Integrations
Manage third-party integrations and webhooks
GET
/v1/integrations/providersList available providers
Retrieve the list of supported integration providers with their configuration schemas and available event types. Use this to build dynamic integration setup forms.
Example Request
bash
curl -X GET "https://apviso.com/api/v1/v1/integrations/providers" \
-H "X-API-Key: apvk_your_key_here"Response
Returns the full list of available integration providers with their credential requirements, configuration options, and supported event types.
json
{
"providers": [
{
"id": "slack",
"name": "Slack",
"description": "Send scan notifications and finding alerts to Slack channels",
"credentialFields": [
{
"name": "webhookUrl",
"type": "string",
"required": true,
"description": "Slack Incoming Webhook URL"
}
],
"configFields": [
{
"name": "channel",
"type": "string",
"required": false,
"description": "Override channel (uses webhook default if omitted)"
}
],
"supportedEvents": [
"scan.started",
"scan.completed",
"scan.failed",
"finding.critical",
"finding.high",
"report.ready"
]
},
{
"id": "webhook",
"name": "Webhook",
"description": "Send event payloads to any HTTP endpoint via POST requests",
"credentialFields": [
{
"name": "url",
"type": "string",
"required": true,
"description": "Webhook endpoint URL (HTTPS required)"
},
{
"name": "secret",
"type": "string",
"required": false,
"description": "HMAC-SHA256 signing secret for payload verification"
}
],
"configFields": [
{
"name": "headers",
"type": "object",
"required": false,
"description": "Additional HTTP headers to include in webhook requests"
}
],
"supportedEvents": [
"scan.started",
"scan.completed",
"scan.failed",
"finding.new",
"finding.critical",
"finding.high",
"report.ready",
"schedule.triggered",
"schedule.skipped"
]
},
{
"id": "jira",
"name": "Jira",
"description": "Automatically create Jira issues for discovered vulnerabilities",
"credentialFields": [
{
"name": "baseUrl",
"type": "string",
"required": true,
"description": "Jira instance URL (e.g. https://yourteam.atlassian.net)"
},
{
"name": "email",
"type": "string",
"required": true,
"description": "Jira account email"
},
{
"name": "apiToken",
"type": "string",
"required": true,
"description": "Jira API token"
}
],
"configFields": [
{
"name": "projectKey",
"type": "string",
"required": true,
"description": "Jira project key (e.g. SEC)"
},
{
"name": "issueType",
"type": "string",
"required": false,
"description": "Issue type name (defaults to \"Bug\")"
}
],
"supportedEvents": [
"finding.new",
"finding.critical",
"finding.high"
]
},
{
"id": "pagerduty",
"name": "PagerDuty",
"description": "Trigger PagerDuty incidents for critical and high severity findings",
"credentialFields": [
{
"name": "routingKey",
"type": "string",
"required": true,
"description": "PagerDuty Events API v2 routing key"
}
],
"configFields": [],
"supportedEvents": [
"finding.critical",
"finding.high",
"scan.failed"
]
},
{
"id": "email",
"name": "Email",
"description": "Send scan summaries and alerts to email addresses",
"credentialFields": [
{
"name": "recipients",
"type": "string[]",
"required": true,
"description": "List of email addresses"
}
],
"configFields": [
{
"name": "digestMode",
"type": "boolean",
"required": false,
"description": "Send a single digest email per scan instead of individual alerts"
}
],
"supportedEvents": [
"scan.completed",
"scan.failed",
"finding.critical",
"finding.high",
"report.ready"
]
}
]
}POST
/v1/integrationsCreate an integration
Configure a new integration with a third-party provider. Provide the provider ID, a display name, credentials, optional configuration, and the events you want to receive. Optionally set a minimum severity threshold to filter finding events.
Request Body
| Name | Type | Description |
|---|---|---|
providerrequired | string | Provider ID (e.g. "slack", "webhook", "jira", "pagerduty", "email") |
namerequired | string | Display name for this integration (e.g. "Security Team Slack") |
credentialsrequired | object | Provider-specific credentials (see the providers endpoint for required fields) |
config | object | Provider-specific configuration options |
enabledEventsrequired | string[] | List of event types to subscribe to (see the providers endpoint for supported events) |
minimumSeverity | stringcriticalhighmediumlowinfo | Minimum severity level for finding events. Events for findings below this severity are not delivered |
Example Request
bash
curl -X POST "https://apviso.com/api/v1/v1/integrations" \
-H "X-API-Key: apvk_your_key_here" \
-H "Content-Type: application/json" \
-d '{
"provider": "slack",
"name": "Security Team Slack",
"credentials": {
"webhookUrl": "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX"
},
"config": {
"channel": "#security-alerts"
},
"enabledEvents": [
"scan.completed",
"finding.critical",
"finding.high",
"report.ready"
],
"minimumSeverity": "high"
}'Response
Returns the created integration. Credentials are never returned in responses. The integration is enabled by default and will begin receiving events immediately.
json
{
"id": "019414e0-f1a2-7b3c-d4e5-6f7a8b9c0d1e",
"provider": "slack",
"name": "Security Team Slack",
"enabled": true,
"enabledEvents": [
"scan.completed",
"finding.critical",
"finding.high",
"report.ready"
],
"minimumSeverity": "high",
"lastDeliveryAt": null,
"lastDeliveryStatus": null,
"createdAt": "2026-04-10T16:30:22Z",
"updatedAt": "2026-04-10T16:30:22Z"
}GET
/v1/integrationsList configured integrations
Retrieve all integrations configured for your account, including their status and last delivery information.
Example Request
bash
curl -X GET "https://apviso.com/api/v1/v1/integrations" \
-H "X-API-Key: apvk_your_key_here"Response
Returns all configured integrations with their event subscriptions and last delivery status.
json
{
"data": [
{
"id": "019414e0-f1a2-7b3c-d4e5-6f7a8b9c0d1e",
"provider": "slack",
"name": "Security Team Slack",
"enabled": true,
"enabledEvents": [
"scan.completed",
"finding.critical",
"finding.high",
"report.ready"
],
"minimumSeverity": "high",
"lastDeliveryAt": "2026-04-10T11:05:00Z",
"lastDeliveryStatus": "success",
"createdAt": "2026-04-10T16:30:22Z",
"updatedAt": "2026-04-10T16:30:22Z"
},
{
"id": "019414e2-a3b4-7c5d-e6f7-8a9b0c1d2e3f",
"provider": "jira",
"name": "Security Jira Project",
"enabled": true,
"enabledEvents": [
"finding.new",
"finding.critical",
"finding.high"
],
"minimumSeverity": "medium",
"lastDeliveryAt": "2026-04-10T10:48:35Z",
"lastDeliveryStatus": "success",
"createdAt": "2026-04-08T09:15:00Z",
"updatedAt": "2026-04-10T10:48:35Z"
}
]
}PATCH
/v1/integrations/:idUpdate an integration
Update the configuration of an existing integration. You can modify the name, credentials, config, enabled events, minimum severity, or enable/disable the integration. Only provided fields are updated.
Path Parameters
| Name | Type | Description |
|---|---|---|
idrequired | string | Integration ID (UUIDv7) |
Request Body
| Name | Type | Description |
|---|---|---|
name | string | Updated display name |
credentials | object | Updated credentials |
config | object | Updated provider configuration |
enabledEvents | string[] | Updated event subscriptions |
minimumSeverity | stringcriticalhighmediumlowinfo | Updated minimum severity filter |
enabled | boolean | Enable or disable the integration |
Example Request
bash
curl -X PATCH "https://apviso.com/api/v1/v1/integrations/:id" \
-H "X-API-Key: apvk_your_key_here" \
-H "Content-Type: application/json" \
-d '{
"enabledEvents": [
"scan.completed",
"scan.failed",
"finding.critical",
"finding.high",
"finding.new",
"report.ready"
],
"minimumSeverity": "medium"
}'Response
Returns the full updated integration object.
json
{
"id": "019414e0-f1a2-7b3c-d4e5-6f7a8b9c0d1e",
"provider": "slack",
"name": "Security Team Slack",
"enabled": true,
"enabledEvents": [
"scan.completed",
"scan.failed",
"finding.critical",
"finding.high",
"finding.new",
"report.ready"
],
"minimumSeverity": "medium",
"lastDeliveryAt": "2026-04-10T11:05:00Z",
"lastDeliveryStatus": "success",
"createdAt": "2026-04-10T16:30:22Z",
"updatedAt": "2026-04-10T16:45:11Z"
}DELETE
/v1/integrations/:idDelete an integration
Permanently delete an integration. The integration will stop receiving events immediately. Delivery logs are retained for 30 days after deletion.
Path Parameters
| Name | Type | Description |
|---|---|---|
idrequired | string | Integration ID (UUIDv7) |
Example Request
bash
curl -X DELETE "https://apviso.com/api/v1/v1/integrations/:id" \
-H "X-API-Key: apvk_your_key_here"Response
Returns a confirmation message on success.
json
{
"message": "Integration deleted successfully"
}POST
/v1/integrations/:id/testTest integration connection
Send a test event to the integration to verify the connection and credentials are working correctly. The test event contains sample data and is clearly marked as a test.
Path Parameters
| Name | Type | Description |
|---|---|---|
idrequired | string | Integration ID (UUIDv7) |
Example Request
bash
curl -X POST "https://apviso.com/api/v1/v1/integrations/:id/test" \
-H "X-API-Key: apvk_your_key_here"Response
Returns the test result including delivery status, HTTP response code from the provider, and response time in milliseconds. If the test fails, `success` is `false` and an `error` field describes the failure.
json
{
"success": true,
"message": "Test event delivered successfully",
"deliveredAt": "2026-04-10T16:48:22Z",
"responseCode": 200,
"responseTime": 142
}GET
/v1/integrations/:id/logsGet delivery logs
Retrieve the event delivery log for an integration. Logs show each event that was delivered (or attempted), the response status, and any error details. Logs are retained for 30 days.
Path Parameters
| Name | Type | Description |
|---|---|---|
idrequired | string | Integration ID (UUIDv7) |
Query Parameters
| Name | Type | Description |
|---|---|---|
page | numberDefault: 1 | Page number for pagination |
limit | numberDefault: 20 | Number of results per page (max 100) |
Example Request
bash
curl -X GET "https://apviso.com/api/v1/v1/integrations/:id/logs" \
-H "X-API-Key: apvk_your_key_here"Response
Returns a paginated list of delivery log entries ordered by delivery time (newest first). Failed deliveries include the error message and HTTP response details.
json
{
"data": [
{
"id": "019414e5-d6e7-7f8a-b9c0-1d2e3f4a5b6c",
"event": "scan.completed",
"status": "success",
"responseCode": 200,
"responseTime": 89,
"error": null,
"deliveredAt": "2026-04-10T11:05:00Z"
},
{
"id": "019414e4-c5d6-7e8f-a9b0-1c2d3e4f5a6b",
"event": "finding.critical",
"status": "success",
"responseCode": 200,
"responseTime": 134,
"error": null,
"deliveredAt": "2026-04-10T10:45:20Z"
},
{
"id": "019414e3-b4c5-7d6e-f8a9-0b1c2d3e4f5a",
"event": "scan.started",
"status": "failed",
"responseCode": 500,
"responseTime": 2004,
"error": "Provider returned HTTP 500: Internal Server Error",
"deliveredAt": "2026-04-10T10:32:10Z"
}
],
"pagination": {
"page": 1,
"limit": 20,
"total": 3,
"totalPages": 1
}
}