Webhooks
Receive real-time notifications when events occur in your SecureHive workspace.
Supported Events
| Event | Description |
|---|---|
risk.created | A new risk was added to the register |
risk.updated | A risk’s score, status, or treatment changed |
risk.closed | A risk was resolved and closed |
control.evidence_uploaded | New evidence was attached to a control |
control.evidence_stale | Evidence passed its freshness threshold |
finding.created | A new audit finding was logged |
finding.resolved | An audit finding was remediated |
vendor.assessment_completed | A vendor assessment was submitted |
vendor.risk_change | A vendor’s risk score changed significantly |
incident.created | A new incident was opened |
incident.escalated | An incident severity was raised |
policy.published | A policy was published or updated |
Creating Webhooks
mutation {
createWebhook(input: {
url: "https://your-app.com/webhooks/securehive"
events: [RISK_CREATED, RISK_UPDATED, INCIDENT_CREATED]
secret: "whsec_your_signing_secret"
}) {
id
url
events
status
}
}Payload Format
All webhook payloads follow this structure:
{
"id": "evt_abc123",
"type": "risk.created",
"timestamp": "2026-05-21T14:30:00Z",
"data": {
"id": "risk_xyz789",
"title": "Unencrypted data at rest",
"riskScore": 20
}
}Verifying Signatures
Each webhook request includes an X-SecureHive-Signature header. Verify it using HMAC-SHA256 with your signing secret to confirm the payload is authentic.
Last updated on