> ## Documentation Index
> Fetch the complete documentation index at: https://docs.symbioticsec.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Webhooks

> Set-up webhooks and connect Symbiotic to your ecosystem

## Configure a  webhook

To add a webhook, you will be asked :

* the endpoint URL
* which event you want to send

Once created, we will give you the signature key that you could use to verify webhook’s authenticity.

<Warning>
  Webhooks are shared across all users of an organization.
</Warning>

## Webhook format

Our webhooks payload are in a JSON format and follow the same structure :

→ `event` : the event name

→ `timestamp` : timestamp of when the webhook was sent

→ `data` : an object containing properties to describe the event

### Vulnerability Created

<CodeGroup>
  ```json Description theme={null}
  "data":{
        "pubkey": public key of the vulnerability - **string**
        "creator": email of the user that detected the vulnerability - **string**
        "rule_id": scanner_id of the rule - **string**
        "resource_path": path of the resource affected - **string**
        "created_at": vulnerability detection date - **timestamp**
        }
  ```

  ```json Example theme={null}
  {
     "event":"vulnerability.created",
     "timestamp":1728463677,
     "data":{
        "pubkey":"0ef8ac7e-1b9d-48d9-82eb-2f2355ba2b31",
        "creator":"alexis.colonna@symbioticsec.ai",
        "rule_id":"AVD-AWS-0088",
        "resource_path":"aws_s3_bucket.financials",
        "created_at":1728463677
     }
  }
  ```
</CodeGroup>

### Vulnerability Remediated

<CodeGroup>
  ```json Description theme={null}
  "data":{
        "pubkey": public key of the vulnerability - **string**
        "creator": email of the user that detected the vulnerability - **string**
        "rule_id": scanner_id of the rule - **string**
        "resource_path": path of the resource affected - **string**
        "remediated_at": vulnerability remediation date - **timestamp**
        }
  ```

  ```json Example theme={null}
  {
     "event":"vulnerability.remediated",
     "timestamp":1728463676,
     "data":{
        "pubkey":"91ef872c-3402-43e9-b8a8-d5cead98c5c9",
        "creator":"abir.khalladi@symbioticsec.ai",
        "rule_id":"AVD-AWS-0132",
        "resource_path":"aws_s3_bucket.operations",
        "remediated_at":1728463676
     }
  }
  ```
</CodeGroup>

### Training Completed

<CodeGroup>
  ```json Description theme={null}
  "data":{
        "started_at": when the user has started the training - **timestamp**
        "completed_at": when the user has completed the training - **timestamp**
        "user": email address of the user - **string**
        "training": name of the training - **string**
        "score": score of the user - **int**
     }
  ```

  ```json Example theme={null}
  {
     "event":"training.completed",
     "timestamp":1728467227,
     "data":{
        "started_at":1728466979,
        "completed_at":1728467227,
        "user":"alexis.colonna@symbioticsec.ai",
        "training":"Unencrypted S3 bucket",
        "score":110
     }
  }
  ```
</CodeGroup>

## Verify webhooks

You can verify the authenticity of a Symbiotic webhook you receive using the signature key [available in your Symbiotic account](https://app.symbioticsec.ai/settings/webhook) and the header `symbioticsec_signature`

Signature is calculated using the following code on our side :

```python theme={null}
import hashlib
import hmac
import json

def generate_signature(signing_secret: str, payload: dict) -> str:
    return hmac.new(
        bytes.fromhex(signing_secret),
        json.dumps(payload, sort_keys=True, separators=(",", ":")).encode(),
        hashlib.sha256,
    ).hexdigest()
```