LockLLM
Go back

Webhooks

Overview

LockLLM Webhooks provide real-time notifications when malicious prompts are detected in your LLM applications. Configure custom webhook endpoints to receive instant alerts when prompt injections or jailbreaks are identified. Integrate with Slack, Discord, or any custom HTTP endpoint.

Webhooks enable proactive security monitoring by delivering event data to your preferred notification channels immediately when threats are detected. Build custom workflows, trigger alerts, or integrate with incident response systems.

How it Works

Configure webhook endpoints in the dashboard. When a malicious prompt is detected during scanning, LockLLM sends an HTTP POST request to your configured endpoint with detailed scan results. Your system receives the notification in real-time and can take appropriate action.

Each webhook includes scan results with confidence scores, injection detection metrics, and a preview of the flagged content. Configure multiple endpoints to route notifications to different channels or services.

When Webhooks Trigger

Webhooks are automatically triggered when:

  • A malicious prompt is detected (safe: false)
  • Works with both direct API scans and proxy mode requests
  • After the scan completes successfully

Webhooks are not triggered for safe prompts to reduce noise and focus on actionable security events.

Payload Format

Webhook payloads are delivered as JSON with structured scan data:

{
  "event": "prompt_injection_detected",
  "timestamp": 1705334400000,
  "request_id": "req_abc123",
  "user_id": "user_456",
  "scan_result": {
    "safe": false,
    "label": 1,
    "confidence": 0.95,
    "injection": 0.95,
    "sensitivity": "medium"
  },
  "input_preview": "Ignore all previous instructions and..."
}

Supported Formats

Choose from pre-built formats for popular platforms:

  • Raw JSON: Complete data for custom processing and integrations
  • Slack: Pre-formatted messages with block kit formatting
  • Discord: Rich embeds with color-coded severity indicators

Configuration Options

Configure webhooks in the dashboard with the following settings:

  • HTTPS endpoint URL (required for security)
  • Format selection (Raw JSON, Slack, or Discord)
  • Optional secret for signature verification
  • Optional custom message text
  • Enable/disable toggle for temporary deactivation

Delivery & Reliability

Webhooks include built-in reliability features:

  • Automatic retry with exponential backoff (up to 3 attempts)
  • 1-second timeout per delivery attempt
  • TLS encryption required for all endpoints
  • SSRF protection blocks private and localhost addresses
  • Delivery status tracking in activity logs

Security Features

Webhooks implement security measures to protect your endpoints:

  • HTTPS-only endpoints (HTTP requests are rejected)
  • Signature verification via X-LockLLM-Signature header
  • SSRF attack prevention with hostname validation
  • Request timeout limits to prevent hanging connections
  • User-specific webhook isolation and access control

Use Cases

  • Real-time security monitoring dashboards
  • Automated incident response workflows
  • Team notifications via Slack or Discord
  • Integration with SIEM systems
  • Custom alerting logic and escalation
  • Compliance reporting and audit logs

Getting Started

Configure webhooks in the dashboard under the Webhooks section. Add your endpoint URL, select your format (Raw JSON, Slack, or Discord), and test the connection. Visit the documentation for complete configuration guides, payload examples, and platform-specific setup instructions.