Webhooks Integration | Zoho Vault

Webhooks Integration

Send instant notification to legacy or third-party applications as and when critical events occur using Zoho Vault's Webhook integration. Using webhooks, you can configure custom workflow rules to trigger critical notifications and custom actions across different channels automatically. Currently, we offer 10 webhooks in the Professional plan and unlimited webhooks in the Enterprise plan.  

Use Cases - Examples

The following are some of the common use cases for your reference. However, you can explore all integration options using our webhooks.
  1. Send critical notifications to relevant Slack, Microsoft Teams, Zoho Cliq, Zoho Connect, or other corporate communication channels
  2. Add new team members to existing user groups, and grant them access to relevant passwords and folders automatically. Webhook will trigger a notification when a user gets added, post which an admin can use Vault's REST APIs to perform the corresponding actions. 

Prerequisites

  1. Super admin access to Zoho Vault
  2. Ability to handle REST APIs

Setting up webhooks

To configure a webhook: 
  1. Log in to your Zoho Vault account as a super admin
  2. Access Webhook under Integrations from the Settings tab
  3. Select Create Webhook



  4. Enter the name and description for your Webhook
  5. Select the HTTP method you prefer for your operation. When you select GET, data gets appended to the URL. With POST, data gets sent in the request body.  
  6. Specify the endpoint URL of the third-party application under Webhook URL.
  7. Select one of the four Zoho Vault resource groups under modules, then select all the relevant trigger events.
  8. Users can configure different parameters such as Entity Parameters, Custom Parameters, and Request Headers. 
    1. Using entity parameters, users can configure different parameters in the key value format. One choose existing Zoho Vault fields such as UserName, UserId, Email, etc. These values will be replaced during the webhook execution.
    2.  Using custom parameters, a constant key-value pair can be configured. This includes values which do not change (for example: API Key, Auth Token) and can be sent as is. 
    3. Using request headers, one can configure key-value pair for request headers which will be set during the execution. 
  9. Once configured, users can enable, disable, edit, or delete their Webhooks. 

Securing your Webhooks

To ensure your webhooks are kept secure, we take the following measures:

Threats
Measures
Payload Exposure
We allow only HTTPS webhook URLs with SSL Encryption
Attack from unknown webhook sources
We recommend users to add authentication token and whitelist the webhook source IPs (Zoho Vault server IPs)
Replay attacks
We add a timestamp with param name zoho_timestamp with the value set to Vault's server time in milliseconds

Note: URL verification is mandatory for enabling webhooks. Vault will automatically verify valid URLs. If a webhook fails to execute five times in a row, it will automatically be disabled. In such cases, the user will have to verify the URL manually by clicking the clock icon to reactivate the Webhook. If you want us to support other modules or trigger events, kindly contact our support team.