Outbound Webhooks¶
Webhooks let you receive a real-time HTTP POST to your own endpoint whenever an alert fires or is acknowledged. Use them to pipe ChillCheck events into Zapier, Make.com, Slack, or any custom integration.
Enterprise plan only
Webhooks are available on the Enterprise plan. Only organisation owners can create and manage webhook endpoints.
Setting up¶
- Go to Settings → API → Webhooks.
- Click + Add endpoint.
- Enter the destination URL (must start with
https://). - Optionally add a label so you can tell endpoints apart at a glance.
- Tick the events you want to receive (
alert.triggeredand/oralert.acknowledged). - Click Add endpoint.
- Copy the secret immediately — it is shown only once and cannot be recovered. Store it somewhere safe (e.g. a Zapier storage variable, an environment variable in your app).
After creation you can use the Test button to send a test payload to the endpoint and confirm delivery.
Verifying the signature¶
Every delivery includes an X-ChillCheck-Signature header with a SHA-256 HMAC of the raw request body:
Verify it in your handler before processing the payload. Example in Node.js:
const { createHmac } = require('crypto')
function verifySignature(rawBody, secret, header) {
const expected = `sha256=${createHmac('sha256', secret).update(rawBody).digest('hex')}`
// Use a timing-safe comparison to prevent timing attacks
const a = Buffer.from(expected)
const b = Buffer.from(header)
if (a.length !== b.length) return false
return require('crypto').timingSafeEqual(a, b)
}
Python example:
import hmac, hashlib
def verify_signature(raw_body: bytes, secret: str, header: str) -> bool:
expected = "sha256=" + hmac.new(
secret.encode(), raw_body, hashlib.sha256
).hexdigest()
return hmac.compare_digest(expected, header)
Event types¶
alert.triggered¶
Fires when the Pi sends the initial email notification for a new alert.
{
"event": "alert.triggered",
"triggered_at": "2026-05-31T14:22:00.000Z",
"data": {
"alert_id": "uuid",
"type": "high_temp",
"severity": "critical",
"cabinet_id": "uuid",
"cabinet_name": "Chest Freezer 1",
"site_id": "uuid",
"site_name": "Wolverhampton",
"temperature": -10.4,
"message": "Temperature -10.4 C exceeds critical high threshold of -12 C",
"triggered_at": "2026-05-31T14:21:58.000Z"
}
}
Alert types:
type |
Description |
|---|---|
high_temp |
Temperature above the warn/crit high threshold |
low_temp |
Temperature below the warn/crit low threshold |
sensor_offline |
Sensor has not reported for the configured offline period |
device_offline |
Hub has lost connectivity |
low_battery |
Sensor battery below the configured threshold |
low_signal |
Sensor RSSI below threshold for configured period |
predictive_drift |
AI-predicted breach before it occurs (Enterprise) |
alert.acknowledged¶
Fires when a team member acknowledges an alert from the dashboard or email link.
{
"event": "alert.acknowledged",
"triggered_at": "2026-05-31T14:35:12.000Z",
"data": {
"alert_id": "uuid",
"type": "high_temp",
"severity": "critical",
"cabinet_id": "uuid",
"cabinet_name": "Chest Freezer 1",
"root_cause": "door_left_open",
"acknowledged_at": "2026-05-31T14:35:12.000Z"
}
}
Root cause values:
door_left_open · power_outage · defrost_cycle · compressor_fault · door_seal_failure · overstocked · sensor_placement · sensor_fault · false_alarm · other
Testing locally with curl¶
Use smee.io or ngrok to expose a local server, then run:
# Replace with your local tunnel URL
curl -X POST https://your-tunnel.ngrok.io/webhooks \
-H "Content-Type: application/json" \
-H "X-ChillCheck-Signature: sha256=test" \
-H "X-ChillCheck-Event: test" \
-d '{"event":"test","triggered_at":"2026-05-31T12:00:00Z","data":{"message":"Test webhook from ChillCheck"}}'
After adding your endpoint in Settings, use the Test button to send a live signed test payload.
Zapier walkthrough¶
- In Zapier, create a new Zap and choose Webhooks by Zapier → Catch Hook as the trigger.
- Copy the webhook URL Zapier gives you (it starts with
https://hooks.zapier.com/…). - In ChillCheck Settings → API → Webhooks, add the Zapier URL and select the events you want.
- Copy the secret, paste it into a Zapier Storage by Zapier step (or store it in a Code step variable).
- Click Test in ChillCheck to send a sample payload — Zapier will detect it automatically.
- In the Zap, add a Filter step to verify the signature:
- Run a Code by Zapier step that computes
sha256=<hmac>of the raw body using your stored secret, and compares it to theX-ChillCheck-Signatureheader.
- Run a Code by Zapier step that computes
- Add your action (e.g. post to Slack, create a Trello card, send an SMS via Twilio).
Tip
The data.severity field (warning or critical) is useful for routing — e.g. send critical alerts to an on-call Slack channel and warnings to a lower-priority channel.
Delivery behaviour¶
- ChillCheck attempts delivery once with a 5-second timeout.
- There is no automatic retry on failure — use the Test button after fixing your endpoint to confirm it is working.
- The
last_status_codeshown in the UI is updated after each delivery (including test sends). - Delivery is fire-and-forget and does not block alert notification sending.