Note: Webhooks are only available for Professional and Enterprise programs.
Webhooks enable you to build your own real-time integrations that subscribe to certain report and program events on HackerOne. When an event is triggered, HackerOne will send an HTTP POST payload to the webhook’s configured URL. View the API documentation for webhooks.
Some examples of what webhooks can be used for include:
Updating an external issue tracker
Triggering a notification system
Updating a report’s data backup
Triggering provisioning for a user account when a hacker joins your private program
They can be created on a program level and are bound to the permissions of the user that creates the webhook.
To access webhooks go to your Security page, then the settings on the left and click Automation > Webhooks.
Add a New Webhook
To add a new webhook:
Go to your Security page, then click Automation > Webhooks.
Click New webhook.
Enter your Payload URL. This URL will be used to receive POST requests.
Enter your webhook secret in the Secret field. The secret is used to validate that the request came from HackerOne. Learn how to validate the payload using a secret.
Select which events you’d like to trigger the webhook. You can choose between:
Send me everything: All events will trigger the webhook.
Let me specify individual events: You can choose which events you'd like to trigger the webhook.
Click Add webhook.
Managing Webhooks
To manage your webhooks:
Go to Program Settings > Program > Webhooks.
Click Edit for the webhook you want to update.
Update the fields you want to change.
(Optional) Select Test request to send an example request to the configured Payload URL.
Click Update webhook.
View Recent Deliveries
You can view recent deliveries made under the Recent deliveries section. Click on any of the deliveries to view the POST payload request.
Click on the Response tab to view the payload responses.