Webhooks (Slack & Teams)

What are Webhooks?
Webhooks are user-defined HTTP requests that are triggered by an application and pushed into other applications.
Popular uses of Webhooks are the following:
Sending realtime notifications to Slack, Microsoft Teams or other messaging platforms
Integrating Keeper events into your custom software, hosted in the Cloud
Developing integrations into Keeper using 3rd party platforms such as IFTTT
The Keeper Admin Console (version 15.3.0+) supports the ability to push custom Webhook events.
Global Event Variables
When sending a Webhook, you can substitute fields with one of the below variables.
Name
Description
#alert_name
Title of the event as appears in the Admin Console
#description
Description of the Event.  See reporting & alerts page for list of all possibilities.
#timestamp
Time which the event occurred
#remote_address
External IP address of the user generating the event
#username
User who generated the alert or could be empty depending on the event
#json
Raw JSON event data (useful for debugging and inspecting fields)
Dynamic Event Variables
Depending on the type of event, there are other variable substitutions available.
Name
Description
#to_username
For sharing events, the destination user
#from_username
For sharing events, the source user
#record_uid
For Record events, the Record identifier
#shared_folder_uid
For Shared Folder events, the folder identifier
#folder_uid
For Folder-specific events, the folder identifier
#team_uid
For Team events, the Team identifier
#role_id
For Role events, the Role ID
#node
For Node events, the Node ID
#enforcement
For Role Policy changes, the enforcement name
#seats
For MSP events, the number of seats
#seats_added
For MSP events, the number of seats added
#seats_removed
For MSP events, the number of seats removed
You can also include hyperlinks for convenience into various areas of the Keeper platform.  A few examples:
Vault Login (US Datacenter): https://keepersecurity.com/vault​
Vault Login (EU Datacenter): https://keepersecurity.eu/vault​
Vault Login (AU Datacenter): https://keepersecurity.com.au/vault

Admin Console Login (US Datacenter): https://keepersecurity.com/console​
Admin Console Login (EU Datacenter): https://keepersecurity.eu/console​
Admin Console Login (AU Datacenter): https://keepersecurity.com.au/console​
Keeper supports Deep Linking into the Web Vault for a particular Record UID.  Example:
https://keepersecurity.com/vault#detail/XXXXXX

- replace XXXXXX with the Record UID as it appears in the Keeper record, or substitute #record_uid
- replace .com with .eu or .com.au if you are hosted in a different data center.
​💡
Slack Setup and Integration Example
Using the Webhook feature, you can send custom alerts and actions to your Slack channel following the steps below.
Example Slack Notification
(1) Go to https://api.slack.com/apps and Create a new app
Create New App
(2) Name the App, select your desired Workspace and click Create App.
Create App
(3) Click on Incoming Webhooks
(4) Activate the Webhook and click "Add New Webhook to Workspace.
Activate Webhook
(5) Select the Slack channel you would like the alerts to be sent. Then click "Copy" to grab the Webhook URL required to plug into the Admin Console interface in the following steps.
Copy the Webhook URL
(6) In the "Basic Information" section on the left, you can populate the icon with the Keeper icon. Right-click and save the image Use the link below to download a 512x512 PNG icon for Keeper:

https://keeper-email-images.s3.amazonaws.com/common/Keeper_512x512.png​
(7) Login to the Keeper Admin Console and visit Reporting & Alerts > Alerts and create a new alert. After selecting the desired Event Types and Attributes, click on "Add Recipient".  In the example below, I have selected all Policy Changes.
Add Alert
Select Event Types and Attributes
(8) Enter the Name and Email address to receive the event, and click Add Webhook.
Add Webhook
(9) Paste the Webhook URL from Step 5 into the form.  
(10) Copy-paste the below JSON content into the HTTP Body section.
{
  "text": "Keeper Security Event",
  "blocks": [
    {
      "type": "section",
      "fields": [
        {
          "type": "mrkdwn",
          "text": "*Alert Name*\n#alert_name"
        }
      ]
    },
    {
      "type": "section",
      "fields": [
        {
          "type": "mrkdwn",
          "text": "*Event Details*\n#description"
        }
      ]
    },
    {
      "type": "section",
      "fields": [
        {
          "type": "mrkdwn",
          "text": "*IP Address*\n#remote_address"
        },
        {
          "type": "mrkdwn",
          "text": "*Timestamp*\n#timestamp"
        }
      ]
    },
    {
      "type": "actions",
      "elements": [
        {
          "type": "button",
          "text": {
            "type": "plain_text",
            "text": "Vault Login",
            "emoji": true
          },
          "value": "vault",
          "url": "https://keepersecurity.com/vault",
          "action_id": "actionId-1"
        },
        {
          "type": "button",
          "text": {
            "type": "plain_text",
            "text": "Console Login",
            "emoji": true
          },
          "value": "console",
          "url": "https://keepersecurity.com/console",
          "action_id": "actionId-2"
        }
      ]
    }
  ]
}
​
HTTP Body
(10) Click on Add and the Save the alert.
Add Webhook
​
Save Alert
That's it.  Please note that it can take up to 15 minutes for events to start transmitting. You can modify the HTTP Body according to your preferences.  Slack's Block Kit Builder allows you to customize the look and feel completely.
Creating new Webhook body content and editing content will take up to 15 minutes to take effect.
​💡
Slack - Shared Record Notifications
Another use case is to be notified when a record is added to a particular Shared Folder.
Example Shared Record Notification
(1) Follow the Slack setup steps above to create a baseline Slack integration.
(2) In the Web Vault, grab the Shared Folder UID that you would like to report on
Shared Folder UID
(3) On the Admin Console, create a new Alert for this event that is tracking "Add Record to Shared Folder"
(4) Under the Attributes section, paste the Shared Folder UID
(5) Under "Recipients", create a new Webhook recipient.
(6) Copy Paste the below JSON text body into the HTTP Body section. In the "text" field, you will want to edit it to match up with the alert that you are creating. 
{
  "text": "Keeper - Added Record to Shared Folder",
  "blocks": [
    {
      "type": "section",
      "fields": [
        {
          "type": "mrkdwn",
          "text": "*Alert Name*\n#alert_name"
        }
      ]
    },
    {
      "type": "section",
      "fields": [
        {
          "type": "mrkdwn",
          "text": "*Event Details*\n#description"
        }
      ]
    },
    {
      "type": "section",
      "fields": [
        {
          "type": "mrkdwn",
          "text": "*IP Address*\n#remote_address"
        },
        {
          "type": "mrkdwn",
          "text": "*Timestamp*\n#timestamp"
        },
        {
          "type": "mrkdwn",
          "text": "*Record UID*\n#record_uid"
        }
      ]
    },
    {
      "type": "actions",
      "elements": [
        {
          "type": "button",
          "text": {
            "type": "plain_text",
            "text": "Open Record",
            "emoji": true
          },
          "value": "vault",
          "url": "https://keepersecurity.com/vault#detail/#record_uid",
          "action_id": "actionId-1"
        },
        {
          "type": "button",
          "text": {
            "type": "plain_text",
            "text": "Console Login",
            "emoji": true
          },
          "value": "console",
          "url": "https://keepersecurity.com/console",
          "action_id": "actionId-2"
        }
      ]
    }
  ]
}
​💡
Microsoft Teams Setup and Integration Example
To send rich formatted alerts to your Microsoft Teams platform, follow the instructions below:
Example Teams Notification
(1) Create a new team channel, if you haven't already created one.
(2) Under Channels, create a channel and click on Connectors
Add Channel > Connectors
(3) Add an "Incoming Webhook" Connector
Add Incoming Webhook
Add Incoming Webhook
(4) Copy the URL displayed
Copy the Webhook URL
(5) Login to the Keeper Admin Console and visit Reporting & Alerts > Alerts and click on Add Alert. Select the desired Event Types and Attributes.
For example, below selects all Security, Sharing and Policy Change events:
Select Event Types and Attributes
(6) Select Recipients > Add Recipients 
(7) Click on Add Webhook to expand the dialog and type in the Recipient Name.
Add Webhook
(8) Paste the Webhook URL from Step 4 into the form.
Add URL and HTTP Body
(9) Copy-paste the below JSON content into the HTTP Body section.
{
    "@type": "MessageCard",
    "@context": "http://schema.org/extensions",
    "themeColor": "0076D7",
    "summary": "Alert: #alert_name",
    "sections": [{
        "activityTitle": "#description",
        "activitySubtitle": "#alert_name",
        "activityImage": "https://keeper-email-images.s3.amazonaws.com/common/Keeper_512x512.png",
        "facts": [{
            "name": "User",
            "value": "#username"
        }, {
            "name": "Timestamp",
            "value": "#timestamp"
        }, {
            "name": "IP Address",
            "value": "#remote_address"
        }],
        "markdown": true
    }]
}
(10) Click on Add and the Save the alert.
Add Webhook
That's it.  Please note that it can take up to 15 minutes for events to start transmitting. You can modify the HTTP Body according to your preferences.  See the Microsoft Connectors website to customize the look and feel completely.
Creating new Webhook body content and editing content will take up to 15 minutes to take effect.
Testing Webhooks from the Command Line
For Mac / Linux users, a quick way to test your format is to use curl:
Put the Webhook content into a test file such as test.json
Run the Curl command with the following syntax, replacing URL with your Slack or Teams URL
# On Mac and Linux:
curl -X POST -H 'Content-type: application/json' -d @test.json <WEBHOOK URL>
​
# On Windows
curl.exe -H "Content-Type:application/json" -d @test.json <WEBHOOK URL>
​

Recommended Alerts

Compliance Reports

Last modified 1yr ago

Export as PDF

Copy link

Outline

What are Webhooks?

Global Event Variables

Dynamic Event Variables

Slack Setup and Integration Example

Slack - Shared Record Notifications

Microsoft Teams Setup and Integration Example

Testing Webhooks from the Command Line

What are Webhooks?

Global Event Variables

Dynamic Event Variables

​💡Slack Setup and Integration Example

​💡Slack - Shared Record Notifications

​💡Microsoft Teams Setup and Integration Example

Testing Webhooks from the Command Line

💡
Slack Setup and Integration Example

💡
Slack - Shared Record Notifications

💡
Microsoft Teams Setup and Integration Example