Public Cloud (Infra) Webhooks

Webhooks enable your applications to receive real-time notifications when events occur in your infrastructure and cloud resources. This eliminates the need for polling and ensures your systems stay synchronized with infrastructure changes, deployments, and resource modifications across all integrated platforms.

Unizo normalizes webhook events from AWS, Azure, Google Cloud, Terraform, Kubernetes, and other infrastructure providers into a consistent format. This means you write your webhook handler once and it works with all supported platforms.

Webhook Configuration

To set up webhooks for your integration, visit the Unizo Console Webhooks section for step-by-step configuration guide.

Supported Event Types

These are the event types currently supported by Unizo's Public Cloud (Infra) webhooks. The list keeps growing as we add support for more events across different platforms.

Event Type	Description	Trigger Conditions
resource:created	A new resource has been created	VM, container, database, or other resource creation
resource:updated	Resource configuration has been modified	Configuration changes, scaling, or tag updates
resource:deleted	A resource has been deleted	Resource termination or removal
deployment:started	Deployment process has started	Application or infrastructure deployment initiation
deployment:completed	Deployment successfully completed	Successful deployment completion
deployment:failed	Deployment failed	Deployment errors or rollback
scaling:triggered	Auto-scaling event triggered	Scale up or scale down based on metrics
maintenance:scheduled	Maintenance window scheduled	Planned maintenance or updates
cost:alert	Cost threshold exceeded	Budget alerts or cost anomalies

Webhook Security

Every webhook request sent by Unizo includes a cryptographic signature so you can verify that the payload is authentic and has not been tampered with.

Security Headers

Header	Description
`x-unizo-event-type`	The type of event that triggered the webhook
`x-unizo-signature`	HMAC-SHA256 signature of the payload, prefixed with v1= (e.g., v1=ee084789...)
`x-unizo-timestamp`	Unix epoch timestamp (seconds) when the request was signed
`x-unizo-delivery-id`	Unique identifier for this webhook delivery

Signature Verification

The signed payload is constructed by joining the timestamp and the raw request body with a dot separator: {timestamp}.{payload}. This ensures the timestamp is covered by the signature, preventing replay attacks.

Verification Steps

Parse the timestamp from the x-unizo-timestamp header and reject the request if it falls outside your tolerance window (recommended: 5 minutes).
Reconstruct the signed payload by concatenating the timestamp, a literal dot (.), and the raw request body.
Compute the expected signature using HMAC-SHA256 with your webhook signing secret as the key.
Strip the v1= prefix from the x-unizo-signature header to get the received signature.
Compare the two signatures using a constant-time comparison function to prevent timing attacks.

Reference Implementation

const crypto = require("crypto");

function verifyWebhookSignature(
  payload,
  signatureHeader,
  timestampHeader,
  secret,
  toleranceSeconds = 300
) {
  // 1. Reject stale timestamps to prevent replay attacks
  const now = Math.floor(Date.now() / 1000);
  const timestamp = parseInt(timestampHeader, 10);

  if (Number.isNaN(timestamp)) {
    return false;
  }

  if (Math.abs(now - timestamp) > toleranceSeconds) {
    return false;
  }

  // 2. Reconstruct the signed payload: "{timestamp}.{payload}"
  const signedPayload = `${timestamp}.${payload}`;

  // 3. Compute the expected signature
  const expected = crypto
    .createHmac("sha256", secret)
    .update(signedPayload)
    .digest("hex");

  // 4. Strip the "v1=" prefix from the received signature
  const received = signatureHeader.startsWith("v1=")
    ? signatureHeader.slice(3)
    : signatureHeader;

  // 5. Constant-time comparison to prevent timing attacks
  try {
    return crypto.timingSafeEqual(
      Buffer.from(expected, "hex"),
      Buffer.from(received, "hex")
    );
  } catch {
    return false;
  }
}

// Usage
const isValid = verifyWebhookSignature(
  rawBody,                                // raw request body string
  headers["x-unizo-signature"],           // "v1=ee084789..."
  headers["x-unizo-timestamp"],           // "1774093147"
  process.env.UNIZO_WEBHOOK_SECRET        // your signing secret
);

if (!isValid) {
  return res.status(401).json({ error: "Invalid signature" });
}

// Signature verified — process the event
handleEvent(JSON.parse(rawBody));

Event Details

Resource Events

Event Type	Description	Trigger Conditions
resource:created	A new resource has been created	VM, container, database, or other resource creation
resource:updated	Resource configuration has been modified	Configuration changes, scaling, or tag updates
resource:deleted	A resource has been deleted	Resource termination or removal

Resource Created

`resource:created`

Triggered when a new infrastructure resource is created

POSThttps://api.yourapp.com/webhooks/unizo/infrastructure

Headers

Name	Type	Required	Description
`Content-Type`	string	Yes	Always application/json
`x-unizo-event-type`	string	Yes	Event type: resource:created
`x-unizo-webhook-id`	string	Yes	Unique webhook configuration ID
`x-unizo-delivery-id`	string	Yes	Unique delivery ID for idempotency
`x-unizo-signature`	string	Yes	HMAC-SHA256 signature, prefixed with v1=

Request Body Schema

Property	Type	Required	Description
`type`	string	Yes	Event type identifier
`version`	string	Yes	Webhook payload version
`resource.id`	string	Yes	Unique resource identifier
`resource.name`	string	Yes	Resource name
`resource.type`	string	Yes	Resource type (vm, container, database, etc.)
`resource.region`	string	Yes	Deployment region
`resource.provider`	string	Yes	Cloud provider
`resource.configuration`	object	Yes	Resource configuration
`resource.tags`	object	No	Resource tags
`resource.createdDateTime`	string	Yes	ISO 8601 timestamp
`resource.createdBy`	object	No	User or system that created the resource
`integration`	object	Yes	Integration details

Example Payload

{
  "type": "resource:created",
  "version": "1.0.0",
  "resource": {
    "id": "i-1234567890abcdef0",
    "name": "prod-web-server-01",
    "type": "vm",
    "region": "us-east-1",
    "provider": "aws",
    "configuration": {
      "instanceType": "t3.medium",
      "imageId": "ami-0123456789",
      "vpcId": "vpc-12345",
      "subnetId": "subnet-67890",
      "securityGroups": [
        "sg-web-prod"
      ]
    },
    "tags": {
      "Environment": "production",
      "Application": "web-app",
      "Owner": "platform-team"
    },
    "createdDateTime": "2024-01-15T14:00:00Z",
    "createdBy": {
      "id": "user-123",
      "email": "[email protected]",
      "type": "user"
    }
  },
  "integration": {
    "type": "INFRASTRUCTURE",
    "id": "int_123456",
    "name": "AWS Production",
    "provider": "aws"
  }
}

Response

`200 OK`	Webhook processed successfully
`400 Bad Request`	Invalid webhook payload
`401 Unauthorized`	Invalid or missing signature

Resource Updated

`resource:updated`

Triggered when a resource configuration is modified

POSThttps://api.yourapp.com/webhooks/unizo/scm

Headers

Name	Type	Required	Description
`Content-Type`	string	Yes	Always application/json
`x-unizo-event-type`	string	Yes	Event type: resource:updated
`x-unizo-webhook-id`	string	Yes	Unique webhook configuration ID
`x-unizo-delivery-id`	string	Yes	Unique delivery ID for idempotency
`x-unizo-signature`	string	Yes	HMAC-SHA256 signature, prefixed with v1=

Request Body Schema

Property	Type	Required	Description
`type`	string	Yes	Event type identifier
`version`	string	Yes	Webhook payload version
`resource.id`	string	Yes	Unique resource identifier
`resource.name`	string	Yes	Resource name
`resource.type`	string	Yes	Resource type
`resource.changes`	object	Yes	Object containing changed fields
`resource.updatedDateTime`	string	Yes	ISO 8601 timestamp
`resource.updatedBy`	object	No	User or system that updated the resource
`integration`	object	Yes	Integration details

Example Payload

{
  "type": "resource:updated",
  "version": "1.0.0",
  "resource": {
    "id": "i-1234567890abcdef0",
    "name": "prod-web-server-01",
    "type": "vm",
    "changes": {
      "instanceType": {
        "from": "t3.medium",
        "to": "t3.large"
      },
      "tags": {
        "added": {
          "ScalingGroup": "web-asg-prod"
        },
        "removed": {},
        "modified": {
          "LastModified": {
            "from": "2024-01-01",
            "to": "2024-01-15"
          }
        }
      }
    },
    "updatedDateTime": "2024-01-15T15:00:00Z",
    "updatedBy": {
      "id": "auto-scaling",
      "type": "system"
    }
  },
  "integration": {
    "type": "INFRASTRUCTURE",
    "id": "int_123456",
    "name": "AWS Production",
    "provider": "aws"
  }
}

Response

`200 OK`	Webhook processed successfully
`400 Bad Request`	Invalid webhook payload
`401 Unauthorized`	Invalid or missing signature

Resource Deleted

`resource:deleted`

Triggered when a resource is terminated or deleted

POSThttps://api.yourapp.com/webhooks/unizo/scm

Headers

Name	Type	Required	Description
`Content-Type`	string	Yes	Always application/json
`x-unizo-event-type`	string	Yes	Event type: resource:deleted
`x-unizo-webhook-id`	string	Yes	Unique webhook configuration ID
`x-unizo-delivery-id`	string	Yes	Unique delivery ID for idempotency
`x-unizo-signature`	string	Yes	HMAC-SHA256 signature, prefixed with v1=

Request Body Schema

Property	Type	Required	Description
`type`	string	Yes	Event type identifier
`version`	string	Yes	Webhook payload version
`resource.id`	string	Yes	Unique resource identifier
`resource.name`	string	Yes	Resource name
`resource.type`	string	Yes	Resource type
`resource.deletedDateTime`	string	Yes	ISO 8601 timestamp
`resource.deletedBy`	object	No	User or system that deleted the resource
`resource.reason`	string	No	Reason for deletion
`integration`	object	Yes	Integration details

Example Payload

{
  "type": "resource:deleted",
  "version": "1.0.0",
  "resource": {
    "id": "i-1234567890abcdef0",
    "name": "prod-web-server-01",
    "type": "vm",
    "deletedDateTime": "2024-01-15T16:00:00Z",
    "deletedBy": {
      "id": "user-456",
      "email": "[email protected]",
      "type": "user"
    },
    "reason": "Instance replaced by new deployment"
  },
  "integration": {
    "type": "INFRASTRUCTURE",
    "id": "int_123456",
    "name": "AWS Production",
    "provider": "aws"
  }
}

Response

`200 OK`	Webhook processed successfully
`400 Bad Request`	Invalid webhook payload
`401 Unauthorized`	Invalid or missing signature

Deployment Events

Event Type	Description	Trigger Conditions
deployment:started	Deployment process has started	Application or infrastructure deployment initiation
deployment:completed	Deployment successfully completed	Successful deployment completion
deployment:failed	Deployment failed	Deployment errors or rollback

Deployment Started

`deployment:started`

Triggered when a deployment process begins

POSThttps://api.yourapp.com/webhooks/unizo/scm

Headers

Name	Type	Required	Description
`Content-Type`	string	Yes	Always application/json
`x-unizo-event-type`	string	Yes	Event type: deployment:started
`x-unizo-webhook-id`	string	Yes	Unique webhook configuration ID
`x-unizo-delivery-id`	string	Yes	Unique delivery ID for idempotency
`x-unizo-signature`	string	Yes	HMAC-SHA256 signature, prefixed with v1=

Request Body Schema

Property	Type	Required	Description
`type`	string	Yes	Event type identifier
`version`	string	Yes	Webhook payload version
`deployment.id`	string	Yes	Unique deployment identifier
`deployment.name`	string	Yes	Deployment name
`deployment.environment`	string	Yes	Target environment
`deployment.version`	string	Yes	Application or configuration version
`deployment.type`	string	Yes	Deployment type (rolling, blue-green, canary)
`deployment.startedDateTime`	string	Yes	ISO 8601 timestamp
`deployment.initiatedBy`	object	Yes	User or system that initiated deployment
`integration`	object	Yes	Integration details

Example Payload

{
  "type": "deployment:started",
  "version": "1.0.0",
  "deployment": {
    "id": "deploy-789",
    "name": "web-app-v2.5.0",
    "environment": "production",
    "version": "2.5.0",
    "type": "rolling",
    "startedDateTime": "2024-01-15T14:00:00Z",
    "initiatedBy": {
      "id": "ci-system",
      "name": "Jenkins Pipeline",
      "type": "system"
    }
  },
  "integration": {
    "type": "INFRASTRUCTURE",
    "id": "int_123456",
    "name": "Kubernetes Production",
    "provider": "kubernetes"
  }
}

Response

`200 OK`	Webhook processed successfully
`400 Bad Request`	Invalid webhook payload
`401 Unauthorized`	Invalid or missing signature

Deployment Completed

`deployment:completed`

Triggered when a deployment successfully completes

POSThttps://api.yourapp.com/webhooks/unizo/scm

Headers

Name	Type	Required	Description
`Content-Type`	string	Yes	Always application/json
`x-unizo-event-type`	string	Yes	Event type: deployment:completed
`x-unizo-webhook-id`	string	Yes	Unique webhook configuration ID
`x-unizo-delivery-id`	string	Yes	Unique delivery ID for idempotency
`x-unizo-signature`	string	Yes	HMAC-SHA256 signature, prefixed with v1=

Request Body Schema

Property	Type	Required	Description
`type`	string	Yes	Event type identifier
`version`	string	Yes	Webhook payload version
`deployment.id`	string	Yes	Unique deployment identifier
`deployment.name`	string	Yes	Deployment name
`deployment.environment`	string	Yes	Target environment
`deployment.version`	string	Yes	Application or configuration version
`deployment.duration`	string	Yes	Deployment duration
`deployment.completedDateTime`	string	Yes	ISO 8601 timestamp
`deployment.summary`	object	Yes	Deployment summary statistics
`integration`	object	Yes	Integration details

Example Payload

{
  "type": "deployment:completed",
  "version": "1.0.0",
  "deployment": {
    "id": "deploy-789",
    "name": "web-app-v2.5.0",
    "environment": "production",
    "version": "2.5.0",
    "duration": "5m32s",
    "completedDateTime": "2024-01-15T14:05:32Z",
    "summary": {
      "nodesUpdated": 6,
      "podsReplaced": 18,
      "healthChecks": "passed",
      "rollbackRequired": false
    }
  },
  "integration": {
    "type": "INFRASTRUCTURE",
    "id": "int_123456",
    "name": "Kubernetes Production",
    "provider": "kubernetes"
  }
}

Response

`200 OK`	Webhook processed successfully
`400 Bad Request`	Invalid webhook payload
`401 Unauthorized`	Invalid or missing signature

Scaling Events

Event Type	Description	Trigger Conditions
scaling:triggered	Auto-scaling event triggered	Scale up or scale down based on metrics

Scaling Triggered

`scaling:triggered`

Triggered when auto-scaling adjusts resource capacity

POSThttps://api.yourapp.com/webhooks/unizo/scm

Headers

Name	Type	Required	Description
`Content-Type`	string	Yes	Always application/json
`x-unizo-event-type`	string	Yes	Event type: scaling:triggered
`x-unizo-webhook-id`	string	Yes	Unique webhook configuration ID
`x-unizo-delivery-id`	string	Yes	Unique delivery ID for idempotency
`x-unizo-signature`	string	Yes	HMAC-SHA256 signature, prefixed with v1=

Request Body Schema

Property	Type	Required	Description
`type`	string	Yes	Event type identifier
`version`	string	Yes	Webhook payload version
`scaling.resourceId`	string	Yes	Resource being scaled
`scaling.resourceType`	string	Yes	Type of resource
`scaling.direction`	string	Yes	Scale direction: up or down
`scaling.from`	number	Yes	Previous capacity
`scaling.to`	number	Yes	New capacity
`scaling.metric`	object	Yes	Metric that triggered scaling
`scaling.triggeredDateTime`	string	Yes	ISO 8601 timestamp
`integration`	object	Yes	Integration details

Example Payload

{
  "type": "scaling:triggered",
  "version": "1.0.0",
  "scaling": {
    "resourceId": "asg-web-prod",
    "resourceType": "auto-scaling-group",
    "direction": "up",
    "from": 3,
    "to": 5,
    "metric": {
      "name": "cpu_utilization",
      "value": 85,
      "threshold": 80,
      "unit": "percent"
    },
    "triggeredDateTime": "2024-01-15T14:30:00Z"
  },
  "integration": {
    "type": "INFRASTRUCTURE",
    "id": "int_123456",
    "name": "AWS Production",
    "provider": "aws"
  }
}

Response

`200 OK`	Webhook processed successfully
`400 Bad Request`	Invalid webhook payload
`401 Unauthorized`	Invalid or missing signature

Cost Events

Event Type	Description	Trigger Conditions
cost:alert	Cost threshold exceeded	Budget alerts or cost anomalies

Cost Alert

`cost:alert`

Triggered when cloud costs exceed defined thresholds

POSThttps://api.yourapp.com/webhooks/unizo/scm

Headers

Name	Type	Required	Description
`Content-Type`	string	Yes	Always application/json
`x-unizo-event-type`	string	Yes	Event type: cost:alert
`x-unizo-webhook-id`	string	Yes	Unique webhook configuration ID
`x-unizo-delivery-id`	string	Yes	Unique delivery ID for idempotency
`x-unizo-signature`	string	Yes	HMAC-SHA256 signature, prefixed with v1=

Request Body Schema

Property	Type	Required	Description
`type`	string	Yes	Event type identifier
`version`	string	Yes	Webhook payload version
`cost.alertId`	string	Yes	Cost alert identifier
`cost.alertName`	string	Yes	Alert name
`cost.budget`	number	Yes	Budget amount
`cost.actual`	number	Yes	Actual spend
`cost.forecast`	number	No	Forecasted spend
`cost.currency`	string	Yes	Currency code
`cost.period`	string	Yes	Budget period
`cost.triggeredDateTime`	string	Yes	ISO 8601 timestamp
`integration`	object	Yes	Integration details

Example Payload

{
  "type": "cost:alert",
  "version": "1.0.0",
  "cost": {
    "alertId": "budget-123",
    "alertName": "Monthly AWS Budget",
    "budget": 10000,
    "actual": 11250,
    "forecast": 13500,
    "currency": "USD",
    "period": "2024-01",
    "triggeredDateTime": "2024-01-15T12:00:00Z",
    "breakdown": {
      "compute": 6500,
      "storage": 2500,
      "network": 1500,
      "other": 750
    }
  },
  "integration": {
    "type": "INFRASTRUCTURE",
    "id": "int_123456",
    "name": "AWS Billing",
    "provider": "aws"
  }
}

Response

`200 OK`	Webhook processed successfully
`400 Bad Request`	Invalid webhook payload
`401 Unauthorized`	Invalid or missing signature

Webhook Delivery & Retries

Unizo implements automatic retry logic for failed webhook deliveries:

Initial Delivery: Immediate
First Retry: After 1 minute
Second Retry: After 5 minutes
Third Retry: After 15 minutes
Final Retry: After 1 hour

Webhooks are considered failed if:

Your endpoint returns a non-2xx status code
Connection timeout (30 seconds)
SSL/TLS errors

Best Practices

1. Idempotency

Idempotent Webhook Handler

async function handleWebhook(request) {
const deliveryId = request.headers['x-unizo-delivery-id'];

// Check if already processed
if (await isProcessed(deliveryId)) {
  return { status: 200, message: 'Already processed' };
}

// Process webhook
await processWebhook(request.body);

// Mark as processed
await markProcessed(deliveryId);

return { status: 200 };
}

2. Async Processing

Asynchronous Processing

app.post('/webhooks/infrastructure', (req, res) => {
// Validate signature
if (!verifySignature(req)) {
  return res.status(401).send('Invalid signature');
}

// Queue for processing
infraQueue.add(req.body);

// Return immediately
res.status(200).send('OK');
});

3. Resource Tracking

Resource State Tracking

async function processResourceEvent(payload) {
const { resource, type } = payload;

switch (type) {
  case 'resource:created':
    await addToInventory(resource);
    await updateCostTracking(resource);
    break;
  
  case 'resource:updated':
    await updateInventory(resource);
    await checkComplianceRules(resource);
    break;
  
  case 'resource:deleted':
    await removeFromInventory(resource);
    await updateBilling(resource);
    break;
}

// Update CMDB
await updateCMDB(payload);
}

Need Help?

For webhook-related support:

Contact support at [email protected]

Supported Event Types​

Webhook Security

Security Headers

Signature Verification

Verification Steps

Reference Implementation

Event Details​

Resource Events​

Resource Created

resource:created

Headers

Request Body Schema

Example Payload

Response

Resource Updated

resource:updated

Headers

Request Body Schema

Example Payload

Response

Resource Deleted

resource:deleted

Headers

Request Body Schema

Example Payload

Response

Deployment Events​

Deployment Started

deployment:started

Headers

Request Body Schema

Example Payload

Response

Deployment Completed

deployment:completed

Headers

Request Body Schema

Example Payload

Response

Scaling Events​

Scaling Triggered

scaling:triggered

Headers

Request Body Schema

Example Payload

Response

Cost Events​

Cost Alert

cost:alert

Headers

Request Body Schema

Example Payload

Response

Webhook Delivery & Retries​

Best Practices​

1. Idempotency​

Idempotent Webhook Handler

2. Async Processing​

Asynchronous Processing

3. Resource Tracking​

Resource State Tracking

Need Help?​

Supported Event Types

Event Details

Resource Events

`resource:created`

`resource:updated`

`resource:deleted`

Deployment Events

`deployment:started`

`deployment:completed`

Scaling Events

`scaling:triggered`

Cost Events

`cost:alert`

Webhook Delivery & Retries

Best Practices

1. Idempotency

2. Async Processing

3. Resource Tracking

Need Help?