rorix
Sign In

Webhooks

Webhooks let you receive real-time HTTP notifications when events occur in your Rorix projects. Use them to trigger CI pipelines, post to chat channels, or feed data into your own systems.

Supported Events

| Event | Triggered When | |---|---| | scan.completed | A vulnerability scan finishes | | policy.failed | A policy check fails |

Webhook Types

Rorix supports three webhook types:

  • Generic — sends a POST request to any URL you provide
  • Slack — posts a formatted message to a Slack channel via incoming webhook URL
  • Microsoft Teams — posts an Adaptive Card to a Teams channel via connector URL

Creating a Webhook

  1. Go to Settings then Webhooks
  2. Click Create Webhook
  3. Choose the type (Generic, Slack, or Teams)
  4. Enter the destination URL
  5. Select which events to subscribe to
  6. Save

Payload Format

Generic webhooks receive a JSON payload. Here is an example for a scan.completed event:

{
  "event": "scan.completed",
  "timestamp": "2026-03-22T14:30:00Z",
  "data": {
    "projectId": "proj_abc123",
    "projectName": "MyApp",
    "scanId": "scan_def456",
    "grade": "B",
    "score": 78,
    "vulnerabilities": {
      "critical": 0,
      "high": 1,
      "medium": 3,
      "low": 5
    },
    "dashboardUrl": "https://rorix.io/dashboard/projects/proj_abc123/scans/scan_def456"
  }
}

Security

Each webhook has a secret token generated on creation. Rorix includes an X-Rorix-Signature header with every delivery — an HMAC-SHA256 hex digest of the payload body signed with your secret.

Verify deliveries by computing the HMAC of the raw request body and comparing it to the signature header.

Delivery Tracking

View delivery history for each webhook in Settings then Webhooks. Each delivery shows:

  • HTTP status code returned by your server
  • Response time
  • Retry attempts (Rorix retries failed deliveries up to 3 times with exponential backoff)

Testing

Use the test endpoint to send a sample event to your webhook and verify it is working correctly.

API Reference

POST /api/webhooks

Create a new webhook.

curl -X POST https://rorix.io/api/webhooks \
  -H "Authorization: Bearer rxk_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://example.com/webhook",
    "type": "generic",
    "events": ["scan.completed", "policy.failed"]
  }'

GET /api/webhooks

List all webhooks for the current organization.

curl https://rorix.io/api/webhooks \
  -H "Authorization: Bearer rxk_your_api_key"

DELETE /api/webhooks/{id}

Delete a webhook.

curl -X DELETE https://rorix.io/api/webhooks/wh_abc123 \
  -H "Authorization: Bearer rxk_your_api_key"

POST /api/webhooks/test

Send a test event to a webhook.

curl -X POST https://rorix.io/api/webhooks/test \
  -H "Authorization: Bearer rxk_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "webhookId": "wh_abc123",
    "event": "scan.completed"
  }'
OrganizationsAPI Reference