webhooks let you integrate IndigiArmor alerts into Slack, PagerDuty, custom dashboards, or any system that accepts HTTP POST requests.

Plan requirement: Webhook alerts require the webhookAlerts feature, available on Professional plans and above.

GET
/v1/webhooks

List all webhook endpoints for your organization.

Response

200 OK
{
  "webhooks": [
    {
      "id": "uuid",
      "url": "https://hooks.slack.com/services/T.../B.../xxx",
      "events": ["red_tier"],
      "format": "json",
      "enabled": true,
      "failure_count": 0,
      "last_triggered_at": "2026-01-15T10:00:00Z",
      "created_at": "2026-01-10T08:00:00Z"
    }
  ]
}
POST
/v1/webhooks

Register a new webhook endpoint.

Request Body

ParameterTypeRequiredDescription
urlstringYesThe HTTPS URL to receive webhook POST requests
eventsstring[]NoEvent types to subscribe to. Defaults to ["red_tier"].
format"json"NoPayload format. Defaults to "json".

Create Response

201 Created
{
  "webhook": {
    "id": "uuid",
    "url": "https://hooks.slack.com/services/T.../B.../xxx",
    "events": ["red_tier"],
    "format": "json",
    "enabled": true,
    "failure_count": 0,
    "last_triggered_at": null,
    "created_at": "2026-01-15T10:00:00Z",
    "secret": "a1b2c3d4e5f6..."
  }
}

The secret is returned only on creation. Store it securely — it is used to verify webhook signatures.

PUT
/v1/webhooks/:id

Update an existing webhook endpoint.

Path Parameters

ParameterTypeRequiredDescription
idstringYesThe webhook ID

Update Body

ParameterTypeRequiredDescription
urlstringNoUpdated webhook URL
eventsstring[]NoUpdated event subscriptions
format"json"NoUpdated payload format
enabledbooleanNoEnable or disable the webhook

Update Response

200 OK
{
  "webhook": {
    "id": "uuid",
    "url": "https://hooks.slack.com/services/T.../B.../xxx",
    "events": ["red_tier", "yellow_tier"],
    "format": "json",
    "enabled": true,
    "failure_count": 0,
    "last_triggered_at": null,
    "created_at": "2026-01-15T10:00:00Z"
  }
}
DELETE
/v1/webhooks/:id

Remove a webhook endpoint.

Path Parameters

ParameterTypeRequiredDescription
idstringYesThe webhook ID

Delete Response

200 OK
{ "deleted": true }
POST
/v1/webhooks/:id/test

Send a test payload to a webhook endpoint to verify connectivity.

Path Parameters

ParameterTypeRequiredDescription
idstringYesThe webhook ID to test

Test Response

200 OK
{
  "success": true,
  "status": 200
}

The test endpoint sends a synthetic payload with event: "test" and a green-tier result. If the target URL is unreachable or times out (10s), the response returns { "success": false, "error": "Connection failed or timed out" }.

Test Payload Shape

Delivered to your endpoint
{
  "event": "test",
  "tier": "green",
  "action": "allow",
  "risk_score": 0,
  "signals": [],
  "latency_ms": 0,
  "timestamp": "2026-01-15T10:00:00.000Z"
}

Examples

SDK
// Register a webhook
const webhook = await armor.createWebhook({
  url: 'https://hooks.slack.com/services/T.../B.../xxx',
  events: ['red_tier'],
});
console.log('Secret:', webhook.secret);

// List webhooks
const webhooks = await armor.listWebhooks();

// Update a webhook
await armor.updateWebhook(webhooks[0].id, {
  events: ['red_tier', 'yellow_tier'],
});

// Test a webhook
const test = await armor.testWebhook(webhooks[0].id);
console.log('Reachable:', test.success);

// Remove a webhook
await armor.deleteWebhook(webhooks[0].id);
cURL — Create
curl -X POST https://indigiarmor.com/v1/webhooks \
  -H "Authorization: Bearer ia_sk_..." \
  -H "Content-Type: application/json" \
  -d '{"url": "https://hooks.slack.com/services/T.../B.../xxx", "events": ["red_tier"]}'