API & Integrations
Connect FortWatch to your existing workflow. REST API, webhooks, and native integrations with the tools you already use.
Active integrations
5 connected · 2,847 events today
- S
Slack
#security-alerts
1,249 events
Connected - J
Jira
ACME project
847 tickets created
Connected - T
Microsoft Teams
SOC channel
412 events
Degraded - S
Splunk SIEM
prod-splunk.example.com
289 events
Connected - P
PagerDuty
critical-findings service
50 incidents
Connected
REST API
Full programmatic access to everything in FortWatch. Automate asset management, trigger scans, pull findings, and manage issues — all through a clean REST API.
- Complete CRUD operations for assets, scans, findings, and issues
- Token-based authentication with scoped API keys
- Rate-limited and documented with OpenAPI/Swagger specs
Webhooks
Get real-time event notifications delivered to your endpoints. Build custom automations that react to security events as they happen.
- Scan Events:Trigger workflows when scans start, complete, or fail
- Finding Events:React to new vulnerabilities, severity changes, or resolutions
- Issue Events:Track issue creation, assignment changes, and status updates
- Asset Events:Notifications for new assets, technology changes, and port discoveries
CI/CD integration
Embed security scanning into your deployment pipeline. Trigger scans on every deploy and gate releases on security thresholds.
- Trigger scans via API as part of your CI/CD pipeline
- Gate deployments based on threat level thresholds
- Works with GitHub Actions, GitLab CI, Jenkins, and any CI system
Native integrations
Connect FortWatch to the tools your team already uses. Native integrations mean zero custom development for common workflows.
- Slack:Real-time alerts and scan summaries in your channels
- PagerDuty:Escalate critical findings to your on-call team
- Jira:Sync issues to Jira tickets for engineering workflows
- GitHub:Create GitHub issues from findings and link to repositories
Developer-friendly
Built by developers, for developers. Our API is well-documented, consistently designed, and easy to work with from any language.
- Comprehensive API documentation with examples
- Consistent JSON responses with clear error messages
- Sandbox environment for testing integrations
Frequently asked questions
Answers to the most common questions about the FortWatch API, webhooks, and integrations.
Which tools does FortWatch integrate with natively?+
FortWatch ships with native integrations for Slack, Microsoft Teams, Jira, PagerDuty, and GitHub. Slack and Teams receive real-time alerts and scan summaries in channels you choose. Jira and GitHub create tickets from findings and sync status back to FortWatch. PagerDuty escalates critical findings to your on-call rotation. Anything not on the native list connects through webhooks or the REST API.
What format do FortWatch webhooks use?+
Webhooks deliver JSON payloads over HTTPS POST to any endpoint you configure. Each payload includes an event type (scan.completed, finding.created, issue.assigned, asset.discovered, etc.), a workspace ID, an ISO-8601 timestamp, and a full resource object with severity, asset, and remediation metadata. Payloads are signed with HMAC-SHA256 so your receiver can verify authenticity before processing.
How does API authentication work?+
FortWatch uses token-based authentication with scoped API keys. Admins mint keys from the workspace settings page and assign read, write, or admin scopes per key. Keys are sent as a Bearer token in the Authorization header. Keys can be rotated, revoked, or regenerated at any time, and every API call is recorded in the audit log with the key name, actor, and outcome.
Are there rate limits on the REST API?+
Yes. The API is rate-limited per API key to protect shared infrastructure: 120 requests per minute for read operations and 60 per minute for write operations on most endpoints. Rate-limit headers (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset) are returned on every response so clients can back off gracefully. Enterprise plans lift the limits.
What does a Slack alert from FortWatch look like?+
Slack alerts arrive as formatted messages with a severity-colored sidebar (red for critical, orange for high, yellow for medium, blue for low), the finding title, affected asset, short remediation summary, and a direct link back to the full issue in FortWatch. You can route alerts to different channels by severity, asset tag, or scan type — critical findings to #security-oncall, weekly summaries to #engineering, and so on.
Can FortWatch create Jira tickets automatically?+
Yes. Configure the Jira integration once with your project key and issue type, and any new finding above a severity threshold you choose creates a Jira ticket with the finding's title, description, severity, affected asset, and remediation steps prefilled. Status flows both ways: closing the Jira ticket marks the FortWatch issue resolved, and resolving the finding in FortWatch comments back to the ticket.
Is FortWatch compatible with my SIEM?+
Yes. FortWatch sends structured JSON events to any SIEM that accepts HTTP inputs — Splunk HEC, Elastic, Datadog, Microsoft Sentinel, Sumo Logic, and generic syslog collectors via an intermediate gateway. Events include the full finding object so your SIEM can correlate FortWatch detections with logs from your WAF, endpoint, or cloud providers. We publish CEF and ECS mapping guides for common platforms.
Where are the API docs?+
The full OpenAPI 3.1 specification is published at docs.fortwatch.ai/api with live request/response examples, authentication walkthroughs, and code snippets for curl, Node.js, Python, and Go. A sandbox environment is available on every plan so you can build and test integrations against synthetic data before pointing your automation at production.
Secure your entire stack today
Start scanning in under 5 minutes. No credit card required. 14-day free trial included.