Custom Webhooks
Send monitoring events to any HTTP endpoint using custom webhooks. Perfect for integrating with custom tools, ticketing systems, incident management platforms, or automation workflows.
Pro Feature
Custom webhooks are available on Pro and Business plans.
Webhook Payload
When an event occurs, we'll send a POST request to your endpoint with a JSON payload:
{
"event": "monitor.down",
"timestamp": "2026-01-26T12:00:00Z",
"monitor": {
"id": 123,
"name": "My Website",
"url": "https://example.com"
},
"status": {
"current": "offline",
"previous": "online",
"root_cause": "HTTP 503 Service Unavailable",
"region": "ash",
"is_regional_issue": false
},
"incident": {
"id": 456,
"started_at": "2026-01-26T12:00:00Z"
}
}
Event Types
monitor.down— HTTP monitor went offlinemonitor.up— HTTP monitor recovered and is back onlinemonitor.ping_failed/monitor.ping_recovered— ICMP ping reachability changedmonitor.port_failed/monitor.port_recovered— TCP port reachability changedmonitor.heartbeat_missed/monitor.heartbeat_recovered— heartbeat or cron job missed or resumedmonitor.keyword_found/monitor.keyword_missing/monitor.keyword_resolved— keyword-check transitionsmonitor.json_assertion_failed/monitor.json_assertion_resolved— JSON response-body assertion transitions
Request Headers
Every webhook request includes the following headers:
Content-Type: application/jsonUser-Agent: Sentinel Webhook/1.0X-Webhook-Signature: sha256=<signature>(if secret configured)
Security
- Webhook URLs must use HTTPS (HTTP not allowed)
- Add a signing secret to verify requests are from Sentinel
- Generate a secret automatically or use your own (min 16 characters)
- Signatures are sent in the
X-Webhook-Signatureheader - 10 second timeout on webhook requests
Signature Verification
If you configure a webhook secret, we sign all payloads using HMAC-SHA256. Verify signatures to ensure requests are authentic:
// Node.js example
const crypto = require('crypto');
function verifySignature(payload, signature, secret) {
const expected = 'sha256=' + crypto
.createHmac('sha256', secret)
.update(JSON.stringify(payload))
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}