Validate tickets with webhooks

Validate ITSM ticket IDs through the Apono webhook integration

Many organizations require that every access request corresponds to a valid ticket in their IT Service Management (ITSM) platform, such as Jira, ServiceNow, or Zendesk.

Apono’s webhook integration allows you to validate ticket IDs automatically before a request is submitted, ensuring that all requests are auditable, compliant, and properly linked to existing incidents or stories.

When this feature is enabled, end users are prompted to enter a ticket ID in the access request form. A webhook checks the ticket’s validity against your ITSM system before submission is allowed.

Prerequisites

Item
Description

ITSM user account

Service account or user profile in your ITSM platform with permissions to read ticket or incident data

This user will be used by Apono to verify whether the provided ticket ID exists.

Ticket ID field setup

Ticket ID enablement for your Apono account

Contact Apono Support to enable a ticket ID custom field in your account.

Apono Support requires the following information to enable the custom field for your request forms:

  • Preferred field name to appear in the Apono UI (such as Ticket ID)

  • Preferred field parameter (such as ticket_id)

API authentication token

API token or credential for your ITSM user

See your ITSM documentation for more information:

If using Basic authentication, you must encode your credentials in Base64 format, such as the following: Basic <base64encoded(email:api_token)>

Learn how to generate the encoded string in Base64.

Configure a webhook

Add Webhook page

Follow these steps to configure an Apono webhook to validate your ITSM tickets:

  1. On the Webhooks page, click Add Webhook. The Add Webhook page appears.

  2. Click Manual.

  3. Enter a unique, alphanumeric, user-friendly Manual Webhook Name for identifying this webhook.

  4. Click the Status toggle to Active.

  5. From the Type dropdown menu, select HTTP Webhook.

  6. From the Method dropdown, select GET or POST, depending on your ITSM API requirements.

  7. In the URL field, enter the route for your ITSM’s ticket or incident lookup API, using the format below. Be sure to replace <YOURDOMAIN> with your ITSM domain.

The webhook URL must meet the following requirements:

  • Uses the HTTPS protocol

  • Does not specify any custom ports

https://<YOURDOMAIN>/rest/api/3/issue/{{data.custom_fields.ticket_id}}

  1. In the Body Template field, construct an empty JSON body for the webhook payload.

{}

  1. In the Headers section, add your ITSM Basic authentication token.

Ensure your token or key has sufficient permission to read ticket data. If your ITSM supports bearer tokens (such as ServiceNow or Zendesk), replace Basic with Bearer.

Key
Table

Authorization

Basic <ENCODED_TOKEN>

  1. From the Authentication Type dropdown menu, select None.

  2. (Optional) From the Triggers dropdown menu, select one or more triggers for the webhook. By default, Manual is selected.

  3. (Optional) In the Timeout in seconds field, enter the duration in seconds to wait before marking the request as failed.

  4. (Optional) Define Response Validators to verify that the response from the webhook meets specified criteria:

    1. Click + Add. A row of settings appears.

    2. Starting with $.data., enter the Json Path of the JSON parameter.

    3. In the Expected Values field, enter a value and press the Enter key on your keyboard.

    4. Repeat step c to add several expected values.

    5. Repeat steps a-d to add multiple response validators.

  5. In the Custom Validation Error Message field, add a clear message to be displayed to end users if the webhook fails (such as, The ticket ID you entered could not be validated).

  6. Click Save Webhook.

The new webhook appears in the Webhooks table. Active webhooks are marked with a green dot. Inactive webhooks are marked with a white dot.

Apono notifications will be sent to your target system when the status of an integration has changed to a warning or error state.

Usage

Now that the webhook is configured, you can add it as a custom approver to an access flow, so that the webhook automatically checks a ticket’s validity before access approval is submitted.

Follow these steps to add the webhook to an access flow:

  1. Create a self-serve access flow.

  2. When setting up custom approval, select Custom Approval as the approver attribute (step 3) and your newly configured webhook as the value (step 5).

  3. Click Save.

PreviousManual WebhookNextITSM

Last updated

Was this helpful?