topic Re: Secure Access: Alert Notifications Webhook in Secure Access Discussions

Secure Access: Alert Notifications Webhook

Prodrick — Fri, 17 Apr 2026 11:46:56 GMT

In the documentation, the UI shows Secure Access Webhooks has three authentication options:

basic

oauth

token

but one of the documentation pages says it only supports Basic authentication. Who can confirm if Bearer token authentication is supported now?

https://securitydocs.cisco.com/docs/csa/olh/161062.dita

Re: Secure Access: Alert Notifications Webhook

Prodrick — Mon, 27 Apr 2026 10:51:55 GMT

Anyone?

Re: Secure Access: Alert Notifications Webhook

cludwigd — Mon, 27 Apr 2026 14:27:02 GMT

only basic is available configuration wise at this moment.
oauth and token is greyed out for me in GUI.
we are currently testing the SA webhook alerting in parallel to the webhook alerting from platform status monitoring (status.sse.cisco.com). do you found a meaningful mapping for the fields in the JSON alert send? its not very easy to further process these alerts...

Re: Secure Access: Alert Notifications Webhook

Yaron Caspy — Tue, 28 Apr 2026 08:14:35 GMT

You are correct, currently only basic auth is supported.

For the mapping/schema and examples please see the Alerting section under the guides:

https://developer.cisco.com/docs/cloud-security/secure-access-api-reference-api-anomalies-alerts-overview/#alerts-for-api-anomalies

Re: Secure Access: Alert Notifications Webhook

Prodrick — Wed, 29 Apr 2026 13:04:09 GMT

@cludwigd thanks so much for confirming this and @Yaron Caspy for vendor-verification. How might partners get line of sight to the timeline for enabling token-based authorization, i.e. Bearer or Hash-based Message Authentication (HMAC), as we don't support use f basic authentication for Webhooks. I've seen similar basic auth only support for Catalyst SD-WAN.

Re: Secure Access: Alert Notifications Webhook

Yaron Caspy — Wed, 29 Apr 2026 13:20:24 GMT

Hi @Prodrick ,

Sure thing. The best way would be to request feature enhancements which will help us promote adding this. BTW, in many cases token based authentication can be achieved with basic auth by adding the token as the password along with a placeholder for the username. Here is an example which works with Splunk (I've seen it work with other products as well):

{ "name": "token", "tags": [ "string" ], "type": "basic-auth", "value": { "password": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx", "username": "a" } }

* Where 'a' is the placeholder and the token is in the password field.

** Full request is here: https://developer.cisco.com/docs/cloud-security/create-integration/

*** To do this via API, you need to: 1. Create the webhook. 2. Add credentials to the webhook. 3. Create the Security Events integration and add the webhook as a target. Or you can do this in the UI 🙂
Hope this helps.