Docs

Receive signed certificate events.

Signed webhooks are useful when certificate events should create tickets, update inventories, or enter incident routing.

Alert route

Critical warnings are routed

Slack + email

Expiry, validation, and certificate-change events keep the route and delivery attempts attached to the hostname.

SeverityFinal-week expiry
Slack#certificates delivered
WebhookSigned payload ready
Alert routing

Route warnings by workspace, hostname, channel, and severity.

Alert routes show which events go to Slack, email, or signed webhooks before a missed warning becomes a second problem.

01

Signature

Webhook bodies are signed as timestamp plus request body with HMAC-SHA256. Receivers should reject old timestamps and mismatched signatures before acting on the payload.

  • Verify against the raw request body.
  • Reject stale timestamps before processing the event.
  • Rotate secrets when receiver access changes.
Node.js signature verification example
import crypto from "node:crypto";

function verifyWebhook({ rawBody, timestamp, signature, secret }) {
  const signed = `${timestamp}.${rawBody}`;
  const expected = crypto.createHmac("sha256", secret).update(signed).digest("hex");
  const actual = signature.replace(/^sha256=/, "");
  return crypto.timingSafeEqual(Buffer.from(expected, "hex"), Buffer.from(actual, "hex"));
}
02

Replay tolerance

Use the timestamp header to reject stale deliveries outside the documented tolerance window. Store recent delivery identifiers if your receiver needs stronger idempotency.

03

Retries

Temporary HTTP or network failures retry on the alert delivery schedule. Permanent validation failures and repeated delivery failures become visible in delivery logs.

04

Payload fields

Events include monitor identity, event type, severity, relevant certificate fields when available, and the channel setting that triggered delivery.

  • Use monitor identity to connect the event to inventory.
  • Use severity to decide whether the receiver should create a ticket or update state.
  • Use certificate fields when available to avoid a second lookup.
Typical webhook payload fields
FieldUse
event_idUse for idempotency and replay-safe processing.
event_typeRoute expiry, validation, and certificate-change events differently.
severityDecide whether to create a ticket, incident, or inventory update.
monitor.hostnameConnect the event to your service or asset inventory.
certificateUse issuer, SANs, fingerprint, validity, and chain details when available.
delivery_idCorrelate receiver logs with Domain Trust Watch delivery attempts.
Need a live read first?

Check the endpoint before changing monitor settings.

Run the checker when you need to confirm the served certificate, then use the docs for setup details.