> For the complete documentation index, see [llms.txt](https://docs.snyk.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.snyk.io/developer-tools/snyk-api/using-specific-snyk-apis/webhooks-apis/guides-to-webhooks/tutorial.md). # How to use Snyk webhooks with Zapier {% hint style="info" %} Snyk API v1 docs are in the [Reference](/developer-tools/snyk-api/reference.md). {% endhint %} ## ​Integration example Create a new Zap in [Zapier](https://zapier.com). ### Trigger To access request headers, create a **Catch Raw Hook** trigger. This trigger provides the request payload as a string, so you must parse it to JSON. You receive a webhook URL where you send requests. ![](https://partner-workshop-assets.s3.us-east-2.amazonaws.com/untitled-1%20\(1\).png) Create a Webhook in Snyk using the API with the `your-url` URL. ``` POST /api/v1/org/{orgId}/webhooks HTTP/2 > Host: snyk.io > Authorization: token {authToken} > Content-Type: application/json | { | "url": "https://hooks.zapier.com/hooks/catch/9002958/oemlgkz/", | "secret": "my-secret-string" | } ``` The API responds with the new webhook. ``` < HTTP/2 200 < Content-Type: application/json | { | "id": "{webhookId}", | "url": "https://hooks.zapier.com/hooks/catch/9002958/oemlgkz/", | } ``` You can ping a webhook to test the Zapier trigger. ``` > POST /api/v1/org/{orgId}/webhooks/{webhookId}/ping HTTP/2 > Host: snyk.io > Authorization: token {authToken} > Content-Type: application/json ``` Select a ping request from the list and map fields. ![](https://partner-workshop-assets.s3.us-east-2.amazonaws.com/untitled-2%20\(1\).png) ### Action (validate a payload) Create a JS Action to validate a payload: **"Code by Zapier" → "Run Javascript"** ![](https://partner-workshop-assets.s3.us-east-2.amazonaws.com/untitled-3%20\(1\).png) Map `headers['X-Hub-Signature']` and `payload string` to the snippet variables. ![](https://partner-workshop-assets.s3.us-east-2.amazonaws.com/untitled-4%20\(1\).png) This snippet adds an `isValid: boolean` variable to Zap fields. {% hint style="info" %} Replace `my-secret-string` string with a webhook's secret string. {% endhint %} ```javascript const crypto = require('crypto'); const secret = "my-secret-string"; function makeSignature(body, secret) { const hmac = crypto.createHmac('sha256', secret); hmac.update(body, 'utf8'); return `sha256=${hmac.digest('hex')}`; } try { const body = JSON.parse(inputData.body); const { project, org, group, newIssues } = body; output = { isValid: inputData.signature === makeSignature(inputData.body, secret) }; } catch (err) { output = { isValid: false, err: err.message }; } ``` Test the snippet, ensure `isValid === true`. ![](https://partner-workshop-assets.s3.us-east-2.amazonaws.com/untitled-5%20\(1\).png) ### Action (parse a payload) Create another action to parse the payload string into a format Zapier uses. Create the same JS Action: **"Code by Zapier" → "Run Javascript"**, with the following field mapping: ![](https://partner-workshop-assets.s3.us-east-2.amazonaws.com/untitled-6%20\(1\).png) And the following JS snippet: ``` try { output = JSON.parse(inputData.body); } catch (err) { output = { err: err.message }; } ``` Parse a request payload and map it to the Zap variables. ### Action (format issues) New issues are lists of objects. Zapier requires a list of strings. Format `newIssues` as `string[]`. Create one more JS Action: **"Code by Zapier" → "Run Javascript"**, and paste the following snippet: ``` function formatIssue({ pkgName, pkgVersions, issueData }) { return ` ${issueData.title}
Vulnerability in ${pkgName} (${pkgVersions.join(', ')}). ${issueData.severity} severity. `; } try { const { newIssues, ...body } = JSON.parse(inputData.body); output = { ...body, newIssues: newIssues.map(formatIssue) }; } catch (err) { output = { newIssues: [], err: err.message }; } ``` ### Action (filter) After providing all fields, decide whether to use the event. To filter, create **"Filter by Zapier"** app: ![](https://partner-workshop-assets.s3.us-east-2.amazonaws.com/untitled-7%20\(1\).png) Select a filter method. ![](https://partner-workshop-assets.s3.us-east-2.amazonaws.com/untitled-8%20\(1\).png) ### Action (send a notification) Access all fields to build a notification template. Send an email or choose other notification types. ![](https://partner-workshop-assets.s3.us-east-2.amazonaws.com/untitled-9%20\(1\).png) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.snyk.io/developer-tools/snyk-api/using-specific-snyk-apis/webhooks-apis/guides-to-webhooks/tutorial.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.