Orbital API

This API request creates a webhook object that defines a remote data store as a destination for scheduled results.

See the Query API for how to schedule a query set using a remote data store.

Create a Remote Data Store

Create a remote data store by doing a POST request to /v0/webhooks.

Request Parameters

Name	Type	Required	Default	Description	Example
`url`	String	Yes	-	Remote data store URL including protocol and path.	"`http://myserver.com/path/to/store`"
`token`	String	No	-	The token is provided in an `Authorization` header as a `Bearer` token by default, or as a `Splunk` token for Splunk formatted data.	"C728DF57BE22F0B2391DD3F7C402063F7E3241B50EB758755B96FBADAAA7A361"
`label`	String	Yes	-	Human readable label stored with the newly created object.	"Webhook For My Hosts"
`fingerprint`	String	Only for self-signed server certificates	-	The SHA256 fingerprint of the destination certificate. See details on obtaining the `fingerprint`.	"6dd13227e7e2865abeefb2f8ad3db9d7f66dede03b76176aed7563923a0b044b"
`disabled`	Boolean	No	false	The initial disabled state of the webhook. Usually true.	true
`format`	String	No	compact	format of the results. Allowable non-default values are: `ctim`, `azure-compact`, `azure-expanded` `splunk-compact`, `splunk-expanded`, `s3-compact`, `s3-expanded`, `compact`, and `expanded`. See details on `result formats`.	"expanded"
`bucket`	String	Only for S3	-	Bucket for the S3 format.	"my-s3-bucket"
`region`	String	Only for S3	-	Region for the S3 format.	"us-west-2"
`accesskey`	String	Only for S3	-	Access key for the S3 format.	"AKIAIOSFODNN7EXAMPLE"
`secretkey`	String	Only for S3	-	Secret key for the S3 format.	"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"

Request Payload Format

{
    "disabled":        <disabled>,
    "config": {
        "url":         <url>,
        "token":       <token>,
        "fingerprint": <fingerprint>,
        "label":       <label>,
        "format":      <format>,
        "bucket":      <bucket>,
        "region":      <region>,
        "accesskey":   <accesskey>,
        "secretkey":   <secretkey>
     }
}

Example of Success

curl --request POST \
  --url https://orbital.amp.cisco.com/v0/webhooks \
  --header 'accept: application/json' \
  --header 'authorization: Bearer eyJ...' \
  -d '"config": {"url":"https://mywebserver.com","label":"RDS-Name","format":"expanded","fingerprint":"C728DF57BE22F0B2391DD3F7C402063F7E3241B50EB758755B96FBADAAA7A361"}'

HTTP/1.1 200 OK

{
    "application": "",
    "config": {
        "accessKey": "***",
        "fingerprint": "***",
        "format": "expanded",
        "label": "RDS-Name",
        "secretKey": "***",
        "token": "***",
        "url": "https://mywebserver.com"
    },
    "created": "2021-02-23T23:48:51.931561755Z",
    "creator": "14566a47-6b79-48ea-99db-313322c5a292",
    "disabled": false,
    "errormessage": "",
    "id": "xYGh5xZyPk0tpj6tTyWYHQ",
    "lastcalled": "2021-02-23T23:48:51.941085297Z",
    "laststatus": "success",
    "organization": "898ef6d3-a0e2-43b0-879a-18bd8f36a5ef",
    "updated": "2021-02-23T23:48:51.931561755Z"
}

Example Of Failure

curl --request POST \
  --url https://orbital.amp.cisco.com/v0/webhooks \
  --header 'accept: application/json' \
  --header 'authorization: Bearer eyJ...' \
  -d '"config": {"url":"https://myotherwebserver.com","label":"RDS-Name","format":"expanded","fingerprint":"C728DF57BE22F0B2391DD3F7C402063F7E3241B50EB758755B96FBADAAA7A361"}'

HTTP/1.1 400 Bad Request
{
    "errors": [
        "Failed to verify fingerprint of server certificate."
    ]
}

Get a Remote Data Store

View a specific remote data store by performing a GET request to /v0/webhooks/{webhookid}.

List Remote Data Stores

View all user organization remote data stores by performing a GET request to /v0/webhooks.

Delete a Remote Data Store

Soft-delete (disable) a remote data store by performing a DELETE request to /v0/webhooks/{webhookid}. This marks the webhook as disabled: true so it will no longer receive result deliveries, but the record remains retrievable (for auditing or potential re‑enable workflows).

Request

No request body is required; only the path parameter webhookid.

DELETE /v0/webhooks/{webhookid}
Authorization: Bearer <jwt>
Accept: application/json

Example of Success (204 No Content)

curl --request DELETE \
    --url https://orbital.amp.cisco.com/v0/webhooks/xYGh5xZyPk0tpj6tTyWYHQ \
    --header 'accept: application/json' \
    --header 'authorization: Bearer $token'

HTTP/1.1 204 No Content

After this, a subsequent GET /v0/webhooks/xYGh5xZyPk0tpj6tTyWYHQ will show the same object with "disabled": true.

Example of Failure (404 Not Found)

curl --request DELETE \
    --url https://orbital.amp.cisco.com/v0/webhooks/nonexistentWebhookId \
    --header 'accept: application/json' \
    --header 'authorization: Bearer $token'

HTTP/1.1 404 Not Found
{
        "errors": [
                "Webhook not found."
        ]
}

Example of Failure (400 Bad Request)

This can occur if the webhookid is malformed (implementation dependent):

HTTP/1.1 400 Bad Request
{
        "errors": [
                "invalid webhook id"
        ]
}