API and webhooks
Scoped API keys, signed webhooks and a delivery history for debugging.
Last updated 2/5/2026
The SOCPilot API and webhooks are managed under Settings → Developer & API.
API keys
- Generated client-side; only the prefix and a SHA-256 hash are stored
- The full key is shown once at creation — it cannot be retrieved later
- Keys carry scopes (e.g.
alerts:read,investigations:write,evidence:write) - Keys can be revoked at any time; revocation is recorded in the audit log
Webhooks
- Each webhook has a name, target URL and a list of subscribed event types
- Webhook secrets are write-only — they are used to sign deliveries and never displayed after creation
- Delivery history shows status code, error message and payload reference for the last 50 deliveries per webhook
Event types
alert.created, alert.updated, investigation.created, investigation.updated, response.approval_requested, brief.generated, compliance_pack.generated, integration.needs_attention, suppression_rule.approved.
Related articles