Webhooks (Slack & Teams)
Integrate Keeper Webhook events into Slack, Microsoft Teams and other cloud services.
Webhooks are user-defined HTTP requests that are triggered by an application and pushed into other applications.
Popular uses of Webhooks are the following:
- Sending realtime notifications to Slack, Microsoft Teams or other messaging platforms
- Integrating Keeper events into your custom software, hosted in the Cloud
- Developing integrations into Keeper using 3rd party platforms such as IFTTT
The Keeper Admin Console (version 15.3.0+) supports the ability to push custom Webhook events.
When sending a Webhook, you can substitute fields with one of the below variables.
Name | Description |
#alert_name | Title of the event as appears in the Admin Console |
#description | |
#timestamp | Time which the event occurred |
#remote_address | External IP address of the user generating the event |
#username | User who generated the alert or could be empty depending on the event |
#json | Raw JSON event data (useful for debugging and inspecting fields) |
Depending on the type of event, there are other variable substitutions available.
Name | Description |
#to_username | For sharing events, the destination user |
#from_username | For sharing events, the source user |
#record_uid | For Record events, the Record identifier |
#shared_folder_uid | For Shared Folder events, the folder identifier |
#folder_uid | For Folder-specific events, the folder identifier |
#team_uid | For Team events, the Team identifier |
#role_id | For Role events, the Role ID |
#node | For Node events, the Node ID |
#enforcement | For Role Policy changes, the enforcement name |
#seats | For MSP events, the number of seats |
#seats_added | For MSP events, the number of seats added |
#seats_removed | For MSP events, the number of seats removed |
You can also include hyperlinks for convenience into various areas of the Keeper platform. A few examples:
Keeper supports Deep Linking into the Web Vault for a particular Record UID. Example:
https://keepersecurity.com/vault#detail/XXXXXX
- replace XXXXXX with the Record UID as it appears in the Keeper record, or substitute #record_uid
- replace .com with .eu or .com.au if you are hosted in a different data center.
Using the Webhook feature, you can send custom alerts and actions to your Slack channel following the steps below.
Example Slack Notification
(1) Go to https://api.slack.com/apps and Create a new app
Create New App
(2) Name the App, select your desired Workspace and click Create App.
Create App
(3) Click on Incoming Webhooks
(4) Activate the Webhook and click "Add New Webhook to Workspace.
Activate Webhook
(5) Select the Slack channel you would like the alerts to be sent. Then click "Copy" to grab the Webhook URL required to plug into the Admin Console interface in the following steps.
Copy the Webhook URL
(6) In the "Basic Information" section on the left, you can populate the icon with the Keeper icon. Right-click and save the image Use the link below to download a 512x512 PNG icon for Keeper:
https://keeper-email-images.s3.amazonaws.com/common/Keeper_512x512.png
(7) Login to the Keeper Admin Console and visit Reporting & Alerts > Alerts and create a new alert. After selecting the desired Event Types and Attributes, click on "Add Recipient". In the example below, I have selected all Policy Changes.
Add Alert
Select Event Types and Attributes
(8) Enter the Name and Email address to receive the event, and click Add Webhook.
Add Webhook
(9) Paste the Webhook URL from Step 5 into the form.
(10) Copy-paste the below JSON content into the HTTP Body section.
{
"text": "Keeper Security Event",
"blocks": [
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Alert Name*\n#alert_name"
}
]
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Event Details*\n#description"
}
]
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*IP Address*\n#remote_address"
},
{
"type": "mrkdwn",
"text": "*Timestamp*\n#timestamp"
}
]
},
{
"type": "actions",
"elements": [
{
"type": "button",
"text": {
"type": "plain_text",
"text": "Vault Login",
"emoji": true
},
"value": "vault",
"url": "https://keepersecurity.com/vault",
"action_id": "actionId-1"
},
{
"type": "button",
"text": {
"type": "plain_text",
"text": "Console Login",
"emoji": true
},
"value": "console",
"url": "https://keepersecurity.com/console",
"action_id": "actionId-2"
}
]
}
]
}
HTTP Body
(10) Click on Add and the Save the alert.
Add Webhook
Save Alert
That's it. Please note that it can take up to 15 minutes for events to start transmitting. You can modify the HTTP Body according to your preferences. Slack's Block Kit Builder allows you to customize the look and feel completely.
Creating new Webhook body content and editing content will take up to 15 minutes to take effect.
Another use case is to be notified when a record is added to a particular Shared Folder.
Example Shared Record Notification
(1) Follow the Slack setup steps above to create a baseline Slack integration.
(2) In the Web Vault, grab the Shared Folder UID that you would like to report on
Shared Folder UID
(3) On the Admin Console, create a new Alert for this event that is tracking "Add Record to Shared Folder"
(4) Under the Attributes section, paste the Shared Folder UID
(5) Under "Recipients", create a new Webhook recipient.
(6) Copy Paste the below JSON text body into the HTTP Body section. In the "text" field, you will want to edit it to match up with the alert that you are creating.
{
"text": "Keeper - Added Record to Shared Folder",
"blocks": [
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Alert Name*\n#alert_name"
}
]
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Event Details*\n#description"
}
]
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*IP Address*\n#remote_address"
},
{
"type": "mrkdwn",
"text": "*Timestamp*\n#timestamp"
},
{
"type": "mrkdwn",
"text": "*Record UID*\n#record_uid"
}
]
},
{
"type": "actions",
"elements": [
{
"type": "button",
"text": {
"type": "plain_text",
"text": "Open Record",
"emoji": true
},
"value": "vault",
"url": "https://keepersecurity.com/vault#detail/#record_uid",
"action_id": "actionId-1"
},
{
"type": "button",
"text": {
"type": "plain_text",
"text": "Console Login",
"emoji": true
},
"value": "console",
"url": "https://keepersecurity.com/console",
"action_id": "actionId-2"
}
]
}
]
}
To send rich formatted alerts to your Microsoft Teams platform, follow the instructions below:
Example Teams Notification
(1) Create a new team channel, if you haven't already created one.
(2) Under Channels, create a channel and click on Connectors
Add Channel > Connectors
(3) Add an "Incoming Webhook" Connector
Add Incoming Webhook
Add Incoming Webhook
(4) Copy the URL displayed
Copy the Webhook URL
(5) Login to the Keeper Admin Console and visit Reporting & Alerts > Alerts and click on Add Alert. Select the desired Event Types and Attributes.
For example, below selects all Security, Sharing and Policy Change events:
Select Event Types and Attributes
(6) Select Recipients > Add Recipients
(7) Click on Add Webhook to expand the dialog and type in the Recipient Name.
Add Webhook
(8) Paste the Webhook URL from Step 4 into the form.
Add URL and HTTP Body
(9) Copy-paste the below JSON content into the HTTP Body section.
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"themeColor": "0076D7",
"summary": "Alert: #alert_name",
"sections": [{
"activityTitle": "#description",
"activitySubtitle": "#alert_name",
"activityImage": "https://keeper-email-images.s3.amazonaws.com/common/Keeper_512x512.png",
"facts": [{
"name": "User",
"value": "#username"
}, {
"name": "Timestamp",
"value": "#timestamp"
}, {
"name": "IP Address",
"value": "#remote_address"
}],
"markdown": true
}]
}
(10) Click on Add and the Save the alert.
Add Webhook
That's it. Please note that it can take up to 15 minutes for events to start transmitting. You can modify the HTTP Body according to your preferences. See the Microsoft Connectors website to customize the look and feel completely.
Creating new Webhook body content and editing content will take up to 15 minutes to take effect.
For Mac / Linux users, a quick way to test your format is to use curl:
- Put the Webhook content into a test file such as test.json
- Run the Curl command with the following syntax, replacing URL with your Slack or Teams URL
# On Mac and Linux:
curl -X POST -H 'Content-type: application/json' -d @test.json <WEBHOOK URL>
# On Windows
curl.exe -H "Content-Type:application/json" -d @test.json <WEBHOOK URL>
Last modified 1yr ago