⮐ Keeper HomeAll DocumentationAdmin Console
Search…
Getting Started
Start Your Trial
Resources
Quick Start for Small Business Teams
Why Choose Keeper Enterprise
Implementation Overview
Domain Reservation
Deploying Keeper to End-Users
Keeper Admin Console Overview
Nodes and Organizational Structure
User and Team Provisioning
SSO / SAML Authentication
User Management and Lifecycle
Roles, RBAC and Permissions
Delegated Administration
Account Transfer Policy
Teams (Groups)
Folders and Shared Folders
Creating Vault Records
Importing Data
Record Types
Two-Factor Authentication
Storing Two-Factor Codes
Security Audit
BreachWatch (Dark Web)
Secure File Storage
Reporting, Alerts & SIEM
Recommended Alerts
Webhooks (Slack & Teams)
Compliance Reports
Vault Offline Access
Keeper MSP
Free Family License for Personal Use
Training and Support
IP Allow Keeper
Migrating User Vaults Between Regions
Password Recovery Via Vault Transfer
Keeper Encryption Model
Developer Tools
SSH Connections
Recommended Security Settings
End-User Guides
Use Cases
On-Prem vs. Cloud
Login API
Migrating from LastPass
Docs Home
Powered By GitBook
Webhooks (Slack & Teams)
Integrate Keeper Webhook events into Slack, Microsoft Teams and other cloud services.

What are Webhooks?

Webhooks are user-defined HTTP requests that are triggered by an application and pushed into other applications.
Popular uses of Webhooks are the following:
    Sending realtime notifications to Slack, Microsoft Teams or other messaging platforms
    Integrating Keeper events into your custom software, hosted in the Cloud
    Developing integrations into Keeper using 3rd party platforms such as IFTTT
The Keeper Admin Console (version 15.3.0+) supports the ability to push custom Webhook events.

Global Event Variables

When sending a Webhook, you can substitute fields with one of the below variables.
Name
Description
#alert_name
Title of the event as appears in the Admin Console
#description
Description of the Event. See reporting & alerts page for list of all possibilities.
#timestamp
Time which the event occurred
#remote_address
External IP address of the user generating the event
#username
User who generated the alert or could be empty depending on the event
#json
Raw JSON event data (useful for debugging and inspecting fields)

Dynamic Event Variables

Depending on the type of event, there are other variable substitutions available.
Name
Description
#to_username
For sharing events, the destination user
#from_username
For sharing events, the source user
#record_uid
For Record events, the Record identifier
#shared_folder_uid
For Shared Folder events, the folder identifier
#folder_uid
For Folder-specific events, the folder identifier
#team_uid
For Team events, the Team identifier
#role_id
For Role events, the Role ID
#node
For Node events, the Node ID
#enforcement
For Role Policy changes, the enforcement name
#seats
For MSP events, the number of seats
#seats_added
For MSP events, the number of seats added
#seats_removed
For MSP events, the number of seats removed
You can also include hyperlinks for convenience into various areas of the Keeper platform. A few examples:
Keeper supports Deep Linking into the Web Vault for a particular Record UID. Example:
https://keepersecurity.com/vault#detail/XXXXXX - replace XXXXXX with the Record UID as it appears in the Keeper record, or substitute #record_uid - replace .com with .eu or .com.au if you are hosted in a different data center.

💡
Slack Setup and Integration Example

Using the Webhook feature, you can send custom alerts and actions to your Slack channel following the steps below.
Example Slack Notification
(1) Go to https://api.slack.com/apps and Create a new app
Create New App
(2) Name the App, select your desired Workspace and click Create App.
Create App
(3) Click on Incoming Webhooks
(4) Activate the Webhook and click "Add New Webhook to Workspace.
Activate Webhook
(5) Select the Slack channel you would like the alerts to be sent. Then click "Copy" to grab the Webhook URL required to plug into the Admin Console interface in the following steps.
Copy the Webhook URL
(6) In the "Basic Information" section on the left, you can populate the icon with the Keeper icon. Right-click and save the image Use the link below to download a 512x512 PNG icon for Keeper: https://keeper-email-images.s3.amazonaws.com/common/Keeper_512x512.png
(7) Login to the Keeper Admin Console and visit Reporting & Alerts > Alerts and create a new alert. After selecting the desired Event Types and Attributes, click on "Add Recipient". In the example below, I have selected all Policy Changes.
Add Alert
Select Event Types and Attributes
(8) Enter the Name and Email address to receive the event, and click Add Webhook.
Add Webhook
(9) Paste the Webhook URL from Step 5 into the form.
(10) Copy-paste the below JSON content into the HTTP Body section.
1
{
2
"text": "Keeper Security Event",
3
"blocks": [
4
{
5
"type": "section",
6
"fields": [
7
{
8
"type": "mrkdwn",
9
"text": "*Alert Name*\n#alert_name"
10
}
11
]
12
},
13
{
14
"type": "section",
15
"fields": [
16
{
17
"type": "mrkdwn",
18
"text": "*Event Details*\n#description"
19
}
20
]
21
},
22
{
23
"type": "section",
24
"fields": [
25
{
26
"type": "mrkdwn",
27
"text": "*IP Address*\n#remote_address"
28
},
29
{
30
"type": "mrkdwn",
31
"text": "*Timestamp*\n#timestamp"
32
}
33
]
34
},
35
{
36
"type": "actions",
37
"elements": [
38
{
39
"type": "button",
40
"text": {
41
"type": "plain_text",
42
"text": "Vault Login",
43
"emoji": true
44
},
45
"value": "vault",
46
"url": "https://keepersecurity.com/vault",
47
"action_id": "actionId-1"
48
},
49
{
50
"type": "button",
51
"text": {
52
"type": "plain_text",
53
"text": "Console Login",
54
"emoji": true
55
},
56
"value": "console",
57
"url": "https://keepersecurity.com/console",
58
"action_id": "actionId-2"
59
}
60
]
61
}
62
]
63
}
64
Copied!
HTTP Body
(10) Click on Add and the Save the alert.
Add Webhook
Save Alert
That's it. Please note that it can take up to 15 minutes for events to start transmitting. You can modify the HTTP Body according to your preferences. Slack's Block Kit Builder allows you to customize the look and feel completely.
Creating new Webhook body content and editing content will take up to 15 minutes to take effect.

💡
Slack - Shared Record Notifications

Another use case is to be notified when a record is added to a particular Shared Folder.
Example Shared Record Notification
(1) Follow the Slack setup steps above to create a baseline Slack integration.
(2) In the Web Vault, grab the Shared Folder UID that you would like to report on
Shared Folder UID
(3) On the Admin Console, create a new Alert for this event that is tracking "Add Record to Shared Folder"
(4) Under the Attributes section, paste the Shared Folder UID
(5) Under "Recipients", create a new Webhook recipient.
(6) Copy Paste the below JSON text body into the HTTP Body section. In the "text" field, you will want to edit it to match up with the alert that you are creating.
1
{
2
"text": "Keeper - Added Record to Shared Folder",
3
"blocks": [
4
{
5
"type": "section",
6
"fields": [
7
{
8
"type": "mrkdwn",
9
"text": "*Alert Name*\n#alert_name"
10
}
11
]
12
},
13
{
14
"type": "section",
15
"fields": [
16
{
17
"type": "mrkdwn",
18
"text": "*Event Details*\n#description"
19
}
20
]
21
},
22
{
23
"type": "section",
24
"fields": [
25
{
26
"type": "mrkdwn",
27
"text": "*IP Address*\n#remote_address"
28
},
29
{
30
"type": "mrkdwn",
31
"text": "*Timestamp*\n#timestamp"
32
},
33
{
34
"type": "mrkdwn",
35
"text": "*Record UID*\n#record_uid"
36
}
37
]
38
},
39
{
40
"type": "actions",
41
"elements": [
42
{
43
"type": "button",
44
"text": {
45
"type": "plain_text",
46
"text": "Open Record",
47
"emoji": true
48
},
49
"value": "vault",
50
"url": "https://keepersecurity.com/vault#detail/#record_uid",
51
"action_id": "actionId-1"
52
},
53
{
54
"type": "button",
55
"text": {
56
"type": "plain_text",
57
"text": "Console Login",
58
"emoji": true
59
},
60
"value": "console",
61
"url": "https://keepersecurity.com/console",
62
"action_id": "actionId-2"
63
}
64
]
65
}
66
]
67
}
Copied!

💡
Microsoft Teams Setup and Integration Example

To send rich formatted alerts to your Microsoft Teams platform, follow the instructions below:
Example Teams Notification
(1) Create a new team channel, if you haven't already created one.
(2) Under Channels, create a channel and click on Connectors
Add Channel > Connectors
(3) Add an "Incoming Webhook" Connector
Add Incoming Webhook
Add Incoming Webhook
(4) Copy the URL displayed
Copy the Webhook URL
(5) Login to the Keeper Admin Console and visit Reporting & Alerts > Alerts and click on Add Alert. Select the desired Event Types and Attributes.
For example, below selects all Security, Sharing and Policy Change events:
Select Event Types and Attributes
(6) Select Recipients > Add Recipients
(7) Click on Add Webhook to expand the dialog and type in the Recipient Name.
Add Webhook
(8) Paste the Webhook URL from Step 4 into the form.
Add URL and HTTP Body
(9) Copy-paste the below JSON content into the HTTP Body section.
1
{
2
"@type": "MessageCard",
3
"@context": "http://schema.org/extensions",
4
"themeColor": "0076D7",
5
"summary": "Alert: #alert_name",
6
"sections": [{
7
"activityTitle": "#description",
8
"activitySubtitle": "#alert_name",
9
"activityImage": "https://keeper-email-images.s3.amazonaws.com/common/Keeper_512x512.png",
10
"facts": [{
11
"name": "User",
12
"value": "#username"
13
}, {
14
"name": "Timestamp",
15
"value": "#timestamp"
16
}, {
17
"name": "IP Address",
18
"value": "#remote_address"
19
}],
20
"markdown": true
21
}]
22
}
Copied!
(10) Click on Add and the Save the alert.
Add Webhook
That's it. Please note that it can take up to 15 minutes for events to start transmitting. You can modify the HTTP Body according to your preferences. See the Microsoft Connectors website to customize the look and feel completely.
Creating new Webhook body content and editing content will take up to 15 minutes to take effect.

Testing Webhooks from the Command Line

For Mac / Linux users, a quick way to test your format is to use curl:
    Put the Webhook content into a test file such as test.json
    Run the Curl command with the following syntax, replacing URL with your Slack or Teams URL
1
# On Mac and Linux:
2
curl -X POST -H 'Content-type: application/json' -d @test.json <WEBHOOK URL>
3
4
# On Windows
5
curl.exe -H "Content-Type:application/json" -d @test.json <WEBHOOK URL>
6
Copied!
Previous
Recommended Alerts
Next
Compliance Reports
Last modified 5mo ago
Export as PDF
Copy link
Contents
What are Webhooks?
Global Event Variables
Dynamic Event Variables
Slack Setup and Integration Example
Slack - Shared Record Notifications
Microsoft Teams Setup and Integration Example
Testing Webhooks from the Command Line