Receive Secureagentics Events via Webhooks

Webhooks let Secureagentics push event notifications directly to your systems in real time. When a monitored event occurs — such as an alert firing or a policy violation — Secureagentics sends an HTTP POST request containing event details to a URL you specify. Use webhooks to trigger your own workflows: create tickets, notify on-call teams, update dashboards, or feed events into a SIEM.

Supported events

Event type	When it fires
`alert.triggered`	A configured alert fired based on your alert rules.
`policy.violated`	An agent action violated an active security policy.
`agent.registered`	A new agent was registered with your workspace.
`agent.error`	An agent reported an error event.

You subscribe to specific events when you create a webhook. Secureagentics only sends requests for the event types you select.

Create a webhook

Dashboard
API

Open webhook settings

Go to Settings → Webhooks in the Secureagentics dashboard, then click Add webhook.

Enter your endpoint URL

Enter the full HTTPS URL of the endpoint that will receive webhook events. The URL must be publicly accessible and respond to POST requests.

Select events

Choose the event types you want to subscribe to. You can select one or more from the supported events list.

Add a signing secret (recommended)

Enter a secret string that Secureagentics will use to sign each payload. You use this secret to verify that incoming requests genuinely came from Secureagentics. See Verify webhook signatures for details.

Save the webhook

Click Save. Secureagentics will immediately send a test ping to your endpoint to confirm it’s reachable.

Send a POST request to the webhooks endpoint to create a webhook programmatically.

cURL

curl -X POST https://api.secureagentics.ai/v1/webhooks \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://your-server.example.com/webhooks/secureagentics",
    "events": ["alert.triggered", "policy.violated"],
    "secret": "your-signing-secret"
  }'

A successful response returns the new webhook object including its id.

Creating webhooks via the API requires a key with write or admin scope. See Authentication for details on API key scopes.

Webhook payload format

Secureagentics delivers events as JSON objects in the POST request body. All events share the same top-level structure.

{
  "id": "evt_abc123",
  "type": "alert.triggered",
  "timestamp": "2024-01-15T10:30:00Z",
  "data": {
    "alert_id": "alrt_xyz",
    "agent_id": "agt_abc123",
    "details": "Rate limit exceeded: 150 prompts/min"
  }
}

Field	Type	Description
`id`	string	Unique identifier for this event delivery.
`type`	string	The event type (see Supported events).
`timestamp`	string	ISO 8601 timestamp of when the event occurred.
`data`	object	Event-specific payload. Contents vary by event type.

The id field is unique per delivery attempt. If Secureagentics retries a failed delivery, the retry carries the same id. Use this to deduplicate events in your handler.

Verify webhook signatures

Secureagentics signs every webhook payload using HMAC-SHA256 and your webhook secret. The signature is sent in the X-Secureagentics-Signature header as a hex digest. Verifying this signature confirms the request came from Secureagentics and that the payload was not tampered with in transit.

import hashlib
import hmac
from flask import Flask, request, abort

app = Flask(__name__)

WEBHOOK_SECRET = "your-signing-secret"

@app.route("/webhooks/secureagentics", methods=["POST"])
def handle_webhook():
    signature = request.headers.get("X-Secureagentics-Signature", "")
    payload = request.get_data()

    expected = hmac.new(
        WEBHOOK_SECRET.encode("utf-8"),
        payload,
        hashlib.sha256,
    ).hexdigest()

    if not hmac.compare_digest(expected, signature):
        abort(400, "Invalid signature")

    event = request.get_json()
    print(f"Received event: {event['type']}")

    return "", 200

Always use a constant-time comparison (such as hmac.compare_digest in Python or crypto.timingSafeEqual in Node.js) to prevent timing attacks.

Retries

If your endpoint does not respond with a 2xx status code within 10 seconds, Secureagentics treats the delivery as failed and retries it automatically. Secureagentics retries up to 5 times with exponential backoff:

Attempt	Delay after previous attempt
1st retry	1 minute
2nd retry	5 minutes
3rd retry	30 minutes
4th retry	2 hours
5th retry	8 hours

After 5 failed attempts, the delivery is marked as failed and no further retries occur. You can see failed deliveries in the webhook detail view in Settings → Webhooks. To avoid missed events:

Respond with 200 as quickly as possible. Offload any processing to a background job.
Make your handler idempotent using the event id field to deduplicate retried deliveries.

Test your webhook

Use the Send test event button to send a sample payload to your endpoint without waiting for a real event to occur.

Go to Settings → Webhooks.
Click on your webhook to open its detail view.
Click Send test event.
Select an event type to test.
Click Send.

Secureagentics sends a test payload and shows the response status and body returned by your endpoint. Use this to confirm your handler is reachable and processing signatures correctly.

Get Started

Guides

Integrations

Configuration

Receive Secureagentics Events via Webhooks

Supported events

Create a webhook

Webhook payload format

Verify webhook signatures

Retries

Test your webhook

Get Started

Guides

Integrations

Configuration

Documentation Index

​Supported events

​Create a webhook

​Webhook payload format

​Verify webhook signatures

​Retries

​Test your webhook

Supported events

Create a webhook

Webhook payload format

Verify webhook signatures

Retries

Test your webhook