Skip to main content

Hooks Tutorial

This guide explains how to send custom HTTPS hooks from your application to SmartSezam to notify it of key events in real time.

I - Technical​ Prerequisites

To integrate SmartSezam via custom hooks, you will need :

  • Access to your application's backend code, to send HTTPS requests
  • Basic knowledge of HTTP requests and JSON format
  • The following variables prepared beforehand :
    • $instanceDomainName = The full domain of your SmartSezam instance
    • $apiKey = Your SmartSezam API key

II – Sending Hook Requests

SmartSezam accepts JSON-formatted POST requests for tracking significant security events.

1. Configure your backend

Set it up to send requests to SmartSezam whenever important events occur — such as :

  • user profile edits
  • admin actions
  • business rule validations
  • Etc.

2. Define the Endpoint URL

Send requests to the following endpoint :

POST https://$instanceDomainName/api/hook/custom-event

Replace $instanceDomainName with your actual SmartSezam domain.

3. Set the Authorization Header

Include your API key in the HTTP header :

Authorization: Bearer $apiKey
Content-Type: application/json

4. Construct the JSON Payload

Here’s an example payload:

{
  "user_id": "abc123",
  "action": "edit_email",
  "context": {
    "ip": "XXX.XXX.XXX.XXX",
    "session_id": "sess-789",
    "user_agent": "Mozilla/5.0",
    "risk_scope": "medium"
  }
}

You can adapt the structure to your event model. Contact SmartSezam support for guidance on custom formats.

5. Event Processing

Once received, SmartSezam enriches the data with contextual signals and runs real-time behavioral risk evaluation.

III – Testing and Validation

Testing depends on the integration scenario :

  • In managed setups, SmartSezam will handle validation.
  • In self-managed integrations :
  1. Open the real-time activity view in your SmartSezam dashboard.
  2. Trigger a hook event from your backend.
  3. Check that the event appears with the correct payload.

If the event doesn't appear, check :

  • Endpoint correctness
  • Authorization header
  • JSON structure Use tools like Postman or curl to debug the request