StackShield

StackShield + Webhooks: Send Laravel Security Data Anywhere

Push StackShield scan results to any HTTP endpoint via webhooks. Build custom workflows, feed dashboards, or trigger automated remediation.

Alerting Last updated: March 2026

Webhooks let you send StackShield scan results to any system that accepts HTTP POST requests. Every time a scan completes, StackShield fires a JSON payload to your configured endpoint with detailed information about findings, severity levels, and site metadata. Use webhooks to feed internal dashboards, trigger automated remediation scripts, log findings to a SIEM, or build any custom workflow your security process requires.

Features

  • JSON payloads delivered via HTTP POST to any URL you specify
  • Configurable event types: scan completed, new issue found, issue resolved, severity threshold exceeded
  • HMAC signature verification so you can validate that payloads genuinely come from StackShield
  • Retry logic with exponential backoff for failed deliveries, with a delivery log in your dashboard
  • Custom HTTP headers for authentication with your receiving endpoint

Setup Guide

  1. 1

    Set Up Your Receiving Endpoint

    Create an HTTP endpoint on your server or service that accepts POST requests with a JSON body. This could be a Laravel route, a serverless function, a Zapier webhook, or any other HTTP-capable endpoint.

  2. 2

    Configure the Webhook in StackShield

    In your StackShield dashboard, go to Settings, then Notifications, and select Webhooks. Enter your endpoint URL and optionally add custom headers for authentication. Choose which event types should trigger a delivery.

  3. 3

    Verify the Signature

    StackShield includes an X-StackShield-Signature header with each webhook delivery. Use the signing secret from your dashboard to verify the HMAC-SHA256 signature and ensure the payload has not been tampered with.

  4. 4

    Test and Monitor Deliveries

    Send a test payload from the dashboard and check that your endpoint receives and processes it correctly. The webhook delivery log shows the status, response code, and payload of every delivery attempt.

Ideal Use Case

Webhooks are the most flexible integration option and are ideal for teams with custom security workflows. Use them to pipe StackShield findings into tools like Jira, Linear, or Notion for tracking. Feed data into Datadog, Grafana, or a custom dashboard for visualization. Trigger a Laravel Artisan command or a CI pipeline to auto-remediate certain issues. Webhooks turn StackShield into a data source that fits into whatever toolchain you already use.

Frequently Asked Questions

What does the webhook JSON payload look like?

The payload includes the event type, timestamp, site details (URL, name), and an array of findings with severity, check name, description, and remediation link. Full payload documentation is available in the StackShield docs.

What happens if my endpoint is down when a webhook fires?

StackShield retries failed deliveries with exponential backoff for up to 24 hours. You can see the delivery status and retry history in the webhook logs section of your dashboard.

Can I send webhooks to multiple endpoints?

Yes. You can configure multiple webhook endpoints, each with different event filters. For example, one endpoint for critical findings that triggers PagerDuty, and another that logs all findings to your data warehouse.

Related Integrations

Alerting

Slack

Get instant Slack notifications when StackShield detects security issues in your Laravel app. Channel-based alerts keep your entire team informed.
Alerting

PagerDuty

Create PagerDuty incidents automatically when StackShield detects critical security issues in your Laravel application.
Alerting

Opsgenie

Route StackShield security alerts through Opsgenie for on-call management, escalation policies, and incident tracking.

Try StackShield Free for 14 Days

Start monitoring your Laravel application security in minutes. No installation required.

Start Free Trial