Webhook.

Webhook

Generic webhooks land at any URL with an HMAC-SHA256 signature in the `X-Webhook-Signature` header. Use them to feed CheckUpstream events into a custom event bus, an internal incident system, or a serverless function.

Setup.

1
Open Settings → Webhooks
Click **Add webhook** and paste the destination URL. Save the auto-generated **signing secret** somewhere safe — it's what your endpoint validates incoming requests against.
2
Pick events
Subscribe to the specific events you want (`incident.created`, `incident.updated`, `incident.resolved`, `service.status_changed`, `dependency.risk_changed`, `alert.triggered`, `telemetry.anomaly`).
3
Verify the signature on every request
Compute HMAC-SHA256 of the raw request body using your signing secret and compare against `X-Webhook-Signature` in constant time. Reject anything that doesn't match — even leaked URLs are useless without the secret.

Verify a webhook signature (Node.js).

verify.ts

import crypto from "node:crypto";

export function verifySignature(
  body: string,
  signature: string,
  secret: string,
): boolean {
  const expected =
    "sha256=" +
    crypto.createHmac("sha256", secret).update(body).digest("hex");
  if (signature.length !== expected.length) return false;
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected),
  );
}

Warning

Don't trust the IP address or hostname of the sender — only the signature. CheckUpstream retries failed deliveries, so your endpoint must be idempotent for at least 24 hours.

Configure in dashboard

When you've followed the steps above, open the settings page to wire it up.

Open Settings

Webhooks reference Slack recipe

Ship reliable upstream.

Drop the SDK in, point it at your project key, and start seeing live upstream telemetry inside the dashboard.

Get an SDK Key Browse all recipes