# Export Activity to Custom Webhook

## Overview

Akto allows you to forward API threat activity to an external system through a webhook endpoint. Webhook export enables integration with SIEM platforms, monitoring pipelines, or internal security automation workflows.

Akto sends threat activity events in batches every **15 minutes** to the configured webhook endpoint. Security teams can process the received payload for alerting, enrichment, or incident response workflows.

## Steps to Configure Webhook Export

{% stepper %}
{% step %}
Navigate to **API Threat Activity** in the Akto dashboard.
{% endstep %}

{% step %}
Select **More Actions** in the top-right corner.
{% endstep %}

{% step %}
Select **Export via webhook integration**.

<div data-with-frame="true"><figure><img src="https://2916937215-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FRc4KTKGprZI2sPWKoaLe%2Fuploads%2Fc2oJeUSv3vOwfcsKySU8%2Fimage.png?alt=media&#x26;token=f5ca1f4d-ddea-4f98-a582-6f00905e0b82" alt="" width="563"><figcaption></figcaption></figure></div>
{% endstep %}

{% step %}
Enter the **Webhook endpoint URL** where the external system receives threat activity events.\
Example: `https://your-webhook-endpoint.com/events`
{% endstep %}

{% step %}
Enable **Use gzip encoding** when the receiving system expects compressed payloads with the header `Content-Encoding: gzip`.

{% hint style="info" %}
Leave the option disabled when the receiving system expects standard JSON payloads.
{% endhint %}
{% endstep %}

{% step %}
Add **Custom Headers** when the receiving service requires authentication or routing metadata.\
Common examples include `Authorization` headers or `X-API-Key` headers.
{% endstep %}

{% step %}
Select **Save** to activate webhook export.

<div data-with-frame="true"><figure><img src="https://2916937215-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FRc4KTKGprZI2sPWKoaLe%2Fuploads%2FUeRlKFKVM55qUeIYWbTo%2Fimage.png?alt=media&#x26;token=d3208d4f-fc41-4874-8a65-a44a071e4980" alt="" width="563"><figcaption></figcaption></figure></div>
{% endstep %}
{% endstepper %}

Akto begins sending threat activity data to the configured endpoint after configuration is saved.

## Result of Webhook Integration

Configured webhook integration allows security teams to stream API threat activity into external systems such as:

* SIEM platforms
* Security automation pipelines
* Incident response tooling

Webhook export ensures external monitoring platforms receive threat activity data without manual exports.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.akto.io/api-protection/how-to/export-activity-to-custom-webhook.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.