← Back to reference

Webhook Reference

Generic Format

POST JSON body with these top-level fields:

{
  "title": "Xid 79 on node-3",
  "text": "deterministic finding",
  "severity": "critical",
  "details": { /* arbitrary JSON */ },
  "tags": ["xid-79", "gpu"],
  "source": "denpex-control-plane",
  "tenant": "acme",
  "dedup_key": "xid-79-node-3-1700000000"
}

Per-Destination Adapters

See agents/denpex-platform/src/observability.rs for the exact payload shapes.

DestinationField mapping
TeamsMessageCard with themeColor, title, text
PagerDutyevent_action=trigger, payload.summary, payload.severity
Opsgeniemessage, priority (P1-P4), source, tags
ServiceNowshort_description, urgency, impact, assignment_group
Jirafields.project.key, fields.summary, fields.priority
CustomRaw JSON body with X-Denpex-Signature: sha256=<hmac> header

Auth

DestinationHeader
Teams(none; URL-embedded secret)
PagerDutyAuthorization: Token token=<routing-key>
OpsgenieAuthorization: GenieKey <key>
ServiceNowAuthorization: Basic <base64(user:pass)>
JiraAuthorization: Basic <base64(email:api_token)>
CustomX-Denpex-Signature: sha256=<hex> (HMAC-SHA-256)

HMAC Verification

When a custom webhook is configured with hmac_secret:

  1. Compute HMAC-SHA-256 of the raw body using the shared secret.
  2. Hex-encode.
  3. Send as X-Denpex-Signature: sha256=<hex>.

The receiver verifies by:

  1. Reading the raw body.
  2. Computing the same HMAC.
  3. Comparing constant-time.

Reference implementation in agents/denpex-platform/src/observability.rs::hmac_sha256_hex.

Retries

Failed deliveries are retried up to 5 times with exponential backoff (1s, 2s, 4s, 8s, 16s). On the final failure the audit log records delivery_failed with a hash chain entry.

Throttling

Per-destination rate limit:

DestinationDefault
PagerDuty30 msg/sec
Opsgenie50 msg/sec
Jira5 msg/sec
Customconfigurable

Exceeding the rate limit causes a 1-second sleep; the audit log records delivery_throttled.