Skip to main content
You can configure Cachet to notify external services of various events using webhooks. Webhooks are HTTP callbacks triggered by specific events. When an event occurs, Cachet sends an HTTP POST request to the configured URL with a JSON payload containing information about the event. Webhooks consist of:
  • Payload URL: The URL that Cachet will send the webhook to.
  • Secret: A secret key used to sign the webhook payload. Use it to verify that the payload came from Cachet and not a third party.
  • Events: The events that will trigger the webhook.
The Cachet dashboard provides a user-friendly interface for managing webhooks. You can add, edit, and delete webhooks from the “Manage Webhooks” page.

Supported events

Cachet currently supports the following events:
  • component_created
  • component_updated
  • component_deleted
  • component_status_changed
  • incident_created
  • incident_updated
  • incident_deleted
  • metric_created
  • metric_updated
  • metric_deleted
  • metric_point_created
  • metric_point_deleted
  • subscriber_created
  • subscriber_unsubscribed
  • subscriber_verified
Cachet may add more events in the future. Check the latest documentation for the most up-to-date list of supported events.

Receiving webhooks

User agent

Cachet will send a User-Agent header with the request. The value of the User-Agent header will be:
Cachet/3.0 Webhook (+https://docs.cachethq.io)

Payload

The payload Cachet sends contains information about the event that triggered the webhook. The payload is a JSON object with the following structure:
{
  "event": "incident_updated",
  "body": {
    "id": 3,
    "component_id": null,
    "name": "Test",
    "status": 2,
    "message": "We have identified the issue and are working on a fix.",
    "created_at": "2025-01-09T13:44:30.000000Z",
    "updated_at": "2025-01-09T13:49:54.000000Z",
    "deleted_at": null,
    "visible": 1,
    "stickied": false,
    "occurred_at": null,
    "user_id": 1,
    "notifications": false,
    "guid": "19801cb7-883c-490e-8569-e552b013b2cc",
    "external_provider": null,
    "external_id": null
  }
}

Signature verification

When a webhook fires, Cachet sends a Signature header with the request. Use this header to verify the data was not modified in transit. Cachet computes the signature by hashing the request body with the secret key. To verify it, compute the same hash and compare it to the value in the Signature header.

Verifying signatures

$configuredSigningSecret = 'your-signing-secret';

$computedSignature = hash_hmac('sha256', $request->getContent(), $configuredSigningSecret);

if ($computedSignature !== $request->header('Signature')) {
    abort(500);
}