search close

Generic Webhooks

access_time Updated Mar 27, 2023

Our generic webhooks integration allows you to subscribe to notifications for certain activity on Signal Sciences.

Adding a webhook

  1. From the Manage menu, select Site Integrations. The site integrations menu page appears.

  2. Click Add site integration. The add site integration menu page appears.

  3. Select the Generic Webhook integration. The Generic Webhook integration setup page appears.

  4. In the Webhook URL field, enter a URL to receive the notifications at.

  5. Select if you want to be alerted regarding All activity or Specific activity.

    • If you selected Specific activity, in the Activity menu choose which types of activity you want the integration to create alerts for.
  6. Click Create site integration.

Notifications format

Notifications are sent with the following format:

  "created": "2022-12-09T10:43:54-08:00",
  "type": "flag",
  "payload": ...,
  "link":"dashboard link to event"

X-SigSci-Signature Header

All requests sent from the generic webhook integration contain a header called X-SigSci-Signature. The value is an HMAC-SHA256 hex digest hashed using a secret key generated when the generic webhook was created.

The key can be rotated by clicking the Edit button next to the generic webhook and then Rotate key in the “Generic webhook integration” form.

Verification is done by creating an HMAC-SHA256 hex digest of the generic webhook payload using the signing key and comparing the result to the value of the X-SigSci-Signature header.

X-SigSci-Signature Header Verification Example Code

The examples show header verification code for X-SigSci-Signature.


package main

import (

// CheckMAC reports whether messageMAC is a valid HMAC tag for message.
func CheckMAC(message, messageMAC, key []byte) bool {
	mac := hmac.New(sha256.New, key)
	expectedMAC := mac.Sum(nil)

	return hmac.Equal(messageMAC, expectedMAC)

func main() {
	key := []byte("[insert signing key here]")

	h := "[insert X-SigSci-Signature value here]"

	json := []byte(`[insert JSON payload here]`)

	hash, err := hex.DecodeString(h)
	if err != nil {
		log.Fatal("ERROR: ", err)

	ok := CheckMAC(json, hash, key)



import hashlib
import hmac

def checkHMAC(message, messageMAC, key):
    mac =, message, digestmod=hashlib.sha256).hexdigest()

    return mac == messageMAC

key = '[insert signing key here]'

h = '[insert X-SigSci-Signature value here]'

json = '[insert JSON payload here]'

ok = checkHMAC(json, h, key)



require 'openssl'
require "base64"

key = '[insert signing key here]'
h = '[insert X-SigSci-Signature value here]'
json = '[insert JSON payload here]'

hash  = OpenSSL::HMAC.hexdigest('sha256', key, json)

puts hash == h



function check_hmac {

  result=$(echo -n "$json" | openssl dgst -sha256 -hmac "$key")
  if [ "$result" == "$messageMAC" ]
          return 0
          return 1

key='[insert key here]'
h='[insert X-SigSci-Signature value here]'
json='[insert JSON payload here]'

check_hmac "$json" $h $key

Activity types

Activity type Description Payload
siteDisplayNameChanged The display name of a site was changed
siteNameChanged The short name of a site was changed
loggingModeChanged The agent mode (Blocking, Not Blocking, Off) was changed Get site by name
agentAnonModeChanged The agent IP anonymization mode was changed Get site by name
flag An IP address was flagged Get event by ID
expireFlag An IP address flag was manually expired List events
createCustomRedaction A custom redaction was created Create a custom redaction
removeCustomRedaction A custom redaction was removed Remove a custom redaction
updateCustomRedaction A custom redaction was updated Update a custom redaction
customTagCreated A custom signal was created
customTagUpdated A custom signal was updated
customTagDeleted A custom signal was removed
customAlertCreated A custom alert was created Create a custom alert
customAlertUpdated A custom alert was updated Update a custom alert
customAlertDeleted A custom alert was removed Remove a custom alert
detectionCreated A templated rule was created
detectionUpdated A templated rule was updated
detectionDeleted A templated rule was removed
listCreated A list was created Create a list
listUpdated A list was updated Update a list
listDeleted A list was removed Remove a list
ruleCreated A request rule was created
ruleUpdated A request rule was updated
ruleDeleted A request rule was deleted
customDashboardCreated A custom dashboard was created
customDashboardUpdated A custom dashboard was updated
customDashboardReset A custom dashboard was reset
customDashboardDeleted A custom dashboard was removed
customDashboardWidgetCreated A custom dashboard card was created
customDashboardWidgetUpdated A custom dashboard card was updated
customDashboardWidgetDeleted A custom dashboard card was removed
agentAlert An agent alert was triggered