Learn how to integrate DataDome with your other services.

To be notified as soon as possible when your endpoints are under attack, you can use a DataDome Webhook to receive Attack Notifications in your existing third-party services.


List of defined integrations

Configure a Webhook

  1. To define a new Webhook, click on the "Add +" button

Define and test your webhook settings

  1. Input a name for your Webhook

  2. Enter the URL where you want to receive the HTTP POST requests from the Webhook

  3. Three different payload formats are available for you to choose from:

    • Default payload: lists all the available variables in a flat JSON object
    • Slack payload: sends the same variables, but they are predefined as a ready-to-be-displayed Slack message
    • Microsoft Teams payload: a customized JSON ready-to-be-displayed in a Teams message

Example of a Slack message

  1. Choose which threats you want to be notified about, or select "All threats" to include them all

  2. Click on the "Test your webhook" button to send a test message and immediately validate your settings


For the chosen threats, a POST request will be sent using the selected payload template


Request timeout

Please note that a timeout of 5 seconds is applied to the sent requests

  1. Click on the "Save" button when you're done

Webhook Variables

The notification message contains various details about the attack event that occurred on your endpoint:

Variable placeholderDescriptionExample value
{ACCOUNT_NAME}The name of the concerned tenant
{HEADER_TEXT}Will either be 'A bot attack has been blocked' or 'You are under bot attack' depending on the protection statusA bot attack has been blocked
{IS_PROTECTED}Whether or not the attack has been blocked by DataDometrue
{THREAT_NAME}The name of the detected threat
{ENDPOINT_NAME}The name of the targeted endpoint
{ATTACK_DURATION}The duration of the attack
{START_DATETIME}The date and time the attack started19 January, 13:53 UTC +00:00
{END_DATETIME}The date and time the attack ended19 January, 14:00 UTC +00:00
{ATTACK_REQUESTS_COUNT}The number of requests detected in this attack
{NOTIFICATION_PEAK_SPEED}The peak speed reached by this attack, in terms of requests per minute
{IP_COUNT}The count of distinct IPs from where the attack requests originated
{USER_AGENT_COUNT}The count of distinct user agents used in the attack
{COUNTRY_COUNT}The count of distinct countries from where the attack requests originated
{URL_COUNT}The count of distinct targeted URLs