WhiteIntel API Documentation
  • WhiteIntel API
  • Authentication
  • Postman Collections
  • Webhooks
    • WhiteIntel Webhook API
    • Signature Validation
  • WhiteIntel API v2
    • Consumer Leaks API
  • Corporate Leaks API
  • Username Leaks API
  • IP Leaks API
  • Computer Leaks API
  • Get Leaks By ID API
  • Overall Stats API
  • Last Leaks API
  • Whiteintel API v1
    • Combolists API
      • ComboLists Username Leaks API
      • ComboLists Customer Leaks API
      • ComboLists Corporate Email Leaks API
      • Get IDs From Leaks
      • Get Customer Leaks by Id API
      • Get Corporate Leaks by Id API
      • Get Username Leaks by Id API
    • Infostealer API
      • Customer Leaks API
      • Corporate Email Leaks API
      • Username Leaks API
      • Password Leaks API
      • IP Leaks API
      • Hostname Leaks API
      • Get IDs From Leaks
      • Get Multiple Leaks By Ids
      • Get Leak by Id
    • Overall Stats API
    • Last Leaks API
Powered by GitBook
On this page
  • 🔧 Setup
  • 🔐 Security & Signature
  • 📬 Events & Payload Structure
  • Webhook Simulation
  1. Webhooks

WhiteIntel Webhook API

WhiteIntel webhooks allow your organization to receive real-time alerts when your watchlist items (such as domains, IPs, hostames, or emails) are detected in leaked stealer logs.

🔧 Setup

To configure a webhook:

  1. Go to your WhiteIntel dashboard

  2. Set your receiving HTTPS endpoint

  3. A secure HMAC secret will be auto-generated

⚠️ Configuring a webhook will override any existing configuration.

Endpoint Requirements

  • Must use https:// (or http:// in dev/test)

  • Must not point to internal/private addresses (e.g. localhost, .local, 127.0.0.1)

  • Must not target WhiteIntel-owned domains

🔐 Security & Signature

Every webhook POST is signed with an HMAC SHA256 signature.

NEVER PROCESS THE REQUEST BEFORE VERIFYING THE SIGNATURE.

Headers

Header
Description

X-Signature

Base64-encoded HMAC signature

X-Signature-Version

Currently always "v1"

X-Timestamp

ISO 8601 UTC timestamp

User-Agent

WhiteIntel-Webhook

Signature Generation (example)

// Pseudo-code for generating the HMAC signature
signature = base64(HMAC_SHA256(timestamp, secret_key))

📬 Events & Payload Structure

Webhook notifications are triggered for the following types based on your watchlist:

  • consumer

  • corporate

  • email

  • ip

  • hostname

Sample Payload: consumer

{
  "type": "consumer",
  "value": "example.com",
  "description":"As part of WhiteIntel's dark web surveillance, the specified consumer accounts have been found exposed in stolen credentials.",
  "count": 8,
  "usernames": [
    ["user2@gmail.com", 5],
    ["user1@gmail.com", 3]
  ],
  "event_date": "2025-04-10 12:00:00",
  "source": "watchlist_monitor"
}

Sample Payload: corporate 

{
  "type": "corporate",
  "value": "internal.corp.com",
  "description":"As part of WhiteIntel's dark web surveillance, the specified corporate accounts have been found exposed in stolen credentials.",
  "count": 5,
  "usernames": [
    ["ceo@corp.com", 2],
    ["it@corp.com", 1]
  ],
  "event_date": "2025-04-10 12:00:00",
  "source": "watchlist_monitor"
}

Sample Payload: email 

{
  "type": "email",
  "value": "staff@example.com",
  "description": "As part of WhiteIntel's dark web surveillance, the specified email address has been found exposed in stolen credentials.",
  "count": 2,
  "usernames": [
    ["staff@example.com", 2]
  ],
  "event_date": "2025-04-10 06:00:00",
  "source": "watchlist_monitor"
}

Sample Payload: ip 

{
  "type": "ip",
  "value": "192.0.2.1",
  "description": "As part of WhiteIntel's dark web monitoring, the following IP addresses have been identified as compromised by stealer malware.",
  "count": 1,
  "event_date": "2025-04-10 08:00:00",
  "source": "watchlist_monitor"
}

Sample Payload: computername

{
  "type": "hostname",
  "value": "DESKTOP-HACKED01",
  "description": "As part of WhiteIntel's dark web monitoring, the specified Computer name have been identified as compromised by stealer malware.",
  "count": 1,
  "event_date": "2025-04-10 07:00:00",
  "source": "watchlist_monitor"
}

Webhook Simulation

In order to simulate webhook calls before deploying to production, visit your Webhook page on WhiteIntel platform.

PreviousPostman CollectionsNextSignature Validation

Last updated 1 month ago