How to Set Up Webhook Alerts
Webhooks let you pipe ElasticDomain alerts into any system — PagerDuty, OpsGenie, Zapier, Make, or your own backend. Complete setup guide with payload structure and HMAC verification.
How to Set Up Webhook Alerts
Webhooks are the most flexible alert channel. Instead of a fixed destination like email or Slack, a webhook fires an HTTP POST to any URL you specify — letting you route alerts into incident management tools, automation platforms, or your own backend.
Adding a Webhook Channel
- Go to Settings → Alert Channels.
- Click Add Channel and select Webhook.
- Enter your endpoint URL (must be HTTPS).
- Optionally add custom HTTP headers (e.g., Authorization: Bearer your-token).
- Click Send Test Payload to verify your endpoint receives the request.
- Save the channel.
The Webhook Payload
Every webhook delivers a JSON object via HTTP POST with Content-Type: application/json.
Example payload
{
"event": "ssl.expiry_warning",
"severity": "high",
"timestamp": "2026-03-15T08:32:00Z",
"domain": {
"id": "dom_abc123",
"name": "example.com",
"type": "OWNED",
"workspace": "my-workspace"
},
"alert": {
"ruleId": "rule_xyz789",
"ruleName": "SSL Expiry - 14 Day Warning",
"message": "SSL certificate for example.com expires in 13 days.",
"details": {
"expiresAt": "2026-03-28T23:59:59Z",
"issuer": "Let's Encrypt",
"daysRemaining": 13
}
}
}
Event types
| Event | Description |
|---|---|
| ssl.expiry_warning | SSL certificate expiry threshold crossed |
| ssl.expired | Certificate has expired |
| domain.expiry_warning | Domain registration expiry threshold |
| domain.expired | Domain has expired |
| blacklist.detected | Domain found on blacklists |
| dns.change_detected | DNS record change detected |
| health.score_drop | Health score fell below threshold |
| uptime.down | Domain is unreachable |
| uptime.recovered | Domain is back online |
| whois.change_detected | WHOIS registrar or nameserver changed |
HMAC Signature Verification
ElasticDomain signs every webhook request so your endpoint can verify authenticity.
How it works
- A signing secret is generated when you create the channel (or provide your own).
- For each request, ElasticDomain computes: HMAC-SHA256(signingSecret, rawRequestBody)
- The signature is in the X-ElasticDomain-Signature header as a hex string.
Verification — Node.js
const crypto = require('crypto');
function verifyWebhook(rawBody, signature, secret) {
const expected = crypto
.createHmac('sha256', secret)
.update(rawBody)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature, 'hex'),
Buffer.from(expected, 'hex')
);
}
Always use timingSafeEqual — never compare signatures with ===.
Verification — Python
import hmac, hashlib
def verify_webhook(raw_body: bytes, signature: str, secret: str) -> bool:
expected = hmac.new(secret.encode(), raw_body, hashlib.sha256).hexdigest()
return hmac.compare_digest(expected, signature)
Integrating with Zapier
- In Zapier, create a Zap with trigger Webhooks by Zapier → Catch Hook.
- Copy the generated webhook URL.
- Add it as a Webhook channel in ElasticDomain.
- Send a test payload — Zapier captures and maps the fields.
- Build your action (Jira ticket, Slack message, Google Sheet, etc.).
Filter by the event field in Zapier to only trigger actions for specific alert types.
Integrating with Make (Integromat)
- Create a scenario with Webhooks → Custom webhook as the trigger.
- Copy the URL and add it as a Webhook channel in ElasticDomain.
- Send a test payload — Make auto-detects the structure.
- Add downstream modules.
Integrating with PagerDuty
Use PagerDuty's Events API v2:
- Create an Events API v2 integration on your PagerDuty service and copy the Integration Key.
- Use a Make/Zapier step to transform ElasticDomain's payload to PagerDuty's format (routing_key, payload.summary, payload.severity).
- POST to https://events.pagerduty.com/v2/enqueue.
Integrating with OpsGenie
- Create an API Integration in OpsGenie and note the API key.
- Use a Make/Zapier step to map fields: message, description, priority, tags.
- POST to https://api.opsgenie.com/v2/alerts with header Authorization: GenieKey your-key.
Retry Behavior
If your endpoint returns a non-2xx response, ElasticDomain retries with exponential backoff: 1 minute, 5 minutes, 15 minutes (3 attempts total). After all retries fail, the delivery is marked as failed and logged in alert history.
Your endpoint should return 200 quickly (under 5 seconds) — do processing asynchronously if needed.