Docs

Webhook alerts with verifiable signatures.

Webhook alert channels send a JSON incident payload to an HTTPS endpoint you control. Use them for custom incident routers, internal tools, or services such as Discord and Microsoft Teams when those services expose an incoming webhook URL. When you configure a signing secret, Luota signs each payload so your receiver can reject forged or replayed deliveries.

Back to docs Pricing

Packet record

Docs operating record

Reviewable

SurfaceWebhook alerts with verifiable signatures.Named

RecordWebhook alert channels send a JSON incident payload to an HTTPS endpoint you control. Use them for custom incident routers, internal tools, or services such as Discord and Microsoft Teams when those services expose an incoming webhook URL. When you configure a signing secret, Luota signs each payload so your receiver can reject forged or replayed deliveries.Visible

PathStatus, docs, pricing, and product screens point to the same record.Linked

ClaimNo certification, customer, or enterprise claim without a live surface.Plain

claim

state it plainly

record

show the source

check

make it inspectable

route

link the next action

history

keep the trail

What it proves

Each public page follows the same Luota grammar: a named claim, a visible record, a next action, and a retained trail.

ownerroutehistory

Destinations

Webhook alerts are generic HTTPS deliveries, not native Discord or Microsoft Teams integrations. Point the channel at your own receiver, an automation gateway, or an incoming webhook URL that accepts JSON. If a service requires a special payload shape, route Luota through a small adapter you control.

Headers

Signed deliveries include x-luota-timestamp with Unix seconds and x-luota-signature with sha256=<hex digest>. Unsigned webhook channels omit both headers.

Signing input

Compute HMAC_SHA256(secret, `${timestamp}.${rawBody}`). The rawBody must be the exact request body bytes before JSON parsing.

Replay window

Reject timestamps outside a five-minute clock-skew window, then compare signatures with a constant-time comparison.

Payload

The JSON body includes incidentId, subject, text, monitorName, and metadata. Treat additional fields as forward-compatible.

Native integrations

Slack and email are first-class alert destinations today. Webhooks cover custom receivers and webhook-compatible tools. Native Discord, Microsoft Teams, PagerDuty, and Opsgenie integrations will be added only when customer workflows make them worth supporting directly.

Need a concrete migration or monitoring pattern? Start with the docs, then adapt the payload to the evidence your operator needs.

Open integration docs