Overview
Webhooks in the Trust Center let organizations trigger automations in other tools whenever specific events happen in your Trust Center. They can typically be wired up through middleware like Zapier, or essentially anything that receive a webhook, and can be used to build helpful notifications or automations.
Common use cases include:
Posting a message in a specific Slack channel when a user signs an NDA
Sending a message in Microsoft Teams when someone views or downloads a SOC 2 report
Creating a new task in ClickUp or Asana when a user requests Trust Center access.
Generating an entry in a Google Sheet to document a new access request
Beyond those examples, webhooks can be used for things like routing approval requests, syncing access events to a SIEM or data warehouse, kicking off CRM updates, or notifying internal teams about questionnaire activity.
Configuration
Webhooks are enabled in the Integrations tab of the Settings page.
Navigate to the Data section
Click on the Connect button
A modal will open with an Add Endpoint button
The Event Catalog tab lists all events.
Use the Event Catalog to see the format of the data sent to the webhook. All data is returned as a JSON object.
When adding an endpoint, specify the webhook URL, and which events should trigger it.
In this example, the webhook is triggering when an NDA is completed
After saving, there will be an option to configure rate limiting or pass a custom header
Testing
Test events can be to ensure that the webhook and any subsequent workflow logic are functioning as intended using the Testing tab
Logging
The Logs tab allows users to view a history of recent webhook events and whether they were successful or not.
We recommend firing a few test events when configuring a new webhook endpoint for the first time.
Event Catalog
For a full list of available webhook events, please visit our Event Catalog.
Example Webhook Workflows
Our Webhooks feature can be used with various existing tools to automate Customer Trust workflows.
Here are example custom workflows organizations can create using this feature:
Slack has the ability to listen to incoming webhooks.
Create a custom Slack app with an incoming webhook and post a message to a channel/custom DM group with custom formatting if a user has signed an NDA or downloaded a SIG questionnaire.
Orgs can use Webhooks to send SafeBase-related activity to SIEM tools to act as an audit log.
For example, send file download events to Splunk using an HTTP Event Collector. Note: use the /raw endpoint.
A legal team may want a record of any Clickwrap NDAs in a system such as Dropbox or Box. Zapier can be used to store completed NDA information in these third-party tools.
Zapier is the most commonly used no-code integration middleware that we have seen our customers use. Some possible Zapier workflows include:
Some customers do not like to use Slack or Emails for SafeBase notifications. Webhooks can be used to create a new ClickUp task whenever a user submits an Access Request.
Customers may already be tracking inbound questionnaires using an existing project management tool. Webhooks can be used to create a new Asana task whenever a user submits a new questionnaire.
Some of our customers do not use a major CRM solution such as Salesforce and HubSpot. The Webhooks feature can be used to generate a new entry in a Google Sheet as a way to capture potential new leads when an access request is submitted.
Please see the Zapier Webhooks overview for even more ideas.
Troubleshooting
If using a Splunk HTTP collector, use the
/rawendpoint rather than/event.Refer to https://docs.svix.com/receiving/source-ips for a list of allow-list IPs
If the event name is not part of the payload when configuring a webhook, this is normal. The test event does not have the event name, but a real event will.