Back to Integrations
Webhooks logo

Connect APVISO with Webhooks

Automation

Receive APVISO scan events and findings via webhooks. Build custom integrations with any system using real-time HTTP event delivery.

Why connect APVISO with Webhooks?

Universal Integration

Webhooks work with any system that can receive HTTP POST requests. Build custom integrations with internal tools, databases, or any application in your stack.

Real-Time Event Delivery

APVISO sends webhook events as they occur — findings are delivered the moment they are discovered, not on a polling interval.

Full Flexibility

Receive the raw event data and process it however your workflow requires. No intermediary platform limits what you can do with the data.

Setup Guide

1

Set Up a Webhook Endpoint

Create an HTTP endpoint on your server that can receive POST requests. This endpoint will process APVISO events. Ensure it returns a 200 status code on success.

2

Register the Webhook in APVISO

Navigate to Settings > Integrations > Webhooks. Add your endpoint URL and select which events should be delivered: findings, scan lifecycle, or reports.

3

Verify and Secure

APVISO sends a verification request to confirm your endpoint is reachable. Configure the webhook secret to verify APVISO's HMAC signature on each delivery.

Features

  • Real-time HTTP POST delivery for all scan events
  • Configurable event types: findings, scans, reports
  • HMAC signature verification for security
  • Automatic retries with exponential backoff
  • Event logs for debugging and monitoring deliveries

How APVISO Integrates with Webhooks

APVISO's webhook integration provides raw, real-time event delivery to any HTTP endpoint. For organizations that need to build custom integrations, feed internal systems, or implement unique workflow logic, webhooks offer maximum flexibility with no intermediary platforms.

Real-Time Event Delivery

When APVISO's AI agents discover a vulnerability, a webhook event is fired immediately. The HTTP POST request hits your endpoint within seconds of the finding being confirmed. This real-time delivery is faster than any polling-based integration and ensures your custom systems have the latest security data as soon as it is available.

Event Types

APVISO webhooks deliver several event types. Finding events fire when a vulnerability is discovered and include the full finding data: title, severity, CVSS score, affected endpoint, description, reproduction steps, and remediation guidance. Scan events fire at scan lifecycle milestones: started, progress update, completed, and failed. Report events fire when a scan report is generated and include a download link.

You configure which event types are delivered to each webhook endpoint. One endpoint might receive only finding events while another receives the full event stream.

Payload Structure

Every webhook payload follows a consistent JSON structure with an event field identifying the event type, a timestamp, and a data object containing the event-specific details. This consistent structure simplifies parsing on the receiving end — your webhook handler can dispatch based on the event type and extract details from the data object.

Security and Verification

APVISO signs every webhook delivery with an HMAC-SHA256 hash using your webhook secret. The signature is included in the X-APVISO-Signature header. Your endpoint should verify this signature before processing the payload to confirm the request came from APVISO. This prevents attackers from injecting fake vulnerability data into your systems.

Reliability and Retries

Webhook deliveries are reliable. If your endpoint returns a non-2xx status code or times out, APVISO retries with exponential backoff: 1 minute, 5 minutes, 30 minutes, and 2 hours after the initial failure. Every delivery attempt is logged in APVISO's webhook delivery log, where you can inspect request payloads, response codes, and timing for debugging.

Common Use Cases

Webhooks enable custom integrations that pre-built integrations cannot cover. Common use cases include feeding findings into an internal vulnerability database, triggering custom CI/CD pipeline actions, updating internal risk dashboards, populating data warehouses for security analytics, and integrating with proprietary ticketing or workflow systems. The raw event data gives you complete control over how APVISO findings are processed and routed in your environment.

Frequently Asked Questions

What format are webhook payloads?

APVISO sends JSON payloads with a consistent structure: an event type field, a timestamp, and a data object containing the event details. Finding events include full vulnerability data; scan events include scan metadata and summary statistics.

How does APVISO handle failed webhook deliveries?

APVISO retries failed deliveries with exponential backoff — 1 minute, 5 minutes, 30 minutes, and 2 hours. After all retries are exhausted, the event is logged as failed and visible in the webhook delivery log.

Can I verify that webhook requests come from APVISO?

Yes. Each webhook delivery includes an X-APVISO-Signature header containing an HMAC-SHA256 hash of the payload using your webhook secret. Verify this signature to confirm the request originated from APVISO.

Related Integrations

APVISO + ZapierAPVISO + Make (Integromat)APVISO + n8n

Related Terms

DevsecopsContinuous PentestingVulnerability Management

Connect APVISO with Webhooks today

Set up the Webhooks integration in minutes and start routing security findings to your team.

Get Started