Webhooks
SyVault does not expose a generic user-registerable webhook subscription API. Instead, there are two specific webhook surfaces, each documented separately:
1. Incoming: Stripe billing events
SyVault receives signature-verified webhook POSTs from Stripe for billing lifecycle events (subscription created, updated, cancelled; invoice paid or failed). This endpoint is internal to the SyVault ↔ Stripe integration and is not customer-configurable.
- Endpoint (server-side):
POST /api/webhooks/stripe - Authentication: Stripe signature verification (
Stripe-Signatureheader) - Rate limit: strict bucket
See Billing for details on subscription lifecycle, plan changes, seat management, and invoicing.
2. Outgoing: SIEM event streaming
Organization admins on the Business or Enterprise plan can configure outgoing webhooks that stream audit events to their SIEM of choice (Splunk, Microsoft Sentinel, Datadog, or Elastic). SyVault POSTs JSON-formatted audit records to the configured endpoint on each auditable action.
- Configure endpoints:
POST /api/org/siem/webhooks - List endpoints:
GET /api/org/siem/webhooks - Delete endpoint:
DELETE /api/org/siem/webhooks/{webhook_id}
Supported SIEM formats include Splunk HEC, Microsoft Sentinel (Log Analytics), Datadog Logs, and Elastic Common Schema. See SIEM Integration for setup instructions, payload schemas, and troubleshooting.
SyVault does not currently ship a generic webhook registry (POST /api/webhooks) with CRUD, delivery logs, HMAC signing, or per-event subscription lists. The Stripe endpoint above is Stripe-signed; the SIEM endpoints target specific SIEM vendors and format accordingly.