Custom Webhook Integration

Prerequisites

Permission to add integrations in Corelayer
A monitoring or alerting tool that can send HTTP POST requests
Access to run curl, Postman, or another HTTP client from the same network as your alert sender

Step-by-Step Setup

1. Navigate to Integrations

In your Corelayer dashboard, go to the Integrations page.

2. Add Custom Webhook

Click the Add Integration button and select Custom Webhook from the list of available integrations. Enter a name for the alert source, such as Grafana Production, Alertmanager, or Internal Monitor.

3. Copy the Webhook Details

Corelayer will generate:

A webhook URL
A bearer token
A sample alert payload
A ready-to-copy curl command

The bearer token is shown during setup. Store it somewhere secure before closing the setup modal.

4. Verify the Webhook

Run the generated curl command from a machine that can reach the webhook endpoint. For customer-hosted Corelayer deployments, this can be a machine inside your private network. Corelayer marks the webhook as verified after it receives a valid test request.

5. Configure Your Alert Sender

Configure your monitoring tool to send alert payloads to the webhook URL. Include the bearer token in the Authorization header:

Authorization: Bearer <your-token>

Set the request content type to JSON:

Content-Type: application/json

Alert Payload Format

Custom Webhook expects a canonical JSON alert payload.

{
  "id": "checkout-500-rate",
  "action": "trigger",
  "time": "2026-05-17T12:00:00Z",
  "name": "Checkout API 500 rate is elevated",
  "message": "5xx rate crossed 5% for checkout-api",
  "description": "Optional longer alert body",
  "severity": "high",
  "source": "grafana",
  "sourceUrl": "https://grafana.example.com/alerting/...",
  "fingerprint": "checkout-api:5xx-rate:prod",
  "labels": {
    "service": "checkout-api",
    "environment": "prod"
  }
}

Required Fields

Field	Description
`id`	Unique alert identifier from your alerting system
`action`	Alert action: `trigger`, `resolve`, or `acknowledge`
`time`	Alert timestamp as a valid date string
`name`	Short alert name
`message`	Alert message or summary

Optional Fields

Field	Description
`description`	Longer alert details
`severity`	`critical`, `high`, `medium`, `low`, or `info`. Defaults to `info`
`source`	Name of the alerting system
`sourceUrl`	Link back to the alert in the source system
`fingerprint`	Stable deduplication key for repeated alerts
`labels`	Key-value labels such as service, environment, region, or team

How Corelayer Handles Alerts

When Corelayer receives a valid alert:

trigger alerts start a Corelayer investigation.
Duplicate trigger alerts with the same fingerprint are accepted but ignored for a short deduplication window.
resolve and acknowledge alerts are accepted and recorded, but do not automatically close Corelayer issues yet.

Managing Webhooks

You can create multiple Custom Webhook sources from the Custom Webhook integration page. For each source, you can:

Copy the webhook URL
Reset the bearer token
Reverify the webhook after a token reset
Enable or disable the webhook
Delete the webhook source

Disabling a webhook keeps its URL and token configuration in Corelayer, but Corelayer stops processing incoming alerts for that source until you enable it again.

Customer-Hosted Deployments

For customer-hosted Corelayer deployments, the webhook URL should point to the Corelayer server in your environment. The endpoint does not need to be publicly reachable if your alert sender is also inside your network. It only needs to be reachable from the system sending the alerts. If you use a cloud-hosted alerting tool, such as Grafana Cloud or Datadog, make sure the webhook endpoint is reachable from that service.

Troubleshooting

Verification Does Not Complete

Confirm the generated curl command was run against the exact webhook URL shown in Corelayer
Confirm the bearer token was copied correctly
Confirm your request includes Content-Type: application/json
For private deployments, run the test from a machine that can reach the customer-hosted Corelayer server

Webhook Returns 401

The bearer token is missing or incorrect. Reset the token in Corelayer, update your alert sender, and run the generated reverify command.

Webhook Returns 403

The webhook may be disabled. Open the Custom Webhook integration page and enable the webhook source.

Webhook Returns 400

The JSON payload is malformed or does not match the required alert schema. Check the required fields and supported action and severity values. Need help? Contact support for assistance with your Custom Webhook integration.

Documentation Index

​Prerequisites

​Step-by-Step Setup

​1. Navigate to Integrations

​2. Add Custom Webhook

​3. Copy the Webhook Details

​4. Verify the Webhook

​5. Configure Your Alert Sender

​Alert Payload Format

​Required Fields

​Optional Fields

​How Corelayer Handles Alerts

​Managing Webhooks

​Customer-Hosted Deployments

​Troubleshooting

​Verification Does Not Complete

​Webhook Returns 401

​Webhook Returns 403

​Webhook Returns 400