Webhooks
Webhooks deliver events to any HTTPS endpoint you control. Each request is signed so you can verify it came from Applicare before acting on it.
Registering a webhook#
Under Settings → Webhooks, add an endpoint URL, choose the event types, and copy the signing secret. You can also register via API:
curl -X POST -H "Authorization: Bearer $ARC_TOKEN" \
-d '{"url":"https://hooks.yourco.com/arc","types":["alert.fired","incident.opened"]}' \
https://applicare.yourco.com/api/v1/webhooksVerifying the signature#
Every request includes an X-Arc-Signature header — an HMAC-SHA256 of the body using your signing secret. Reject any request whose signature doesn't match.
sig = hmac_sha256(secret, request.body)
if not constant_time_equals(sig, header["X-Arc-Signature"]):
return 401Retries#
Non-2xx responses are retried with exponential backoff for up to 24 hours. Return 2xx quickly and process asynchronously to avoid timeouts. See Alert Configuration to route specific alerts to a webhook channel.
Was this page helpful?
Related
Can't find what you need?
Ask ArcIn or reach our support engineers.