Receive webhook notifications for expiring certificates¶
To enable webhook notifications for certificate expiration events in Certificate Manager - SaaS, you create and manage webhook connectors by using the Certificate Manager - SaaS API. There is currently no supported UI workflow for creating webhook connectors.
Prerequisites¶
Before you configure webhook notifications for certificate expiration, ensure that you have:
- A publicly accessible HTTPS webhook endpoint
- Authentication credentials for your endpoint
- Firewall rules that allow inbound traffic from CyberArk public NAT IP addresses
- An API key with permission to create connectors
To create a webhook connector for certificate expiration notifications¶
- Create a webhook connector by using the Certificate Manager - SaaS API. Send a POST request to the Certificate Manager - SaaS connectors endpoint. The request defines the webhook URL, authentication settings, and an optional secret for signature validation.
- Verify that the connector is created successfully. The Certificate Manager - SaaS API performs a connectivity test when creating the connector. If the endpoint is reachable and responds with a
2xxHTTP status code, the connector is created and becomes active. - Enable certificate expiration monitoring. Ensure that certificate expiration monitoring is enabled so that expiration events are generated and delivered to the webhook connector.
After you complete these steps, Certificate Manager - SaaS sends webhook notifications when certificates approach their configured expiration thresholds.
Next steps¶
- Review webhook behavior, payload structure, and delivery guarantees in Webhook notifications for certificate expiration.
- For step-by-step API instructions and request examples, see Dev Central: Receive webhook notifications.