Skip to main content

Integrations

Integrations connect OneProtect workflow outputs to customer systems.

The current console route is /console/integrations. It is an operations workbench for tenant-scoped delivery health, not a marketplace or adapter configuration wizard.

Implemented:

  • Tenant-scoped generic webhook destinations.
  • Enabled/disabled destination state.
  • Redacted credential references.
  • Tenant delivery policy for attempts, timeout, and dead-letter behavior.
  • Delivery health summary for active destinations, successful deliveries, scheduled retries, and dead-lettered deliveries.
  • Destination detail view with adapter type, enabled status, credential posture, retry policy, timeout, max attempts, and last delivery result.
  • Client-side filters for enabled, disabled, retry scheduled, failed, dead-lettered, and delivered states.
  • Clickable destination rows that update the selected detail panel.
  • Delivery attempt timeline with retryable/terminal markers and bounded error summaries.
  • Expandable attempt rows for timestamp, duration, HTTP status, retryability, and redacted response summary.
  • Refresh control that reloads route data without pretending live updates exist.
  • Copy controls for safe references such as correlation ID, delivery ID, alert ID, evidence ID, and destination ID.
  • Role-aware controls: auditors see read-only inspection only; operators can inspect/copy/refresh; tenant admins can see disabled future configuration affordances where API contracts are still required.
  • Evidence, alert, audit, and correlation references for traceability.
  • Generic HTTP webhook/ticket adapter.
  • Deterministic idempotency key.
  • Persisted delivery attempts.
  • Delivery succeeded and failed event paths.
  • Durable DB-driven retry scheduling.
  • Retry/backoff, retry attempt history, and dead-lettered outbox state.
  • HMAC signing seam; signatures are required by default outside local/dev/test unless explicitly disabled.
  • Worker-time secret resolution through the SecretProvider seam.
  • Kubernetes Secret refs for production-shaped credential resolution; cloud-specific secret stores are synced outside the app boundary.

Planned:

  • External Secrets Operator/CSI/Vault Agent sync manifests and exact production secret RBAC.
  • Dedicated dead-letter queue/browser tooling.
  • Edit/configuration forms after the backed API workflow is reviewed for tenant-admin use.
  • Receiver replay-window guidance and verification fixtures.
  • Jira, Slack, Teams, and customer webhook adapters.

OneProtect internal ticketing is a separate contract-designed capability. Jira, ServiceNow, Freshdesk, Zendesk, HaloPSA, and similar external ticketing systems remain future adapters rather than the canonical OneProtect ticket store.

Credential values are write-only/redacted. Auditor and operator roles can view destination metadata. Configuration actions remain disabled until the related API contracts, role rules, and audit behavior are reviewed.

The console intentionally hides raw endpoint URLs and secret references. If a delivery is dead-lettered, the page explains the terminal state and points operators toward receiver health review; replay controls remain future work until a safe DLQ API exists.