Webhook Notification

Notification sent via a webhook URL

Webhook Notifications

A webhook notification is a way for StatusCast to trigger a script with data to help with advanced alert handling, sent via a URL when an incident is created or updated.

  "Id": 316797,
  "DateCreated": "2022-02-16T18:45:44.927",
  "IncidentType": "ServiceUnavailable",
  "Status": "InProgress",
  "Title": "Interstellar API is down!!",
  "AutoGeneratedId": null,
  "StartDate": "2022-02-16T18:45:30",
  "EndDate": null,
  "ShortUrl": null,
  "ExternalId": "",
  "EstimatedDurationMinutes": null,
  "Posts": [
      "Id": 651604,
      "Text": "<p>The Interstellar API is down!! We are pretty sure that intergalactic travel and GET requests won't return anything. POSTs might as well be done to your local blackhole. We'll update when we have news.&nbsp;<br></p>",
      "Date": "2022-02-16T18:45:30",
      "IsPublished": true,
      "IncidentPostType": 5,
      "NewComponentStatus": 4,
      "ComponentStatusOverrides": [],
      "CustomFieldList": []
  "AffectedComponents": [
      "Id": 214709,
      "Name": "RH-2",
      "ImageUrl": null,
      "DirectlyEffected": false
      "Id": 348361,
      "Name": "RH-1",
      "ImageUrl": null,
      "DirectlyEffected": false
      "Id": 214708,
      "Name": "Rhea Servers",
      "ImageUrl": null,
      "DirectlyEffected": false
      "Id": 348360,
      "Name": "Saturn",
      "ImageUrl": null,
      "DirectlyEffected": false
      "Id": 348359,
      "Name": "Interstellar API",
      "ImageUrl": null,
      "DirectlyEffected": true
  "CustomFieldList": [],
  "Groups": []

Webhook Elements List

Here is a list of the elements that are included in the webhook:




Incident identifier.


Date the event was created in StatusCast(not the start date of the event)


The type of event that was created; Incident, Informational, or Maintenance


Status of the incident.


The title or subject of the incident.


The custom ID if using custom incident IDs. Null if feature is disabled


The date the incident started.


The date the incident ended. Value may be NULL if incident is ongoing.


A shortened URL pointing to the incident details page of the event in question.


The external identifier of the incident. Used by default when beacons generate incidents from outside resources.


The entered value for estimated time if the event is a maintenance. Will be NULL for non-maintenance events.


An array of StautsCast Post objects related to this event. Post objects contain an ID, message text, published date, post type, component status, component status override, and custom field values


An array of StatusCast Affected Component objects related to this event. Affected components include their ID, display name, icon URI, and whether are directly effected. Directly effected components generally are children components where as indirectly effected are their parent components.


List of the custom fields included in the incident. Value may be NULL if incident is ongoing or if custom field values have not been entered.


A list of impacted group names if subscriber has access. May be NULL if no groups are used within an event or account.

Note: all these elements are included in every webhook, but not all my have data depending on the status of the incident.

Webhook Signatures

As an added method of security StatusCast can add a signatures to the header of webhook notifications. This is only available in the Settings > Integrations > Webhook feature and is not accessible to subscribers who subscribed via webhook. To enable this integration click Install on the Webhook card.


Enter your Webhook URL endpoint and select the Use Signature Header box. Your integration will include a Public Key and Private Key. StatusCast follows the HMAC authentication workflow by adding the following header pattern:

"X-StatusCast-Signature" Header in format "{PublicKey}:{Signature}:{Nonce}:{timestamp}"

Using SHA256 your server will need to extract the values (Public Key, Signature, Nonce and Request Time stamp) from the Authorization header to validate its authenticity.

What’s Next