Developer Documentation

The Tinfoil Security Webhooks send notifications externally at different points of a scan's lifecycle. You can edit scan webhook settings from your Dashboard.

By default, a JSON payload will be delivered via POST. If the URL ends with '.xml' then an XML payload will be provided instead. The webhook will try to be delivered 5 times with exponential backoff if an HTTP 200 response is not received.


Scan Started Webhook Payload

{
  "scan": {
    "id": "se00000000000000000000",
    "start_time": "2013-06-15T00:39:40Z",
    "scanner_ip_address": "unknown",
    "end_time": null,
    "scan_type": "full",
    "status": "scanning"
  }
  "site": {
    "id": "example",
    "url": "http://www.example.org",
    "request_rate": 40
  }
}

Returns a summary of the site and associated scan as it begins.

Scan Finished Webhook Payload

{
  "scan": {
    "id": "se00000000000000000000",
    "start_time": "2013-06-15T00:39:40Z",
    "scanner_ip_address": "unknown",
    "end_time": "2013-06-15T00:53:54Z",
    "scan_type": "full",
    "status": "done"
  }
  "site": {
    "id": "example",
    "url": "http://www.example.org",
    "request_rate": 40
  }
}

Returns a summary of the site and associated scan as it is finished or cancelled.