Webhooks#

Webhooks let Reply CMP push notifications to external HTTP endpoints when an Alert Rule fires or resolves. Use webhooks to integrate with incident management tools, custom receivers, or Microsoft Teams.

Navigate: left navigation → Administration → Webhooks.

Channel types#

Type

Protocol

Use case

Webhook

HTTPS POST with JSON payload and optional HMAC-SHA256 signature

Custom receivers, Slack (via incoming webhooks), PagerDuty, Opsgenie, etc.

Microsoft Teams

HTTPS POST with a MessageCard JSON payload

Microsoft Teams channel connectors

Creating a webhook#

  1. Navigate to Administration → Webhooks

  2. Click “+ New webhook”

  3. Fill in the form:

Field

Description

Name

Required. A recognisable label for this endpoint (max 64 characters)

Type

Webhook or Microsoft Teams

URL

The HTTPS endpoint URL. Private IP addresses are not allowed

Signing secret

(Webhook only) Optional. If provided, each request includes an X-Reply-CMP-Signature header with an HMAC-SHA256 of the payload body using this secret

  1. Click “Test” to send a sample payload and verify connectivity before saving

Testing connectivity#

Use the Test button (on the edit page of a saved webhook) or the Ping panel (when creating a new webhook) to send a test payload to the URL. The result shows the HTTP status code and any error message returned by the target endpoint.

Attaching a webhook to an alert rule#

To route Alert Rule notifications to a webhook:

  1. Open the Alert Rule → Edit

  2. In the Notifications section, select one or more registered webhooks from the Webhooks picker

  3. Save the rule

Multiple rules can share the same webhook endpoint. Multiple webhooks can be attached to the same rule.

Delivery history#

Each webhook keeps a history of the last 200 delivery attempts. Navigate to a webhook → “Deliveries” tab to see:

Column

Description

Timestamp

When the delivery was attempted

Event type

e.g. AlertRule.Fired, AlertRule.Resolved, Test

Status

Success or Failed

HTTP status code

The response status returned by the target endpoint

Error message

Set when the request failed or timed out

Enable / disable#

Toggle the Enabled switch on the webhook list or detail page to pause deliveries temporarily. Disabled webhooks are skipped even if attached to active rules — no deliveries are queued.

Deleting a webhook#

Deleting a webhook removes it from all alert rules it is attached to. Existing delivery history is also deleted.

Attention

Deleting a webhook cannot be undone. Detach it from all rules before deleting if you want to preserve the delivery history.

Quota#

Each tenant can register up to 20 webhooks. Contact your administrator if you need to increase the limit.

Security#

  • HTTPS required: all webhook URLs must use https://. Plain HTTP is rejected.

  • No private IPs: URLs that resolve to private address ranges (RFC 1918, loopback, link-local) are rejected to prevent Server-Side Request Forgery (SSRF) attacks.

  • HMAC signing: for generic Webhook type channels, set a signing secret to authenticate requests. Verify the X-Reply-CMP-Signature header on the receiving side using HMAC-SHA256 over the raw request body.

Troubleshooting#

For troubleshooting guidance on failed deliveries and connectivity issues, see Troubleshooting → Monitoring Errors.