Developer Documentation

Website Scanner

The Tinfoil Security Webhooks send notifications externally at different points of a scan's lifecycle. You can edit scan webhook settings from your Dashboard.

By default, a JSON payload will be delivered via POST. If the URL ends with '.xml' then an XML payload will be provided instead. The webhook will try to be delivered 5 times with exponential backoff if an HTTP 200 response is not received.


Scan Started Webhook Payload

{
  "scan_started_webhook": {
    "site": {
      "id": "example-site",
      "name": "Example Site",
      "url": "http://example.com",
      "auth_types": [

      ],
      "configuration_add_ons": {
        "auto_throttle_disabled": false,
        "crawl_robots_txt_disabled": false,
        "crawl_sitemap_disabled": false,
        "dom_dedupe_disabled": false,
        "javascript_enabled": false,
        "javascript_customization": null,
        "path_customization": null,
        "header_customization": null,
        "scan_webhooks": null
      },
      "request_rate": 40,
      "schedule": null
    },
    "scan": {
      "id": "se987654321",
      "start_time": "2020-11-24 11:19:24 UTC",
      "end_time": "2020-11-24 11:20:24 UTC",
      "scan_type": "full",
      "status": "done"
    }
  }
}

Returns a summary of the site and associated scan as it begins.

Scan Finished Webhook Payload

{
  "scan_finished_webhook": {
    "site": {
      "id": "example-site",
      "name": "Example Site",
      "url": "http://example.com",
      "auth_types": [

      ],
      "configuration_add_ons": {
        "auto_throttle_disabled": false,
        "crawl_robots_txt_disabled": false,
        "crawl_sitemap_disabled": false,
        "dom_dedupe_disabled": false,
        "javascript_enabled": false,
        "javascript_customization": null,
        "path_customization": null,
        "header_customization": null,
        "scan_webhooks": null
      },
      "request_rate": 40,
      "schedule": null
    },
    "scan": {
      "id": "se987654321",
      "start_time": "2020-11-24 11:19:24 UTC",
      "end_time": "2020-11-24 11:20:24 UTC",
      "scan_type": "full",
      "status": "done"
    }
  }
}

Returns a summary of the site and associated scan as it is finished or cancelled.