Webhooks#

Webhooks let Reply CMP push notifications to external HTTP endpoints when an Alert Rule fires or resolves. Use webhooks to integrate with incident management tools, custom receivers, or Microsoft Teams.

Navigate: left navigation → Administration → Webhooks.

Channel types#

Type

Protocol

Use case

Webhook

HTTPS POST with JSON payload and optional HMAC-SHA256 signature

Custom receivers, Slack (via incoming webhooks), Opsgenie, etc.

Microsoft Teams

HTTPS POST with a MessageCard JSON payload

Microsoft Teams channel connectors

PagerDuty

PagerDuty Events API v2

Native PagerDuty incident creation and auto-resolution

Creating a webhook#

  1. Navigate to Administration → Webhooks

  2. Click “+ New webhook”

  3. Fill in the form:

Field

Description

Name

Required. A recognisable label for this endpoint (max 64 characters)

Type

Webhook, Microsoft Teams, or PagerDuty

URL

The HTTPS endpoint URL. Private IP addresses are not allowed. Not required for PagerDuty

Signing secret

(Webhook only) Optional. If provided, each request includes an X-Reply-CMP-Signature header with an HMAC-SHA256 of the payload body using this secret

Routing key

(PagerDuty only) Required. The 32-character integration routing key from your PagerDuty service

  1. Click “Test” to send a sample payload and verify connectivity before saving

Testing connectivity#

Use the Test button (on the edit page of a saved webhook) or the Ping panel (when creating a new webhook) to send a test payload to the URL. The result shows the HTTP status code and any error message returned by the target endpoint.

Attaching a webhook to an alert rule#

To route Alert Rule notifications to a webhook:

  1. Open the Alert Rule → Edit

  2. In the Notifications section, select one or more registered webhooks from the Webhooks picker

  3. Save the rule

Multiple rules can share the same webhook endpoint. Multiple webhooks can be attached to the same rule.

Delivery history#

Each webhook keeps a history of the last 200 delivery attempts. Navigate to a webhook → “Deliveries” tab to see:

Column

Description

Timestamp

When the delivery was attempted

Event type

e.g. AlertRule.Fired, AlertRule.Resolved, Test

Status

Success or Failed

HTTP status code

The response status returned by the target endpoint

Error message

Set when the request failed or timed out

Enable / disable#

Toggle the Enabled switch on the webhook list or detail page to pause deliveries temporarily. Disabled webhooks are skipped even if attached to active rules — no deliveries are queued.

Deleting a webhook#

Deleting a webhook removes it from all alert rules it is attached to. Existing delivery history is also deleted.

Attention

Deleting a webhook cannot be undone. Detach it from all rules before deleting if you want to preserve the delivery history.

Quota#

Each tenant can register up to 20 webhooks. Contact your administrator if you need to increase the limit.

Security#

  • HTTPS required: all webhook URLs must use https://. Plain HTTP is rejected.

  • No private IPs: URLs that resolve to private address ranges (RFC 1918, loopback, link-local) are rejected to prevent Server-Side Request Forgery (SSRF) attacks.

  • HMAC signing: for generic Webhook type channels, set a signing secret to authenticate requests. Verify the X-Reply-CMP-Signature header on the receiving side using HMAC-SHA256 over the raw request body.

PagerDuty integration#

The native PagerDuty channel uses the PagerDuty Events API v2 to create and resolve incidents directly, without needing a generic webhook receiver.

Setup steps:

  1. In PagerDuty, navigate to Services → Service Directory and open the target service

  2. Go to Integrations → Add integration → Events API v2

  3. Copy the Integration Key (32-character hex string) — this is the routing key

  4. In Reply CMP, create a webhook with Type = PagerDuty and paste the routing key into the Routing key field

  5. Click Test to trigger a test incident in PagerDuty

Behaviour:

  • When an Alert Rule fires, Reply CMP sends a trigger event to PagerDuty, opening an incident with the rule name, evaluated value, and severity

  • When the Alert Rule resolves, Reply CMP sends a resolve event, automatically closing the incident

  • The dedup key used for auto-resolution is derived from the Alert Rule ID — each rule maps to at most one open PagerDuty incident at a time

Note

The PagerDuty channel respects the same 30-minute notification cooldown as other channel types. If the alert continues firing without resolving, a new incident is not opened until the cooldown window expires.

Troubleshooting#

For troubleshooting guidance on failed deliveries and connectivity issues, see Troubleshooting → Webhook Errors.