HomePlatformSolutionsArcIn AIResourcesCustomers
Login Request Demo Free Trial →

Webhooks

Webhooks deliver events to any HTTPS endpoint you control. Each request is signed so you can verify it came from Applicare before acting on it.

🕐 4 min readv7.xUpdated Jun 2026

Registering a webhook#

Under Settings → Webhooks, add an endpoint URL, choose the event types, and copy the signing secret. You can also register via API:

curl -X POST -H "Authorization: Bearer $ARC_TOKEN" \
  -d '{"url":"https://hooks.yourco.com/arc","types":["alert.fired","incident.opened"]}' \
  https://applicare.yourco.com/api/v1/webhooks

Verifying the signature#

Every request includes an X-Arc-Signature header — an HMAC-SHA256 of the body using your signing secret. Reject any request whose signature doesn't match.

sig = hmac_sha256(secret, request.body)
if not constant_time_equals(sig, header["X-Arc-Signature"]):
    return 401

Retries#

Non-2xx responses are retried with exponential backoff for up to 24 hours. Return 2xx quickly and process asynchronously to avoid timeouts. See Alert Configuration to route specific alerts to a webhook channel.

Was this page helpful?
Can't find what you need?
Ask ArcIn or reach our support engineers.
Contact Support →