Webhook Events

GLACIS sends webhooks for key events. Configure your webhook URL in Settings.

Configuring Webhooks

Navigate to Settings → Webhooks
Enter your endpoint URL
Select events to receive
Save and test

Webhook Security

All webhooks include a signature header:

X-Glacis-Signature: sha256=abc123...

Verify the signature:

import { createHmac } from 'crypto';

function verify(payload: string, signature: string, secret: string) {
  const expected = 'sha256=' + createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  return signature === expected;
}

Events

attestation.created

Fired when a new attestation is received.

{
  "event": "attestation.created",
  "timestamp": 1704106800000,
  "data": {
    "attestationId": "att_xyz789",
    "level": "L2",
    "epochId": "epoch_2024010112",
    "controlsMapped": ["A.6.2.6", "A.9.4"]
  }
}

compliance.score_changed

Fired when compliance score changes.

{
  "event": "compliance.score_changed",
  "timestamp": 1704106800000,
  "data": {
    "previousScore": 65,
    "newScore": 67,
    "change": 2
  }
}

control.status_changed

Fired when a control status changes.

{
  "event": "control.status_changed",
  "timestamp": 1704106800000,
  "data": {
    "controlId": "A.6.2.6",
    "previousStatus": "in_progress",
    "newStatus": "implemented"
  }
}

evidence.added

Fired when evidence is added to a control.

{
  "event": "evidence.added",
  "timestamp": 1704106800000,
  "data": {
    "evidenceId": "ev_abc123",
    "controlId": "A.2.1",
    "type": "document"
  }
}

Retry Policy

Failed webhooks are retried:

3 attempts
Exponential backoff (1s, 5s, 30s)
After 3 failures, webhook is disabled