Skip to main content
Want to build your own custom integration or connect Phare to a tool that isn’t officially supported? Outgoing webhooks are your best friend! They send HTTP callbacks with your alert data to any endpoint you specify, perfect for DIY integrations, logging or connecting to specialized systems.

Configuration

Setting up an outgoing webhook is straightforward, you just need two pieces of information:
  • Callback URL: Where should the data be sent? This could be an endpoint in your own application or a third-party service that accepts webhooks.
  • Signing secret: A secret key that proves the data came from Phare and wasn’t tampered with along the way.
A secure signing secret is automatically generated for you, but you’re welcome to use your own if you prefer.
Outgoing webhooks installation

Using the integration

Once your webhook is set up, you can connect it to alert rules in your projects. A default JSON payload based on the alert event you’ve chosen will be generated, customize it as needed to fit your specific use case.
Outgoing webhooks alert rule

Payload customization

Make your webhooks work exactly how you want! You can reshape the JSON payload structure any way you like (as long as it’s valid JSON), and use variables to inject dynamic data from the triggering event. Each alert event type has its own set of available variables. Here’s what you can use:

Monitors

VariableValue
$PROJECT_IDId of the project this monitor belongs to
$PROJECT_NAMEName of the project this monitor belongs to
$PROJECT_SLUGSlug of the project this monitor belongs to
$MONITOR_IDId of the monitor
$MONITOR_NAMEName of the monitor
$MONITOR_STATUSStatus of the monitor
$MONITOR_PROTOCOLProtocol used by the monitor
$MONITOR_REQUESTObject containing request information for the monitor
$MONITOR_REGIONSArray of regions where the monitor is running
$MONITOR_INTERVALInterval in seconds between each check for the monitor
$MONITOR_INCIDENT_CONFIRMATIONSNumber of confirmations required to trigger an incident for the monitor
$MONITOR_RECOVERY_CONFIRMATIONSNumber of confirmations required to recover from an incident for the monitor
VariableValue
$PROJECT_IDId of the project this monitor belongs to
$PROJECT_NAMEName of the project this monitor belongs to
$PROJECT_SLUGSlug of the project this monitor belongs to
$MONITOR_IDId of the monitor
$MONITOR_NAMEName of the monitor
$MONITOR_STATUSStatus of the monitor
$MONITOR_PROTOCOLProtocol used by the monitor
$MONITOR_REQUESTObject containing request information for the monitor
$MONITOR_REGIONSArray of regions where the monitor is running
$MONITOR_INTERVALInterval in seconds between each check for the monitor
$MONITOR_INCIDENT_CONFIRMATIONSNumber of confirmations required to trigger an incident for the monitor
$MONITOR_RECOVERY_CONFIRMATIONSNumber of confirmations required to recover from an incident for the monitor
VariableValue
$PROJECT_IDId of the project this monitor belongs to
$PROJECT_NAMEName of the project this monitor belongs to
$PROJECT_SLUGSlug of the project this monitor belongs to
$MONITOR_IDId of the monitor
$MONITOR_NAMEName of the monitor
$MONITOR_STATUSStatus of the monitor
$MONITOR_PROTOCOLProtocol used by the monitor
$MONITOR_REQUESTObject containing request information for the monitor
$MONITOR_REGIONSArray of regions where the monitor is running
$MONITOR_INTERVALInterval in seconds between each check for the monitor
$MONITOR_INCIDENT_CONFIRMATIONSNumber of confirmations required to trigger an incident for the monitor
$MONITOR_RECOVERY_CONFIRMATIONSNumber of confirmations required to recover from an incident for the monitor
$CERTIFICATE_SERIAL_NUMBERSerial number of the certificate
$CERTIFICATE_SUBJECT_COMMON_NAMECommon name of the certificate
$CERTIFICATE_SUBJECT_ALTERNATIVE_NAMESSubject alternative names of the certificate
$CERTIFICATE_ISSUER_COMMON_NAMEIssuer common name of the certificate
$CERTIFICATE_ISSUER_ORGANIZATIONIssuer organization of the certificate
$CERTIFICATE_NOT_BEFORENot before date of the certificate
$CERTIFICATE_NOT_AFTERNot after date of the certificate
VariableValue
$PROJECT_IDId of the project this monitor belongs to
$PROJECT_NAMEName of the project this monitor belongs to
$PROJECT_SLUGSlug of the project this monitor belongs to
$MONITOR_IDId of the monitor
$MONITOR_NAMEName of the monitor
$MONITOR_STATUSStatus of the monitor
$MONITOR_PROTOCOLProtocol used by the monitor
$MONITOR_REQUESTObject containing request information for the monitor
$MONITOR_REGIONSArray of regions where the monitor is running
$MONITOR_INTERVALInterval in seconds between each check for the monitor
$MONITOR_INCIDENT_CONFIRMATIONSNumber of confirmations required to trigger an incident for the monitor
$MONITOR_RECOVERY_CONFIRMATIONSNumber of confirmations required to recover from an incident for the monitor
$CERTIFICATE_SERIAL_NUMBERSerial number of the certificate
$CERTIFICATE_SUBJECT_COMMON_NAMECommon name of the certificate
$CERTIFICATE_SUBJECT_ALTERNATIVE_NAMESSubject alternative names of the certificate
$CERTIFICATE_ISSUER_COMMON_NAMEIssuer common name of the certificate
$CERTIFICATE_ISSUER_ORGANIZATIONIssuer organization of the certificate
$CERTIFICATE_NOT_BEFORENot before date of the certificate
$CERTIFICATE_NOT_AFTERNot after date of the certificate

Incidents

VariableValue
$PROJECT_IDId of the project this incident belongs to
$PROJECT_NAMEName of the project this incident belongs to
$PROJECT_SLUGSlug of the project this incident belongs to
$MONITOR_IDId of the monitor that triggered the incident
$MONITOR_NAMEName of the monitor that triggered the incident
$MONITOR_STATUSStatus of the monitor that triggered the incident
$MONITOR_PROTOCOLProtocol used by the monitor that triggered the incident
$MONITOR_REQUESTObject containing request information for the monitor that triggered the incident
$MONITOR_REGIONSArray of regions where the monitor that triggered the incident is running
$MONITOR_INTERVALInterval in seconds between each check for the monitor that triggered the incident
$MONITOR_INCIDENT_CONFIRMATIONSNumber of confirmations required to trigger an incident for the monitor that triggered the incident
$MONITOR_RECOVERY_CONFIRMATIONSNumber of confirmations required to recover from an incident for the monitor that triggered the incident
$INCIDENT_IDId of the incident
$INCIDENT_SLUGSlug of the incident
$INCIDENT_TITLETitle of the incident
$INCIDENT_ERRORError message of the incident
$INCIDENT_STATEState of the incident
$INCIDENT_STATUSStatus of the incident
$INCIDENT_IMPACTImpact of the incident
VariableValue
$PROJECT_IDId of the project this incident belongs to
$PROJECT_NAMEName of the project this incident belongs to
$PROJECT_SLUGSlug of the project this incident belongs to
$MONITOR_IDId of the monitor that triggered the incident
$MONITOR_NAMEName of the monitor that triggered the incident
$MONITOR_STATUSStatus of the monitor that triggered the incident
$MONITOR_PROTOCOLProtocol used by the monitor that triggered the incident
$MONITOR_REQUESTObject containing request information for the monitor that triggered the incident
$MONITOR_REGIONSArray of regions where the monitor that triggered the incident is running
$MONITOR_INTERVALInterval in seconds between each check for the monitor that triggered the incident
$MONITOR_INCIDENT_CONFIRMATIONSNumber of confirmations required to trigger an incident for the monitor that triggered the incident
$MONITOR_RECOVERY_CONFIRMATIONSNumber of confirmations required to recover from an incident for the monitor that triggered the incident
$INCIDENT_IDId of the incident
$INCIDENT_SLUGSlug of the incident
$INCIDENT_TITLETitle of the incident
$INCIDENT_ERRORError message of the incident
$INCIDENT_STATEState of the incident
$INCIDENT_STATUSStatus of the incident
$INCIDENT_IMPACTImpact of the incident
VariableValue
$PROJECT_IDId of the project this incident belongs to
$PROJECT_NAMEName of the project this incident belongs to
$PROJECT_SLUGSlug of the project this incident belongs to
$MONITOR_IDId of the monitor that triggered the incident
$MONITOR_NAMEName of the monitor that triggered the incident
$MONITOR_STATUSStatus of the monitor that triggered the incident
$MONITOR_PROTOCOLProtocol used by the monitor that triggered the incident
$MONITOR_REQUESTObject containing request information for the monitor that triggered the incident
$MONITOR_REGIONSArray of regions where the monitor that triggered the incident is running
$MONITOR_INTERVALInterval in seconds between each check for the monitor that triggered the incident
$MONITOR_INCIDENT_CONFIRMATIONSNumber of confirmations required to trigger an incident for the monitor that triggered the incident
$MONITOR_RECOVERY_CONFIRMATIONSNumber of confirmations required to recover from an incident for the monitor that triggered the incident
$INCIDENT_IDId of the incident
$INCIDENT_SLUGSlug of the incident
$INCIDENT_TITLETitle of the incident
$INCIDENT_ERRORError message of the incident
$INCIDENT_STATEState of the incident
$INCIDENT_STATUSStatus of the incident
$INCIDENT_IMPACTImpact of the incident
$USER_IDId of the user who created the comment
$USER_EMAILEmail of the user who created the comment
$INCIDENT_COMMENT_IDId of the comment
$INCIDENT_COMMENT_CONTENTContent of the comment
VariableValue
$PROJECT_IDId of the project this incident belongs to
$PROJECT_NAMEName of the project this incident belongs to
$PROJECT_SLUGSlug of the project this incident belongs to
$MONITOR_IDId of the monitor that triggered the incident
$MONITOR_NAMEName of the monitor that triggered the incident
$MONITOR_STATUSStatus of the monitor that triggered the incident
$MONITOR_PROTOCOLProtocol used by the monitor that triggered the incident
$MONITOR_REQUESTObject containing request information for the monitor that triggered the incident
$MONITOR_REGIONSArray of regions where the monitor that triggered the incident is running
$MONITOR_INTERVALInterval in seconds between each check for the monitor that triggered the incident
$MONITOR_INCIDENT_CONFIRMATIONSNumber of confirmations required to trigger an incident for the monitor that triggered the incident
$MONITOR_RECOVERY_CONFIRMATIONSNumber of confirmations required to recover from an incident for the monitor that triggered the incident
$INCIDENT_IDId of the incident
$INCIDENT_SLUGSlug of the incident
$INCIDENT_TITLETitle of the incident
$INCIDENT_ERRORError message of the incident
$INCIDENT_STATEState of the incident
$INCIDENT_STATUSStatus of the incident
$INCIDENT_IMPACTImpact of the incident
$USER_IDId of the user who published the update
$USER_EMAILEmail of the user who published the update
$INCIDENT_UPDATE_IDId of the update
$INCIDENT_UPDATE_STATEState of the update
$INCIDENT_UPDATE_CONTENTContent of the update

Webhook security

Trust but verify! Phare outgoing webhooks come with built-in security through HMAC-SHA256 signatures. This ensures the payloads you receive:
  1. Actually came from Phare
  2. Haven’t been tampered with in transit
  3. Aren’t being replayed from previous requests
To verify a webhook’s authenticity, compute the HMAC-SHA256 of this concatenated string:
{version}.{timestamp}.{payload}
The version is always v0 (this will be bumped if the algorithm ever change). You’ll find the timestamp in the X-Phare-Request-Timestamp header and the signature in the X-Phare-Request-Signature header. Here are some code examples to help you implement verification:
const crypto = require('crypto');

app.post('/webhook', (req, res) => {
    const secret = 'your-signing-secret';
    const version = 'v0';
    const timestamp = req.headers['x-phare-request-timestamp'];
    const signature = req.headers['x-phare-request-signature'];

    const payload = version + ':' + timestamp + ':' + JSON.stringify(req.body);

    const hash = crypto.createHmac('sha256', secret)
        .update(payload)
        .digest('hex');

    if (hash === signature) {
        console.log('Signature verified');
    } else {
        console.log('Signature verification failed');
    }
})
Pro security tip: Always check that the timestamp isn’t too old, it is recommended to reject a webhook older than 5 minutes to prevent replay attacks.

Retry policy

Network hiccups happen, which is why Phare outgoing webhooks don’t give up easily. If your endpoint doesn’t respond with a 2xx status code within 30 seconds, it will be retried up to five times using an exponential backoff strategy:
  1. First attempt: Immediate delivery
  2. First retry: After 1 minute
  3. Second retry: After 5 minutes
  4. Third retry: After 10 minutes
  5. Final retry: After 1 hour
This means that from first attempt to last retry, your webhook could arrive anytime within a 1 hour and 18 minute window (including timeouts).

Debugging

Webhooks not working as expected? Logs are available with the request and response details making troubleshooting a breeze, you only need to click the row you would like to inspect.
Outgoing webhooks logs
I