Risk Cloud API: Interacting with Webhooks via Endpoints

Webhooks enable Risk Cloud to send real-time messages to your third-party tools. This article will briefly cover webhook setup and cover webhook URL API use cases.

Use Cases

Get Webhook URLs

Access

Need BUILD role access

Endpoint

GET/api/v1/webhook-urls

Query Param	Required	Type	Description
query	yes	string	Filter result via search query. Can leave value empty if not needed but the param is still needed.

Request Body

Empty

Response Body

[
  {
    "id": "<webhook url id>",
    "requestType": "GET",
    "headers": [],
    "url": "<webhook url>",
    "name": "<webhook name>",
    "status": "<webhook status ex FAILING or ACTIVE>",
    "creatorEmail": "<webhook creator email>",
    "authHeadersEnabled": <boolean>,
    "enabled": <boolean>
  },
  ..
  {
    ..
  }
]

[
  {
    "id": "<webhook url id>",
    "requestType": "GET",
    "headers": [],
    "url": "<webhook url>",
    "name": "<webhook name>",
    "status": "<webhook status ex FAILING or ACTIVE>",
    "creatorEmail": "<webhook creator email>",
    "authHeadersEnabled": <boolean>,
    "enabled": <boolean>
  },
  ..
  {
    ..
  }
]

Returns a list of webhook URL objects.

Generate a New Webhook Secret

Access

Need ADMIN role access

Endpoint

PATCH/api/v1/webhook-urls/{webhook-url-id}/key

Request Body

Empty

Response Body

{new-webhook-url-secret}

{new-webhook-url-secret}

Create Webhook URL

Access

Need ADMIN role access

Endpoint

POST/api/v1/webhook-urls

Request Body

{
  "active": true,
  "authHeaderName": "<webhook auth header name>",
  "authHeaderValue": "<webhook auth header value>",
  "dateFormat": "EEEE, MMMM d, yyyy h:mm a",
  "name": "<webhook name>",
  "url": "<webhook url that is properly formatted ex https://example.com>"
}

{
  "active": true,
  "authHeaderName": "<webhook auth header name>",
  "authHeaderValue": "<webhook auth header value>",
  "dateFormat": "EEEE, MMMM d, yyyy h:mm a",
  "name": "<webhook name>",
  "url": "<webhook url that is properly formatted ex https://example.com>"
}

Response Body

Expect a 200 response with similar request object (with more info) in response.

Update Webhook URL

Access

Need ADMIN role access

Endpoint

PATCH/api/v1/webhook-urls/{webhook-url-id}

Request Body

{
  "active": true,
  "dateFormat": "EEEE, MMMM d, yyyy h:mm a",
  "authHeadersEnabled": false,
  "authHeaderName": "<webhook auth header name>",
  "authHeaderValue": "<webhook auth header value>",
  "name": "<webhook name>",
  "url": "<webhook url that is properly formatted ex https://example.com"
}

{
  "active": true,
  "dateFormat": "EEEE, MMMM d, yyyy h:mm a",
  "authHeadersEnabled": false,
  "authHeaderName": "<webhook auth header name>",
  "authHeaderValue": "<webhook auth header value>",
  "name": "<webhook name>",
  "url": "<webhook url that is properly formatted ex https://example.com"
}

Response Body

Expect a 200 response with similar request object (with more info) in response.

FAQ

What do I use for Header Name and Header Value?

Header Name is typically set to Authorization while Header Value is typically set to Bearer <token>.

How long does a webhook secret and value last?

It never expires unless it has been changed. The best practice is to rotate it every 6-12 months but that is up to your organization to determine and implement.

What LogicGate IP addresses can I add to an internal allow list?

We only provide dynamic not static IP addresses and are unable to provide a range of IP addresses. Our recommendation is to use an IaaS platform (e.g. Azure, Google Cloud, or AWS) to do the allow listing.

Documentation

Risk Cloud API: Interacting with Webhooks via Endpoints

Use Cases

Get Webhook URLs

Generate a New Webhook Secret

Create Webhook URL

Update Webhook URL

FAQ