ВозможностиДокументацияЦеныPlaygroundFAQ

Webhooks

Delivery engine для внешних систем

Обзор

Webhooks deliver real-time events to external systems via HTTP POST. Each webhook includes event type, payload, and HMAC-SHA256 signature for verification. Configured via organization settings.

Типы событий

command_executed

Command execution completed (success/failure)

command_denied

Command was blocked by policy

agent_health

Agent health status changed

agent_created

New agent added to organization

agent_deleted

Agent removed from organization

session_started

Interactive session created

session_closed

Interactive session closed

policy_changed

Policy was modified

compliance_report

Compliance report generated

fstek_audit

ФСТЭК audit event

Модель вебхука

bash
{
  "id": "web_abc123",
  "name": "flowlink-audit-webhook",
  "url": "https://external-system.com/hooks/flowlink",
  "secret": "whk_...",
  "active": true,
  "events": ["command_executed", "command_denied", "agent_health"],
  "created_at": "2026-04-21T20:00:00Z",
  "last_delivered_at": "2026-04-21T20:00:01Z",
  "delivery_count": 15420
}

Формат запроса

bash
POST https://external-system.com/hooks/flowlink

Content-Type: application/json
X-FlowLink-Signature: sha256=a1b2c3d4...

{
  "event_type": "command_executed",
  "timestamp": "2026-04-21T20:00:00Z",
  "agent_id": "prod-db-01",
  "payload": {
    "command": "ls -la",
    "status": "success",
    "exit_code": 0
  }
}

HMAC-SHA256 подпись

Verification using webhook secret:

bash
# Verify signature in your webhook endpoint
const secret = "whk_...";
const payload = JSON.stringify(req.body);
const signature = req.headers['x-flowlink-signature'];

const expected = crypto
  .createHmac('sha256', secret)
  .update(payload)
  .digest('hex');

if (signature !== expected) {
  return res.status(401).send('Invalid signature');
}

// Process webhook
res.send(200);

Политика повторов

ПопыткаЗадержкаMax
130 секунд5
22 минуты5
310 минут5
430 минут5
51 час5

API эндпоинты

bash
# List webhooks
GET /api/v1/webhooks

# Create webhook (via org settings)
POST /api/v1/webhooks
Body: { "name": "webhook", "url": "https://...", "secret": "...", "events": [...] }

# Update webhook
PATCH /api/v1/webhooks/{id}

# Delete webhook
DELETE /api/v1/webhooks/{id}

# Test webhook delivery
POST /api/v1/webhooks/{id}/test

Примеры запросов

bash
# List all webhooks
curl https://flowlink.flow-masters.ru/api/v1/webhooks

# Test webhook delivery
curl -X POST https://flowlink.flow-masters.ru/api/v1/webhooks/web_abc123/test

# Create webhook
curl -X POST https://flowlink.flow-masters.ru/api/v1/webhooks \
  -H "Authorization: Bearer flk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "audit-webhook",
    "url": "https://external.com/hooks/flowlink",
    "secret": "whk_your-webhook-secret",
    "events": ["command_executed", "command_denied", "agent_health"]
  }'

# Delete webhook
curl -X DELETE https://flowlink.flow-masters.ru/api/v1/webhooks/web_abc123
← ФСТЭКTelegram Bot →