DevOps Integration

Webhooks | Event-Driven Notifications

Zero-downtime assurance for modern DevOps. Connect StatusSentry to your internal infrastructure with reliable, secure HTTP callbacks.

Supported Event Types

StatusSentry triggers webhooks immediately when state changes occur. We batch rapid-fire events to prevent flooding your endpoints, ensuring at-least-once delivery with exponential backoff.

incident.created

Triggered the moment an incident is manually created or automatically detected by our synthetic monitors. Includes the initial severity level and affected components.

incident.resolved

Sent when an incident status transitions to 'Resolved'. Useful for automatically closing Jira tickets or clearing PagerDuty alerts linked to the outage.

monitor.status_change

Fires when a specific monitor changes state (e.g., `UP` to `DOWN`). Contains the monitor ID, region, and response time metrics from the failed request.

sla.breach_warning

Proactive alert when current uptime trends indicate a potential SLA breach within the next 24 hours based on historical availability data.

Payload Structure

All webhook requests use the `POST` method with a `Content-Type` of `application/json`. The body contains a standardized envelope.

Example Request Body

Below is a sample payload for an `incident.created` event:

{
  "id": "evt_8a7b9c0d1e2f3g4h",
  "type": "incident.created",
  "created_at": "2023-10-27T14:30:00Z",
  "data": {
    "incident_id": "inc_987654321",
    "title": "High Latency in EU-West",
    "status": "investigating",
    "severity": "major",
    "components": [
      {
        "id": "comp_api_gateway",
        "name": "API Gateway",
        "status": "degraded_performance"
      }
    ]
  }
}

Security & Signature Verification

To ensure requests originate from StatusSentry, we sign every webhook using HMAC-SHA256. You must verify this signature before processing the payload.

1. Retrieve Your Secret

Navigate to Settings > Integrations > Webhooks in your dashboard. Generate a new signing secret (e.g., `whsec_4eC39HqLyjWDarjtT1zdp7dc`). Keep this string private.

2. Verify the Header

Check the `X-StatusSentry-Signature` header in the incoming request. It contains a timestamp and the computed signature.

3. Validate the Payload

Construct a string `timestamp + '.' + raw_body`. Compute the HMAC-SHA256 hash using your secret. Compare the result with the signature in the header. Reject requests that do not match.