Skip to Content
IntegrationsWebhooks

Webhooks

Use generic webhooks to connect Vouch to any system — custom dashboards, Jira ticket creation, CI/CD pipelines, or your own backend logic.

Two flavors of webhooks:

  1. Account-level webhook (this page) — fires on every scan for your account, configured once in the dashboard.
  2. Per-request callback — pass callback_url + callback_secret when triggering a scan via the API. Fires only for that one scan, with HMAC-SHA256 signature verification. See the API Reference.

Setup (account-level)

  1. Create a POST endpoint in your backend that accepts JSON.
  2. In your Vouch dashboard, go to Developer Portal → Integrations and add the public URL.

You can also configure it via the API:

curl -X PATCH https://api.vouch-secure.com/developer/integrations \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"generic_webhook_url": "https://your-domain.com/vouch-webhook"}'

Payload Structure

Vouch sends a POST request with the following JSON body after each scan:

{
  "event": "scan_complete",
  "repository": "your-org/your-repo",
  "score": 87,
  "findings_count": 3,
  "severity_breakdown": {
    "critical": 0,
    "high": 1,
    "medium": 2,
    "low": 0
  },
  "timestamp": "2026-04-20T10:00:00Z",
  "scan_url": "https://vouch-secure.com/dashboard/scan/12345"
}

Use the event field to distinguish between event types as more are added (scan_started, auto_fix_ready, etc.).

Last updated on
SlackAPI Reference