API Documentation
Webhooks
Receive real-time notifications when assessments complete or new findings are detected.
TrustCyber webhooks allow you to receive real-time HTTP notifications when events occur in your organization, such as when an assessment completes or when a new critical finding is detected. This enables you to integrate TrustCyber with your SIEM, ticketing system, or custom workflows.
Supported Events
| Event | Description |
|---|---|
| assessment.completed | Fired when an assessment run completes successfully |
| assessment.failed | Fired when an assessment run fails |
| finding.created | Fired when a new finding is detected |
| finding.resolved | Fired when a finding is marked as resolved |
| report.generated | Fired when a new report is generated |
Webhook Payload
json
{
"event": "assessment.completed",
"timestamp": "2025-03-15T14:32:00Z",
"organizationId": "org_01HXYZ",
"data": {
"assessmentId": "asmnt_01HXYZ",
"scores": {
"risk": 68,
"compliance": 71
},
"newFindings": 3,
"resolvedFindings": 1
}
}Verifying Webhook Signatures
TrustCyber signs all webhook payloads using HMAC-SHA256. Verify the signature by computing the HMAC of the raw request body using your webhook secret and comparing it to the value in the X-TrustCyber-Signature header.
javascript
const crypto = require('crypto');
function verifyWebhookSignature(payload, signature, secret) {
const expected = crypto
.createHmac('sha256', secret)
.update(payload, 'utf8')
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}