# Validate tickets with webhooks Many organizations require that every access request corresponds to a valid ticket in their IT Service Management (ITSM) platform, such as Jira, ServiceNow, or Zendesk. Apono’s webhook integration allows you to validate ticket IDs automatically before a request is submitted, ensuring that all requests are auditable, compliant, and properly linked to existing incidents or stories. When this feature is enabled, end users are prompted to enter a ticket ID in the access request form. A webhook checks the ticket’s validity against your ITSM system before submission is allowed. *** ### Prerequisites

Item Description

Item	Description
ITSM user account	Service account or user profile in your ITSM platform with permissions to read ticket or incident data This user will be used by Apono to verify whether the provided ticket ID exists.
Ticket ID field setup	Ticket ID enablement for your Apono account Contact Apono Support to enable a ticket ID custom field in your account. Apono Support requires the following information to enable the custom field for your request forms: Preferred field name to appear in the Apono UI (such as Ticket ID) Preferred field parameter (such as `ticket_id`)
API authentication token	API token or credential for your ITSM user See your ITSM documentation for more information: Freshdesk Freshservice Jira ServiceDesk Plus ServiceNow Zendesk If using Basic authentication, you must encode your credentials in Base64 format, such as the following: `Basic <base64encoded(email:api_token)>` Learn how to generate the encoded string in Base64.

ITSM user account

Service account or user profile in your ITSM platform with permissions to read ticket or incident data

This user will be used by Apono to verify whether the provided ticket ID exists.

Ticket ID field setup

Ticket ID enablement for your Apono account

Contact Apono Support to enable a ticket ID custom field in your account.

Apono Support requires the following information to enable the custom field for your request forms:

Preferred field name to appear in the Apono UI (such as Ticket ID)
Preferred field parameter (such as ticket_id)

API authentication token

API token or credential for your ITSM user

See your ITSM documentation for more information:

If using Basic authentication, you must encode your credentials in Base64 format, such as the following: Basic <base64encoded(email:api_token)>

Learn how to generate the encoded string in Base64.

*** ### Configure a webhook

Follow these steps to configure an Apono webhook to validate your ITSM tickets: 1. On the [**Webhooks**](https://app.apono.io/webhooks) page, click **Add Webhook**. The **Add Webhook** page appears. 2. Click **Manual**. 3. Enter a unique, alphanumeric, user-friendly **Manual Webhook Name** for identifying this webhook. 4. Click the **Status** toggle to **Active**. 5. From the **Type** dropdown menu, select **HTTP Webhook**. 6. From the **Method** dropdown, select **GET** or **POST**, depending on your ITSM API requirements. 7. In the **URL** field, enter the route for your ITSM’s ticket or incident lookup API, using the format below. Be sure to replace `` with your ITSM domain. {% hint style="info" %} The webhook URL must meet the following requirements: * Uses the HTTPS protocol * Does not specify any custom ports {% endhint %} ``` https:///rest/api/3/issue/{{data.custom_fields.ticket_id}} ``` 8. In the **Body Template** field, construct an empty JSON body for the webhook payload. ``` {} ``` 9. In the **Headers** section, add your ITSM Basic authentication token. {% hint style="warning" %} Ensure your token or key has sufficient permission to read ticket data. If your ITSM supports bearer tokens (such as ServiceNow or Zendesk), replace `Basic` with `Bearer`. {% endhint %} | Key | Table | | --------------- | ------------------------- | | *Authorization* | *Basic \* | 10. From the **Authentication Type** dropdown menu, select **None**. 11. (Optional) From the **Triggers** dropdown menu, select one or more triggers for the webhook. By default, **Manual** is selected. 12. (Optional) In the **Timeout in seconds** field, enter the duration in seconds to wait before marking the request as failed. 13. (Optional) Define **Response Validators** to verify that the response from the webhook meets specified criteria: 1. Click **+ Add**. A row of settings appears. 2. Starting with *$.data.*, enter the **Json Path** of the JSON parameter. 3. In the **Expected Values** field, enter a value and press the Enter key on your keyboard. 4. Repeat step **c** to add several expected values. 5. Repeat steps **a-d** to add multiple response validators. 14. In the **Custom Validation Error Message** field, add a clear message to be displayed to end users if the webhook fails (such as, *The ticket ID you entered could not be validated*). 15. Click **Save Webhook**. The new webhook appears in the **Webhooks** table. Active webhooks are marked with a green dot. Inactive webhooks are marked with a white dot. Apono notifications will be sent to your target system when the status of an integration has changed to a warning or error state. #### Usage Now that the webhook is configured, you can add it as a custom approver to an access flow, so that the webhook automatically checks a ticket’s validity before access approval is submitted. Follow these steps to add the webhook to an access flow: 1. [Create a self-serve access flow](https://docs.apono.io/docs/access-flows/creating-access-flows-in-apono/self-serve-access-flows). 2. When [setting up custom approval](https://docs.apono.io/docs/access-flows/creating-access-flows-in-apono/self-serve-access-flows#set-up-custom-approval), select **Custom Approval** as the approver attribute (step **3**) and your newly configured webhook as the value (step **5**). 3. Click **Save**.