Skip to main content

Overview

Outbound webhooks send real-time event notifications from Cysmiq to HTTPS endpoints you control.
Availability depends on your Cysmiq plan.
Use outbound webhooks to connect Cysmiq events to internal automation, ticketing workflows, SIEM pipelines, data warehouses, or notification systems.

Create an endpoint

Select New Endpoint and configure:
FieldWhat to enter
DescriptionOptional name for the endpoint. If blank, Cysmiq shows the endpoint URL.
Payload URLHTTPS URL that receives webhook deliveries. The URL cannot contain embedded credentials, URL fragments, or private network addresses.
ScopeWorkspace, organization, or repository scope for matching events.
Event SubscriptionsOne or more event labels or event groups that should trigger deliveries.
After creating an endpoint, copy the Signing Secret immediately. Cysmiq only shows the signing secret when the endpoint is created or when the secret is rotated.

Scope

ScopeEvents delivered
WorkspaceMatching events from the entire workspace.
Organizational UnitMatching events tied to the selected organization.
RepositoryMatching events tied to the selected repository.

Event Subscriptions

Select event labels to control which deliveries Cysmiq sends to an endpoint.
GroupEvent labelEvent name
GeneralAll events*
GeneralPingwebhook.ping
ScansAll scan eventsscan.*
ScansScan createdscan.created
ScansScan completedscan.completed
ScansScan failedscan.failed
ScansScan abortedscan.aborted
ScansScan skippedscan.skipped
RepositoriesRepository createdrepository.created
VulnerabilitiesAll vulnerability eventsvulnerability.*
VulnerabilitiesVulnerability createdvulnerability.created
VulnerabilitiesVulnerability status changedvulnerability.status_changed
VulnerabilitiesVulnerability resolvedvulnerability.resolved
VulnerabilitiesVulnerability closedvulnerability.closed
VulnerabilitiesVulnerability reopenedvulnerability.reopened
VulnerabilitiesVulnerability regressionvulnerability.regression
Selecting All events covers product events such as scan, repository, and vulnerability events. Use Send Ping from an endpoint’s action menu to send a test Ping delivery directly to that endpoint. Selecting All scan events covers every specific scan event. Selecting All vulnerability events covers every specific vulnerability event. Selecting Vulnerability status changed also matches the more specific vulnerability status events: Vulnerability resolved, Vulnerability closed, Vulnerability reopened, and Vulnerability regression.

Endpoint Actions

Open an endpoint to manage it.
ActionWhat it does
EditUpdates the description, payload URL, scope, or event subscriptions.
Send PingSends a test Ping delivery to the active endpoint.
PauseStops deliveries while keeping the endpoint configuration.
ResumeStarts deliveries again for a paused endpoint.
Re-enableMakes a disabled endpoint active again and resets consecutive failures.
Rotate SecretGenerates a new signing secret and shows it once.
DeletePermanently deletes the endpoint and its subscriptions.
Endpoint statuses are Active, Paused, and Disabled. Cysmiq can disable an endpoint after repeated delivery failures. A 410 Gone response also disables the endpoint.

Signing

Cysmiq signs each webhook delivery with the endpoint signing secret. Store the secret in your receiving system and verify the signature before trusting the payload.
HeaderPurpose
X-Cysmiq-EventEvent name, such as scan.completed.
X-Cysmiq-Event-IdEvent ID.
X-Cysmiq-Delivery-IdDelivery ID.
X-Cysmiq-Webhook-IdEndpoint ID.
X-Cysmiq-Attempt-IdDelivery attempt ID.
X-Cysmiq-AttemptAttempt number for this delivery.
X-Cysmiq-Triggered-AtTimestamp when the delivery was triggered.
X-Cysmiq-Schema-VersionPayload schema version.
X-Cysmiq-SignatureHMAC signature for the delivery body.
The signature header has the format t=<unix_timestamp>,v1=<signature>. During secret rotation overlap, the header can contain two v1 signatures so receivers can accept the previous secret while switching to the new one. To verify a delivery, compute an HMAC SHA-256 over timestamp.delivery_id.attempt_id.raw_json_body with the signing secret, then compare it with a v1 value from X-Cysmiq-Signature.

Payload

Webhook payloads use a JSON envelope.
FieldMeaning
idEvent ID.
typeEvent name.
created_atWhen the event occurred.
schema_versionPayload schema version.
modePayload mode. Current endpoints use snapshot.
workspaceWorkspace ID and slug.
dataEvent-specific snapshot data.
changesChanged fields when the event includes change data.

Delivery History

Each endpoint shows recent deliveries with:
  • Event
  • Status
  • HTTP
  • Attempts
  • Triggered
Open a delivery to inspect the payload, payload SHA-256, delivery metadata, and individual delivery attempts. Attempts include result, HTTP status, duration, start time, and error details when available. Delivery statuses are:
StatusMeaning
PendingDelivery is queued.
DeliveringCysmiq is sending the request.
Retry ScheduledDelivery failed with a retryable result and will be retried.
SucceededReceiver returned a successful response.
FailedDelivery failed with a non-retryable result.
ExhaustedRetries were exhausted.
CancelledDelivery was cancelled, usually because the endpoint cannot receive deliveries.

Redelivery

Use Redeliver from a terminal delivery detail view to queue a new delivery with the same payload. Redelivery is available only for terminal deliveries and only when the endpoint is active.