Webhooks

Webhooks are where identity breach notifications get sent

To use the Identity Breach Monitoring Service, it is necessary to setup a Webhook with Enzoic. You will need to specify a URL on your end that will be called with a POST whenever a notification is made. You will also receive a Webhook Key and Webhook Secret which will be passed to your endpoint via basic HTTP authentication.
NOTE: Webhook notifications will be sent from IP address: 52.42.159.171. You may need to update your firewall rules accordingly.
Webhook POST Body
The content of the POST body that will be sent to your webhook for new Breach Monitoring notifications will be a JSON object with the members specified below:
Member
Type
Description
type
string
This will contain piiAlert
tag
string
This will contain the unique tag you specified when adding the identity to be monitored
id
string
This contains the unique Enzoic ID for this monitored identity
date
date
The date/time (in GMT) that the breach/exposure was found
exposureID
string
The ID of the Exposure. This can subsequently be used with the GET Exposure Details API to retrieve additional information about the Exposure.
matchedMonitoredItems
object
An object containing just the monitored values which were matched in this breach.  Each value will consist of a JSON object with monitoredValue and foundValue fields, since the formatting of the value found may be different than what is being monitored.  See the example on this page for more detail.
rawMatchSource
string
A snippet of text from the breach source showing the content around where the matches were found.
An example POST body:
{
    "type": "piiAlert",
    "tag": "my-tag",
    "id": "57dc11964d6db21300991b78",
    "date": "2023-04-07T07:43:09Z",
    "exposureID": "57ed11964d6db21300991c12",
    "matchedMonitoredItems": {
        "firstName": {
            "foundValue": "Jimmy", 
            "monitoredValue": "JIMMY"
        },
        "lastName": {
            "foundValue": "Dean", 
            "monitoredValue": "DEAN"
        },
        "address1": {
            "foundValue": "2121 Cherrybrook Dr", 
            "monitoredValue": "2121 CHERRYBROOK DR"
        },
        "address2": {
            "foundValue": "Suite 200", 
            "monitoredValue": "SUITE 200"
        },
        "city": {
            "foundValue": "Heisenberg", 
            "monitoredValue": "HEISENBERG"
        },
        "province": {
            "foundValue": "CO", 
            "monitoredValue": "CO"
        },
        "postalCode": {
            "foundValue": "12345", 
            "monitoredValue": "12345"
        },
        "governmentID": {
            "country": "US",
            "foundValue": "232-44-3432",
            "monitoredValue": "232443432",
        },
        "emails": [
            {
                "foundValue": "[email protected]", 
                "monitoredValue": "[email protected]"
            },
        ],
        "creditCards": [
            {
                "foundValue": "4111 1111 1111 1111", 
                "monitoredValue": "4111111111111111"
            },
        ],
        "cryptocurrencyWallets": [
            {
                "foundValue": "0xb794f5ea0ba39494ce839613fffba74279579268",
                "monitoredValue": "0xb794f5ea0ba39494ce839613fffba74279579268"
            },
        ],
        "phoneNumbers": [
            {
                "foundValue": "(555) 323-4433", 
                "monitoredValue": "+15553234433"
            },
        ],
        "secondaryMatchItems": [
            {
                "description": "EIN",
                "foundValue": "12-3123122",
                "monitoredValue": "123123122",
            },
            {
                "description": "Wells Fargo Account Number",
                "foundValue": "900000001",
                "monitoredValue": "900000001",
            },
        ],    
    },
    "rawMatchSource": "Jimmy Dean\n2121 Cherrybrook Dr, Suite 200 Heisenberg, CO 12345\nSSN 232-44-3432\nMobile: (555) 323-4423\[email protected]\nVisa 4111111111111111 03/28 444\nBTC Wallet 0xb794f5ea0ba39494ce839613fffba74279579268 (1.0233 balance)\nEIN: 12-3123122\nWells Fargo Checking - Account #900000001\n"
}
Webhook Authentication
For security reasons, you should authenticate calls to your Webhook endpoint. To facilitate this, you will be provided with a Webhook Key and a Webhook Secret when you setup your Webhook with Enzoic. These will be passed as a standard basic authentication HTTP with the Webhook Key as the username and the Webhook Secret as the password. As per the standard, the authentication header passed to your endpoint is constructed as follows:
authorization: basic Base64({Webhook Key}:{Webhook Secret})
Testing Your Implementation
Once you have your webhook up and publicly accessible, you can verify all is working using the Webhook Test REST Call using the type=piiAlert query string parameter. This will cause an Identity Breach Monitoring Notification POST to be made to your URL containing test data.

Member	Type	Description
type	string	This will contain piiAlert
tag	string	This will contain the unique tag you specified when adding the identity to be monitored
id	string	This contains the unique Enzoic ID for this monitored identity
date	date	The date/time (in GMT) that the breach/exposure was found
exposureID	string	The ID of the Exposure. This can subsequently be used with the GET Exposure Details API to retrieve additional information about the Exposure.
matchedMonitoredItems	object	An object containing just the monitored values which were matched in this breach. Each value will consist of a JSON object with monitoredValue and foundValue fields, since the formatting of the value found may be different than what is being monitored. See the example on this page for more detail.
rawMatchSource	string	A snippet of text from the breach source showing the content around where the matches were found.

Monitoring Identities

Webhook Test API

Last modified 28d ago