|
| 1 | +--- |
| 2 | +title: Webhooks |
| 3 | +description: Learn how to use webhooks in Cachet. |
| 4 | +icon: plug |
| 5 | +--- |
| 6 | + |
| 7 | +Cachet can be configured to notify external services of various events using webhooks. Webhooks are HTTP callbacks |
| 8 | +that are triggered by specific events. When an event occurs, Cachet sends an HTTP `POST` request to the configured URL |
| 9 | +with a JSON payload containing information about the event. Webhooks consist of: |
| 10 | + |
| 11 | +- **Payload URL**: The URL that Cachet will send the webhook to. |
| 12 | +- **Secret**: A secret key that is used to sign the webhook payload. This can be used to verify that the payload was sent by |
| 13 | + Cachet and not a third party. |
| 14 | +- **Events**: The events that will trigger the webhook. |
| 15 | + |
| 16 | +The Cachet dashboard provides a user-friendly interface for managing webhooks. You can add, edit, and delete webhooks |
| 17 | +from the "Manage Webhooks" page. |
| 18 | + |
| 19 | +### Supported Events |
| 20 | + |
| 21 | +Cachet currently supports the following events: |
| 22 | + |
| 23 | +- `component_created` |
| 24 | +- `component_updated` |
| 25 | +- `component_deleted` |
| 26 | +- `component_status_changed` |
| 27 | +- `incident_created` |
| 28 | +- `incident_updated` |
| 29 | +- `incident_deleted` |
| 30 | +- `metric_created` |
| 31 | +- `metric_updated` |
| 32 | +- `metric_deleted` |
| 33 | +- `metric_point_created` |
| 34 | +- `metric_point_deleted` |
| 35 | +- `subsciber_created` |
| 36 | +- `subscriber_unsubscribed` |
| 37 | +- `subscribed_verified` |
| 38 | + |
| 39 | +<Tip> |
| 40 | + Cachet may add more events in the future. Check the latest documentation for the most up-to-date list of supported events. |
| 41 | +</Tip> |
| 42 | + |
| 43 | +## Receiving Webhooks |
| 44 | + |
| 45 | +### User Agent |
| 46 | + |
| 47 | +Cachet will send a `User-Agent` header with the request. The value of the `User-Agent` header will be: |
| 48 | + |
| 49 | +``` |
| 50 | +Cachet/3.0 Webhook (+https://docs.cachethq.io) |
| 51 | +``` |
| 52 | + |
| 53 | +### Payload |
| 54 | + |
| 55 | +The payload sent by Cachet will contain information about the event that triggered the webhook. The payload will be a JSON |
| 56 | +object with the following structure: |
| 57 | + |
| 58 | +```json |
| 59 | +{ |
| 60 | + "event": "incident_updated", |
| 61 | + "body": { |
| 62 | + "id": 3, |
| 63 | + "component_id": null, |
| 64 | + "name": "Test", |
| 65 | + "status": 2, |
| 66 | + "message": "sdsd", |
| 67 | + "created_at": "2025-01-09T13:44:30.000000Z", |
| 68 | + "updated_at": "2025-01-09T13:49:54.000000Z", |
| 69 | + "deleted_at": null, |
| 70 | + "visible": 1, |
| 71 | + "stickied": false, |
| 72 | + "occurred_at": null, |
| 73 | + "user_id": 1, |
| 74 | + "notifications": false, |
| 75 | + "guid": "19801cb7-883c-490e-8569-e552b013b2cc", |
| 76 | + "external_provider": null, |
| 77 | + "external_id": null |
| 78 | + } |
| 79 | +} |
| 80 | +``` |
| 81 | + |
| 82 | +## Signature Verification |
| 83 | + |
| 84 | +When a webhook is triggered, Cachet will send a `Signature` header with the request. This header is used to verify that |
| 85 | +data was not tampered with during transit. The signature is computed by hashing the request body with the secret key and |
| 86 | +comparing it to the value in the `Signature` header. |
| 87 | + |
| 88 | +### Verifying Signatures |
| 89 | + |
| 90 | +```php |
| 91 | +$configuredSigningSecret = 'your-signing-secret'; |
| 92 | + |
| 93 | +$computedSignature = hash_hmac('sha256', $request->getContent(), $configuredSigningSecret); |
| 94 | + |
| 95 | +if ($computedSignature !== $request->header('Signature')) { |
| 96 | + abort(500); |
| 97 | +} |
| 98 | +``` |
0 commit comments