Skip to main content
Send AnomalyArmor alerts to any HTTP endpoint via webhooks. This enables custom integrations with internal tools, monitoring systems, or any service that accepts HTTP requests.

Why Webhooks?

Webhooks provide maximum flexibility:
  • Universal: Integrate with any system that accepts HTTP
  • Customizable: Build your own alert handling logic
  • Automation: Trigger workflows, scripts, or pipelines
  • Integration: Connect to tools without native integrations

Use Cases

Common webhook integrations:
SystemUse Case
Custom dashboardsDisplay alerts on internal monitoring
Automation platformsTrigger Zapier, n8n, or Make workflows
Ticketing systemsCreate tickets in Jira, Linear, etc.
Data pipelinesPause pipelines on schema changes
Logging systemsSend alerts to Datadog, Splunk, etc.

Prerequisites

Before you begin:
  • An HTTP endpoint that can receive POST requests
  • AnomalyArmor account with alert configuration permissions
  • (Optional) Authentication credentials for your endpoint

Setup Guide

Step 1: Navigate to Destinations

  1. Log in to AnomalyArmor
  2. Click Alerts in the left sidebar
  3. Select Destinations tab
  4. Click Add Destination

Step 2: Select Webhook

From the destination type list, click Webhook.

Step 3: Configure the Webhook

FieldDescription
Destination NameA descriptive name (e.g., “Internal Alerting System”)
URLYour endpoint URL (must be HTTPS)
AuthenticationOptional: Bearer token or API key
HeadersOptional: Custom HTTP headers

Step 4: Test the Connection

Click Send Test Alert to verify your endpoint receives the payload: 
POST https://your-endpoint.com/alerts
Status: 200 OK
Response time: 142ms
Your endpoint should respond with a 2xx status code.

Step 5: Save

Click Save to complete the setup. Your webhook destination is now ready to use in alert rules.

Payload Format

AnomalyArmor sends a JSON payload for each alert: 
{
  "event_type": "alert.triggered",
  "alert": {
    "id": "alert_abc123",
    "rule_name": "Production Schema Changes",
    "alert_type": "schema",
    "status": "triggered",
    "created_at": "2024-01-15T08:00:00Z"
  },
  "event": {
    "type": "schema_change",
    "change_type": "column_removed",
    "asset": {
      "qualified_name": "production.public.orders",
      "asset_type": "table"
    },
    "details": {
      "column_name": "shipping_status",
      "column_type": "varchar"
    }
  },
  "links": {
    "alert_url": "https://app.anomalyarmor.ai/alerts/alert_abc123",
    "asset_url": "https://app.anomalyarmor.ai/assets/..."
  }
}

Event Types

Event TypeDescription
schema_changeColumn, table, or constraint changes
freshness_violationTable exceeded freshness SLA
discovery_completeDiscovery job finished
connection_failedDatabase connection issue

Authentication

Bearer Token

Add an Authorization header with your token: 
Authorization: Bearer your-secret-token

API Key Header

Add a custom header with your API key: 
X-API-Key: your-api-key

HMAC Signature

AnomalyArmor includes an X-AnomalyArmor-Signature header with each request. Verify this signature to ensure the request came from AnomalyArmor: 
import hmac
import hashlib

def verify_signature(payload, signature, secret):
    expected = hmac.new(
        secret.encode(),
        payload.encode(),
        hashlib.sha256
    ).hexdigest()
    return hmac.compare_digest(f"sha256={expected}", signature)

Retry Logic

AnomalyArmor retries failed webhook deliveries:
AttemptDelay
1Immediate
21 minute
35 minutes
415 minutes
51 hour
After 5 failed attempts, the alert is marked as failed delivery.

Best Practices

Endpoint Design

  • Respond quickly (< 5 seconds) to avoid timeouts
  • Return 200 for successful receipt, even if processing is async
  • Use a queue for heavy processing
  • Log incoming payloads for debugging

Security

  • Always use HTTPS endpoints
  • Verify the X-AnomalyArmor-Signature header
  • Rotate authentication tokens periodically
  • Allowlist AnomalyArmor IP addresses if needed

Error Handling

Your endpoint should handle:
  • Duplicate alerts (use alert.id for deduplication)
  • Unknown event types (ignore gracefully)
  • Missing fields (use defaults)

Troubleshooting

”Connection refused” or timeout

Cause: Endpoint unreachable or slow. Fix:
  1. Verify the URL is correct and accessible
  2. Check firewall rules allow AnomalyArmor IPs
  3. Ensure endpoint responds within 30 seconds

”401 Unauthorized”

Cause: Authentication failed. Fix:
  1. Verify the token/API key is correct
  2. Check the header name matches your endpoint’s expectation
  3. Ensure credentials haven’t expired

”400 Bad Request”

Cause: Endpoint rejected the payload. Fix:
  1. Check endpoint logs for specific error
  2. Verify endpoint accepts application/json
  3. Test with a simple endpoint first

Next Steps

Alert Rules

Create rules that route to webhooks

API Reference

Build integrations with the API