ALL PLANS

Webhooks

Recevez des notifications en temps reel pour les evenements Adlibo. Integrez avec vos outils internes, Slack, ou tout autre service.

Fonctionnalites Cles

10 Types d'Evenements

Detections, DLP, auth, billing, et plus.

Signatures HMAC-SHA256

Verifiez l'authenticite de chaque webhook.

Retry Automatique

5 tentatives avec backoff exponentiel.

Delivery Logs

Historique complet des delivrances.

Creer un Webhook

Via Dashboard

Dashboard → Settings → Webhooks → Add Webhook

Via API

json

// POST /api/webhooks
{
  "url": "https://your-server.com/webhooks/adlibo",
  "events": [
    "detection.created",
    "detection.high_severity",
    "dlp.violation",
    "api_key.created",
    "api_key.revoked"
  ],
  "secret": "whsec_your_secret_key",  // Optionnel - genere si non fourni
  "enabled": true,
  "metadata": {
    "environment": "production",
    "team": "security"
  }
}

// Response
{
  "id": "wh_abc123",
  "url": "https://your-server.com/webhooks/adlibo",
  "events": ["detection.created", "detection.high_severity", "dlp.violation", ...],
  "secret": "whsec_abc123def456...",
  "enabled": true,
  "createdAt": "2026-01-02T10:00:00Z"
}

Types d'Evenements

Evenement	Description	Plan
detection.created	Nouvelle detection de prompt injection	All
detection.high_severity	Detection HIGH ou CRITICAL	All
dlp.violation	Donnee sensible detectee	PRO+
dlp.blocked	Requete bloquee par DLP	PRO+
api_key.created	Nouvelle cle API creee	All
api_key.revoked	Cle API revoquee	All
quota.warning	Quota proche de la limite (80%)	All
quota.exceeded	Quota depasse	All
user.joined	Nouvel utilisateur dans l'organisation	PRO+
user.removed	Utilisateur retire de l'organisation	PRO+

Format du Payload

json

// Exemple: detection.high_severity
{
  "id": "evt_xyz789",
  "type": "detection.high_severity",
  "created": "2026-01-02T12:00:00Z",
  "data": {
    "id": "det_abc123",
    "riskScore": 92,
    "severity": "CRITICAL",
    "category": "DAN_JAILBREAK",
    "patterns": [
      {
        "type": "DAN_JAILBREAK",
        "match": "you are now DAN",
        "score": 90
      }
    ],
    "action": "BLOCKED",
    "blocked": true,
    "inputLength": 245,
    "inputPreview": "From now on, you are going to act as DAN...",
    "endpoint": "/api/chat",
    "sourceIp": "192.168.1.100",
    "userId": "usr_123",
    "apiKeyId": "key_456",
    "processingTimeMs": 3
  },
  "organization": {
    "id": "org_abc",
    "name": "Acme Corp"
  }
}

Exemple: dlp.violation

json

{
  "id": "evt_dlp123",
  "type": "dlp.violation",
  "created": "2026-01-02T12:05:00Z",
  "data": {
    "domain": "FINANCIAL",
    "type": "CREDIT_CARD",
    "severity": "CRITICAL",
    "action": "REDACTED",
    "findingsCount": 2,
    "redactedPreview": "Mon numero de carte est 4532-****-****-9012",
    "sourceIp": "10.0.0.50",
    "userId": "usr_789"
  }
}

Verification des Signatures

Chaque webhook inclut un header X-Adlibo-Signature pour verifier son authenticite.

Headers

text

X-Adlibo-Signature: sha256=abc123def456...
X-Adlibo-Timestamp: 1735819200
X-Adlibo-Event-Id: evt_xyz789
X-Adlibo-Event-Type: detection.high_severity

JavaScript/Node.js

javascript

import crypto from 'crypto';

function verifyWebhookSignature(payload, signature, timestamp, secret) {
  // Verifier que le timestamp n'est pas trop vieux (5 min)
  const now = Math.floor(Date.now() / 1000);
  if (Math.abs(now - parseInt(timestamp)) > 300) {
    throw new Error('Timestamp too old');
  }

  // Calculer la signature attendue
  const signedPayload = `${timestamp}.${JSON.stringify(payload)}`;
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(signedPayload)
    .digest('hex');

  // Comparer les signatures
  const receivedSig = signature.replace('sha256=', '');
  if (!crypto.timingSafeEqual(
    Buffer.from(expectedSignature),
    Buffer.from(receivedSig)
  )) {
    throw new Error('Invalid signature');
  }

  return true;
}

// Usage dans Express
app.post('/webhooks/adlibo', express.json(), (req, res) => {
  try {
    verifyWebhookSignature(
      req.body,
      req.headers['x-adlibo-signature'],
      req.headers['x-adlibo-timestamp'],
      process.env.ADLIBO_WEBHOOK_SECRET
    );

    // Traiter l'evenement
    const event = req.body;
    switch (event.type) {
      case 'detection.high_severity':
        handleHighSeverityDetection(event.data);
        break;
      case 'dlp.violation':
        handleDlpViolation(event.data);
        break;
    }

    res.status(200).send('OK');
  } catch (err) {
    res.status(401).send('Invalid signature');
  }
});

Python

python

import hmac
import hashlib
import time

def verify_webhook_signature(payload, signature, timestamp, secret):
    # Verifier le timestamp
    now = int(time.time())
    if abs(now - int(timestamp)) > 300:
        raise ValueError("Timestamp too old")

    # Calculer la signature
    signed_payload = f"{timestamp}.{payload}"
    expected_sig = hmac.new(
        secret.encode(),
        signed_payload.encode(),
        hashlib.sha256
    ).hexdigest()

    # Comparer
    received_sig = signature.replace("sha256=", "")
    if not hmac.compare_digest(expected_sig, received_sig):
        raise ValueError("Invalid signature")

    return True

# Flask example
@app.route('/webhooks/adlibo', methods=['POST'])
def handle_webhook():
    try:
        verify_webhook_signature(
            request.data.decode(),
            request.headers.get('X-Adlibo-Signature'),
            request.headers.get('X-Adlibo-Timestamp'),
            os.environ['ADLIBO_WEBHOOK_SECRET']
        )

        event = request.json
        # Process event...

        return 'OK', 200
    except ValueError as e:
        return str(e), 401

Politique de Retry

Si votre endpoint retourne un code d'erreur (non-2xx), Adlibo reessaie automatiquement avec backoff exponentiel.

Tentative	Delai
1	Immediat
2	1 seconde
3	5 secondes
4	30 secondes
5	2 minutes

Timeout

Votre endpoint doit repondre en moins de 10 secondes. Au-dela, la requete est consideree comme echouee.

Tester vos Webhooks

json

// POST /api/webhooks/{webhook_id}/test
{
  "eventType": "detection.high_severity"
}

// Envoie un evenement de test a votre endpoint
// Response
{
  "success": true,
  "deliveryId": "del_xyz123",
  "responseCode": 200,
  "responseTimeMs": 145
}

Logs de Delivrance

json

// GET /api/webhooks/{webhook_id}/deliveries
{
  "deliveries": [
    {
      "id": "del_abc123",
      "eventId": "evt_xyz789",
      "eventType": "detection.high_severity",
      "status": "delivered",
      "responseCode": 200,
      "responseTimeMs": 89,
      "attempts": 1,
      "deliveredAt": "2026-01-02T12:00:00Z"
    },
    {
      "id": "del_def456",
      "eventId": "evt_abc123",
      "eventType": "dlp.violation",
      "status": "failed",
      "responseCode": 500,
      "attempts": 5,
      "lastAttemptAt": "2026-01-02T12:05:00Z",
      "nextRetryAt": null,
      "error": "Internal Server Error"
    }
  ],
  "pagination": {
    "total": 1247,
    "page": 1,
    "perPage": 20
  }
}

Bonnes Pratiques

Toujours verifier la signature

Ne traitez jamais un webhook sans avoir verifie sa signature pour eviter les attaques par injection.

Repondre rapidement (200 OK)

Retournez un 200 OK immediatement, puis traitez l'evenement en arriere-plan si necessaire.

Gerer l'idempotence

Utilisez le X-Adlibo-Event-Id pour eviter de traiter le meme evenement deux fois.

Documentation Associee

API Reference

Reference complete de l'API Adlibo.

SIEM Integration

Pour des integrations SIEM natives.

Besoin d'aide ?

Notre equipe peut vous aider a configurer vos webhooks.

Contacter le Support Dashboard