The following content is from the Webhooks product documentation. Please refer to the Webhooks documentation if you are unfamiliar with Webhooks.
Webhooks for Certificate Transparency allows you to receive real-time notifications of newly issued certificates for any domains that you have subscribed for certificate alerts or phishing alerts.
When you receive a notification, you can immediately parse its payload and use the contents to query the Certificate Transparency API's /certificates
endpoint for detailed information about the newly issued certificate.
To set up a webook for certificate alerts, first use our Getting Started guide to create your endpoint and configure the Webhooks product. During configuration, choose the Certificate Transparency object and subscribe to the certificate field.
Note that you won't receive any certificate alert webhooks until you subscribe one or more domains for certificate alerts.
When a new certificate is issued for a domain subscribed for certificate alerts, we will send you a webhook notification with a JSON payload that looks like this:
{ "entry": [ { "id": "1381739901945384", "changed_fields": [ "certificate" ], "time": 1510160948 } ], "object": "certificate_transparency" }
All webhook notification payloads are formatted in JSON, so you can parse the payload using common JSON parsing methods or packages.
Your script should check for the certificate
field. If it's in the payload, immediately query the Certificate Transparency API to search for any new certificates using the domain or id.
To set up a webook for certificate alerts, first use our Getting Started guide to create your endpoint and configure the Webhooks product. During configuration, choose the Certificate Transparency object and subscribe to the phishing field.
Note that you won't receive any certificate alert webhooks until you subscribe one or more domains for phishing alerts.
When a new certificate is issued for a suspicious domain that may be phishing a legitimate domain subscribed for phishing alerts, we will send you a webhook notification with a JSON payload that looks like this:
{ "entry": [ { "changes": [ { "field": "phishing", "value": { "ct_cert": { "id": "123", "certificate_pem": "-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----\n", "cert_hash_sha256": "f2297..." }, "phishing_domains": [ "facebook.com.evil.com", "xn—facbook-9gg.ml" ], "phished_domain": "facebook.com" } } ], "id": "123", "time": 1524762838 } ], "object": "certificate_transparency" }
Webhooks payloads are formatted in JSON, so you can parse their payloads using common JSON parsing methods or packages.
Your script should parse the phishing_domains
field values, which will contain the names of potential phishing domains. Then, immediately query the Certificate Transparency API to search for any new certificates using the domain or id.