Skip to content

Outbound Webhooks

Webhooks let you receive a real-time HTTP POST to your own endpoint whenever an alert fires or is acknowledged. Use them to pipe ChillCheck events into Zapier, Make.com, Slack, or any custom integration.

Enterprise plan only

Webhooks are available on the Enterprise plan. Only organisation owners can create and manage webhook endpoints.


Setting up

  1. Go to Settings → API → Webhooks.
  2. Click + Add endpoint.
  3. Enter the destination URL (must start with https://).
  4. Optionally add a label so you can tell endpoints apart at a glance.
  5. Tick the events you want to receive (alert.triggered and/or alert.acknowledged).
  6. Click Add endpoint.
  7. Copy the secret immediately — it is shown only once and cannot be recovered. Store it somewhere safe (e.g. a Zapier storage variable, an environment variable in your app).

After creation you can use the Test button to send a test payload to the endpoint and confirm delivery.


Verifying the signature

Every delivery includes an X-ChillCheck-Signature header with a SHA-256 HMAC of the raw request body:

X-ChillCheck-Signature: sha256=<hex-digest>

Verify it in your handler before processing the payload. Example in Node.js:

const { createHmac } = require('crypto')

function verifySignature(rawBody, secret, header) {
  const expected = `sha256=${createHmac('sha256', secret).update(rawBody).digest('hex')}`
  // Use a timing-safe comparison to prevent timing attacks
  const a = Buffer.from(expected)
  const b = Buffer.from(header)
  if (a.length !== b.length) return false
  return require('crypto').timingSafeEqual(a, b)
}

Python example:

import hmac, hashlib

def verify_signature(raw_body: bytes, secret: str, header: str) -> bool:
    expected = "sha256=" + hmac.new(
        secret.encode(), raw_body, hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(expected, header)

Event types

alert.triggered

Fires when the Pi sends the initial email notification for a new alert.

{
  "event": "alert.triggered",
  "triggered_at": "2026-05-31T14:22:00.000Z",
  "data": {
    "alert_id":     "uuid",
    "type":         "high_temp",
    "severity":     "critical",
    "cabinet_id":   "uuid",
    "cabinet_name": "Chest Freezer 1",
    "site_id":      "uuid",
    "site_name":    "Wolverhampton",
    "temperature":  -10.4,
    "message":      "Temperature -10.4 C exceeds critical high threshold of -12 C",
    "triggered_at": "2026-05-31T14:21:58.000Z"
  }
}

Alert types:

type Description
high_temp Temperature above the warn/crit high threshold
low_temp Temperature below the warn/crit low threshold
sensor_offline Sensor has not reported for the configured offline period
device_offline Hub has lost connectivity
low_battery Sensor battery below the configured threshold
low_signal Sensor RSSI below threshold for configured period
predictive_drift AI-predicted breach before it occurs (Enterprise)

alert.acknowledged

Fires when a team member acknowledges an alert from the dashboard or email link.

{
  "event": "alert.acknowledged",
  "triggered_at": "2026-05-31T14:35:12.000Z",
  "data": {
    "alert_id":        "uuid",
    "type":            "high_temp",
    "severity":        "critical",
    "cabinet_id":      "uuid",
    "cabinet_name":    "Chest Freezer 1",
    "root_cause":      "door_left_open",
    "acknowledged_at": "2026-05-31T14:35:12.000Z"
  }
}

Root cause values:

door_left_open · power_outage · defrost_cycle · compressor_fault · door_seal_failure · overstocked · sensor_placement · sensor_fault · false_alarm · other


Testing locally with curl

Use smee.io or ngrok to expose a local server, then run:

# Replace with your local tunnel URL
curl -X POST https://your-tunnel.ngrok.io/webhooks \
  -H "Content-Type: application/json" \
  -H "X-ChillCheck-Signature: sha256=test" \
  -H "X-ChillCheck-Event: test" \
  -d '{"event":"test","triggered_at":"2026-05-31T12:00:00Z","data":{"message":"Test webhook from ChillCheck"}}'

After adding your endpoint in Settings, use the Test button to send a live signed test payload.


Zapier walkthrough

  1. In Zapier, create a new Zap and choose Webhooks by ZapierCatch Hook as the trigger.
  2. Copy the webhook URL Zapier gives you (it starts with https://hooks.zapier.com/…).
  3. In ChillCheck Settings → API → Webhooks, add the Zapier URL and select the events you want.
  4. Copy the secret, paste it into a Zapier Storage by Zapier step (or store it in a Code step variable).
  5. Click Test in ChillCheck to send a sample payload — Zapier will detect it automatically.
  6. In the Zap, add a Filter step to verify the signature:
    • Run a Code by Zapier step that computes sha256=<hmac> of the raw body using your stored secret, and compares it to the X-ChillCheck-Signature header.
  7. Add your action (e.g. post to Slack, create a Trello card, send an SMS via Twilio).

Tip

The data.severity field (warning or critical) is useful for routing — e.g. send critical alerts to an on-call Slack channel and warnings to a lower-priority channel.


Delivery behaviour

  • ChillCheck attempts delivery once with a 5-second timeout.
  • There is no automatic retry on failure — use the Test button after fixing your endpoint to confirm it is working.
  • The last_status_code shown in the UI is updated after each delivery (including test sends).
  • Delivery is fire-and-forget and does not block alert notification sending.