Hooks
Hooks are inbound webhooks that let external systems push data into Rekor. Each hook provides a unique URL endpoint — when an external service POSTs JSON to it, Rekor automatically creates or updates a record in the target collection.
How It Works
- Create a hook — specify the target collection and optional data mapping.
- Rekor generates a unique URL — share this with the external system (e.g., PagerDuty, GitHub, Stripe).
- External system POSTs data — Rekor validates the payload and creates a record.
Creating a Hook
rekor hooks create --workspace my-workspace \
--name "PagerDuty Incidents" \
--collection incidentsThis returns a hook with a unique ingest URL:
POST /v1/{workspace_id}/hooks/{hook_id}/ingestManaging Hooks
# List all hooks
rekor hooks list --workspace my-workspace
# Get a specific hook
rekor hooks get {hook_id} --workspace my-workspace
# Delete a hook
rekor hooks delete {hook_id} --workspace my-workspaceIngest Endpoint
External systems POST JSON to the hook's ingest URL. The payload is validated against the target collection's schema and stored as a record.
curl -X POST /v1/{ws}/hooks/{hook_id}/ingest \
-H "Content-Type: application/json" \
-d '{"title":"API spike","severity":"p1"}'Hook-Originated Writes
Records created via hooks carry an X-Rekor-Source: hook header. Triggers with skip_hook_writes: true (the default) won't re-fire on these writes, preventing infinite loops between hooks and triggers.
Environment Restrictions
Hooks can only be created or deleted in preview workspaces. To add hooks to production, create them in a preview workspace and promote.