# Event Sinks
## Create a new event sink
**`POST`** `/v1/event_sink`
Create a new event sink with the specified data.
**Body**
| Name | Type | Description |
|---|
tenant_id required | string | Unique identifier for the tenant |
name required | string | Name of the event sink |
description required | string | Description of the event sink |
event_sink_args required | See #create-event-sink-arguments | Event sink details |
### **Create event sink arguments**
To create a Slack event sink, we need the channel ID and the Scanner Slack integration ID, e.g.
```json
{
"Slack": {
"channel_id": "C12345678",
"slack_integration_id": "00000000-0000-0000-0000-000000000001",
}
}
```
Note: the API still supports the `channel` parameter (with a channel name), but `channel` is deprecated in favor of `channel_id`.
To create a webhook event sink, we need the url, e.g.
```json
{
"Webhook": {
"url": "https://webhook.com/bar/baz"
}
}
```
To create a PagerDuty event sink, we need the Events API V2 integration key, e.g.
```json
{
"PagerDuty": {
"integration_key": "e93facc04764012d7bfb002500d5d1a6"
}
}
```
**Example**
```bash
curl $API_BASE/v1/event_sink \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X POST \
-d '{
"tenant_id": "00000000-0000-0000-0000-000000000000",
"name": "Webhook",
"description": "Detection alerts webhook",
"event_sink_args": { "Webhook": { "url": "https://test.com/webhook/abc" } }
}'
```
**Response**
Returns the newly created event sink.
```json
{
"event_sink": {
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"tenant_id": "00000000-0000-0000-0000-000000000000",
"name": "Webhook",
"description": "Detection alerts webhook",
"event_sink_type": "Webhook",
"configuration": {
"Webhook": {
"url": "https://test.com/webhook/abc"
}
},
"created_at": "2024-05-09T20:01:32Z",
"updated_at": "2024-05-09T20:01:32Z"
}
}
```
## List event sinks
**`GET`** `/v1/event_sink`
List all event sinks for a tenant.
**Query parameters**
| Name | Type | Description |
| ---------------------------------------------------- | ------ | -------------------------------- |
| `tenant_id` required | string | Unique identifier for the tenant |
**Example**
```bash
curl -G $API_BASE/v1/event_sink \
--data-urlencode "tenant_id=00000000-0000-0000-0000-000000000000" \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json"
```
**Response**
Returns a list of event sink objects.
```json
{
"data": {
"event_sinks": [
{
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"tenant_id": "00000000-0000-0000-0000-000000000000",
"name": "Webhook",
"description": "Detection alerts webhook",
"event_sink_type": "Webhook",
"configuration": {
"Webhook": {
"url": "https://test.com/webhook/abc"
}
},
"created_at": "2024-05-09T20:01:32Z",
"updated_at": "2024-05-09T20:01:32Z"
},
...
]
},
"pagination": null
}
```
## Get an event sink
**`GET`** `/v1/event_sink/{id}`
Get the event sink with the given id.
**Example**
```bash
curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X GET
```
**Response**
Returns the event sink object.
```json
{
"event_sink": {
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"tenant_id": "00000000-0000-0000-0000-000000000000",
"name": "Webhook",
"description": "Detection alerts webhook",
"event_sink_type": "Webhook",
"configuration": {
"Webhook": {
"url": "https://test.com/webhook/abc"
}
},
"created_at": "2024-05-09T20:01:32Z",
"updated_at": "2024-05-09T20:01:32Z"
}
}
```
## Update an event sink
**`PUT`** `/v1/event_sink/{id}`
Update the event sink with the given id.
**Body**
| Name | Type | Description |
| --------------------------------------------- | -------------------------------------------------------------------------- | ---------------------------------------- |
| `id` required | string | Unique identifier for the event sink |
| `name` | string | Update the name of the event sink |
| `description` | string | Update the description of the event sink |
| `event_sink_args` | See [#update-event-sink-arguments](#update-event-sink-arguments "mention") | Update the event sink details |
### Update event sink arguments
To update a Slack event sink, we need the new channel ID, e.g.
```json
{
"Slack": {
"channel_id": "C87654321",
}
}
```
Note: the API still supports the `channel` parameter (with a channel name), but `channel` is deprecated in favor of `channel_id`.
To update a webhook event sink, we need the new url, e.g.
```json
{
"Webhook": {
"url": "https://webhook.com/bar/baz"
}
}
```
To update a PagerDuty event sink, we need the new Events API V2 integration key, e.g.
```json
{
"PagerDuty": {
"integration_key": "e93facc04764012d7bfb002500d5d1a6"
}
}
```
**Example**
```bash
curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X PUT \
-d '{
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"event_sink_args": { "Webhook": { "url": "https://foo.com/webhook/abc" } }
}'
```
**Response**
Returns the updated event sink object.
{
"event_sink": {
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"tenant_id": "00000000-0000-0000-0000-000000000000",
"name": "Webhook",
"description": "Detection alerts webhook",
"event_sink_type": "Webhook",
"configuration": {
"Webhook": {
"url": "https://foo.com/webhook/abc"
}
},
"created_at": "2024-05-09T20:01:32Z",
"updated_at": "2024-05-09T20:10:06Z"
}
}
## Delete an event sink
**`DELETE`** `/v1/event_sink/{id}`
Delete the event sink with the given id.
**Example**
```bash
curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X DELETE
```
**Response**
Returns the `id` and `tenant_id` for the deleted event sink.
```json
{
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"tenant_id": "00000000-0000-0000-0000-000000000000"
}
```
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.scanner.dev/scanner/using-scanner-complete-feature-reference/developer-tools/api/event-sinks.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.