Feedback
Roadmap
Changelog

March 27th, 2026

New

Commands can now be triggered via webhook

We’ve added support for triggering custom command scripts in Swif.ai via webhooks. This makes it easier to plug Swif.ai into your existing automation (CI/CD, IT workflows, security tools, etc.) without needing an admin in the console.

What’s new

  • Webhook-triggered commands

    • When creating or editing a command, you can enable a Webhook configuration section.

    • For each command with webhook enabled, Swif.ai now exposes a webhook URL of the form:

      • https://mdm.swifteam.com/api/v1/agent/command/webhook/:commandId

    • The command can still be run manually or run on schedule; webhook is an additional trigger option, not a new run type.

  • Command tokens (Growth plan+)

    • You can now generate one or more tokens for each command.

    • Tokens are managed in Command Details → Tokens:

      • Create and delete tokens (CRUD).

      • See token metadata.

      • Use a Copy button next to each token so admins can safely copy values when needed.

    • Tokens are required to trigger a command via webhook and are scoped to the command’s team.

  • Triggering commands by device

    • The webhook trigger accepts device lists by mdmDeviceId (not serial number) for reliability across Windows, macOS, and Linux.

    • Payload format:

      { "deviceIDs": [ "mdmDeviceId-1", "mdmDeviceId-2" ] }

  • MDM APIs for token management

    • Create Command Token

      POST /api/v1/agent/command/token

    • List Command Tokens

      POST /api/v1/agent/command/token/list

    • Delete Command Tokens

      DELETE /api/v1/agent/command/token

    • All token APIs are protected by Authorization and team-id headers, and only admins with valid credentials can create, list, or delete tokens.

  • Security & access control

    • Webhook requests must include a valid command token in the header; otherwise, the request is rejected, and the command is not executed.

    • Token APIs enforce:

      • Admin-only access for creation/deletion.

      • Proper team scoping via team-id.

      • 4xx responses (401/403/404) for invalid/missing auth or cross-team access, without leaking sensitive details.

Plan & availability

  • Webhook-triggered commands and command token management are available for Growth plan and above.

  • For full examples and implementation details, see:

If you’d like, I can also draft a shorter “What’s new” version tailored for in-app changelog or release notes.

Write a comment...