Webhooks
Last updated
Last updated
© 2024 PlexTrac, Inc. All rights reserved.
Webhooks are a real-time, event-driven communication method that allows PlexTrac to send data automatically when a specific event occurs. Using HTTP POST requests, webhooks enable immediate data transfer without constant polling, making them efficient and lightweight. By providing a unique URL for event notifications, webhooks facilitate automation and real-time updates between applications while ensuring security through authentication methods and encryption.
APIs use a pull model where clients request data from servers, while webhooks employ a push model, automatically sending data to clients when specific events occur. APIs often require polling for updates, which can introduce latency and consume resources, whereas webhooks provide real-time notifications, making them more efficient for immediate actions. While APIs are suited for complex data manipulation and retrieval, webhooks excel in automating workflows with simple event-driven notifications. Additionally, APIs necessitate client-initiated requests, while webhooks require clients to set up a URL endpoint to receive data.
Webhook events offered at this time:
Report Publish Status
New Assessment Submission
New Engagement request from the Schedule module
Step 1: From the Admin Dashboard, click the Webhooks button under "Integrations & webhooks."
Step 2: Click New webhook.
Step 3: Provide a webhook name and confirm if this applies to all clients or a specific one(s). Click Continue.
Step 4: Insert the url of the application receiving the webhook data, select the event this webhook will be tracking from the pulldown menu, and enter the secret to validate authentication of the connection (if applicable).
Step 5: Click Test connection to validate the configuration of an endpoint.
When activated, this test initiates a series of checks to ensure everything functions correctly. First, the button verifies that the provided URL is valid and accessible and no redirect occurred. It checks that the domain resolves correctly and that the endpoint responds with a 200 OK
status code, indicating that it is operational. In addition to these validations, the endpoint must respond within five seconds, although the response time should be under one second for optimal efficiency.
For security purposes, if a secret is used, the button generates an HMAC-256 signature and includes it in the X-Authorization-HMAC-256
header of the POST request. This ensures that any communication with the endpoint remains secure.
Step 6: Click Save.
The webhook is enabled by default but can be turned off by toggling the bar under the "Enabled" column.
Existing configurations can be modified by clicking Edit under the "Actions" menu of the webhook.
Webhooks can be deleted, or event logs can be viewed by clicking the three dots under the "Actions" menu of the webhook.