Integrations · Zapier · n8n · Make

Plug Tracelight into your stack.

Outgoing webhooks fire on every key OSINT event. Wire them to Zapier, n8n, Make, or your own backend to keep records, alert teammates, file tickets, or kick off downstream automations.

1. Add a webhook

In Integrations, paste a Zapier "Catch Hook" URL (or any HTTPS endpoint) and pick which events to subscribe to.

2. (Optional) sign requests

Set a signing secret. Tracelight will send X-Tracelight-Signature: sha256=<hex> with every request — verify it server-side to prove authenticity.

3. Build automations

Each event is JSON your tool can route on. Auto-create Notion pages, file Linear issues, post to Slack, refresh a Looker dashboard — whatever your workflow needs.

Request envelope

Every event arrives as a POST with this top-level shape. The data field varies per event.

{
  "event":        "case.created",
  "workspace_id": "f1a2-...",
  "occurred_at":  "2026-05-08T12:34:56.789Z",
  "data":         { /* event-specific — see below */ }
}

Headers:

Content-Type: application/json
X-Tracelight-Signature: sha256=<hmac-sha256(body, secret)>   // only if a secret is set

Events

case.created

Fires immediately after a new case is opened in the workspace.

Sample data payload:

{
  "case_id": "8b1c1a4e-...",
  "case_number": "TL-0001",
  "title": "Due diligence: Acme Corp",
  "priority": "normal",
  "tags": [
    "KYC",
    "corporate"
  ],
  "playbook_slug": null,
  "created_by": "user-uuid"
}

case.completed

Fires when a case status flips to closed or archived.

Sample data payload:

{
  "case_id": "8b1c1a4e-...",
  "case_number": "TL-0001",
  "title": "Due diligence: Acme Corp",
  "status": "closed"
}

subject.added

Fires when a subject (person/entity under investigation) is added to a case.

Sample data payload:

{
  "subject_id": "...",
  "case_id": "...",
  "full_name": "Jane Doe",
  "subject_label": "Jane Doe",
  "has_consent": false
}

enrichment.completed

Fires when an OSINT enrichment run finishes for a subject (parallel sweep across 30+ sources).

Sample data payload:

{
  "subject_id": "...",
  "case_id": "...",
  "subject_label": "Jane Doe",
  "evidence_count": 24,
  "duration_ms": 12300
}

alert.fired

Fires for every monitor-triggered alert. Severities: info | low | medium | high | critical.

Sample data payload:

{
  "alert_id": "...",
  "monitor_id": "...",
  "subject_id": "...",
  "case_id": "...",
  "subject_label": "Jane Doe",
  "severity": "high",
  "title": "Email surfaced in 'CompanyX 2026' breach",
  "source": "hibp",
  "source_url": "https://haveibeenpwned.com/..."
}

report.generated

Fires when an investigator generates a citation-anchored markdown/PDF report for a subject.

Sample data payload:

{
  "subject_id": "...",
  "case_id": "...",
  "subject_label": "Jane Doe",
  "report": {
    "report_id": "...",
    "markdown_url": null,
    "pdf_url": null
  }
}

monitor.match

Fires (alongside alert.fired) when a monitor finds new evidence for a subject. Useful when you want to pipe raw matches separately from severity-tagged alerts.

Sample data payload:

{
  "alert_id": "...",
  "monitor_id": "...",
  "monitor_type": "email_breaches",
  "subject_id": "...",
  "case_id": "...",
  "subject_label": "Jane Doe",
  "severity": "high",
  "title": "..."
}

Ready to wire it up?

Open a workspace, drop in your Zapier URL, and we'll start firing events the moment things happen.

Start a free trial Configure webhooks