POST /v1/config/notifications
Notification Channels
POST /v1/config/notifications Create a notification channel
Creates a new notification channel for the current project. Once
created and active, analyses whose severity meets the channel's
threshold will be delivered to it.
For per-platform setup walkthroughs (where to obtain webhook URLs, how
to configure recipients), see the
channels guide .
API key with config:write permission. Project-scoped or
tenant-scoped (with X-Project-Id).
POST /v1/config/notifications Field Type Required Notes type'slack' | 'teams' | 'discord' | 'google_chat' | 'webhook' | 'email'✓ Destination platform namestring (1–255 chars) ✓ Descriptive label, e.g. #engineering-alerts credentialsobject ✓ Platform-specific connection info — see below severityThreshold'critical' | 'high' | 'medium' | 'low'✓ Lowest severity that should fire this channel
The credentials shape depends on type:
Field Type Required Notes webhookUrlstring ✓ Slack incoming webhook URL
{ "webhookUrl" : "https://hooks.slack.com/services/T.../B.../..." } Field Type Required Notes webhookUrlstring ✓ Office 365 connector webhook URL
{ "webhookUrl" : "https://outlook.office.com/webhook/..." } Field Type Required Notes webhookUrlstring ✓ Discord channel webhook URL
{ "webhookUrl" : "https://discord.com/api/webhooks/..." } Field Type Required Notes webhookUrlstring ✓ Google Chat space webhook URL
{ "webhookUrl" : "https://chat.googleapis.com/v1/spaces/.../messages?key=..." } Field Type Required Notes urlstring ✓ HTTPS endpoint that will receive the payload authHeaderstring — Full Authorization header value, e.g. Bearer <token> hmacSecretstring — Signing secret used to HMAC-SHA256 each request
{ "url" : "https://example.com/sigsentry" , "authHeader" : "Bearer abc123" , "hmacSecret" : "your-32-byte-secret" } When hmacSecret is set, every delivery includes an
X-SigSentry-Signature: sha256=<hex> header computed over the raw
request body. Generate a high-entropy secret on your side
(openssl rand -hex 32) and verify on receipt — see
Outgoing webhooks for the verification pattern and
the full payload reference.
Field Type Required Notes recipientsstring | string[] ✓ Comma-separated list of emails, or an array
{ "recipients" : "alice@example.com, bob@example.com" } { "type" : "slack" , "name" : "#engineering-alerts" , "credentials" : { "webhookUrl" : "https://hooks.slack.com/services/T.../B.../..." }, "severityThreshold" : "high" } { "success" : true , "data" : { "id" : "9b7a3b2c-2e6e-4f1f-8c5a-1b2c3d4e5f6a" } } Field Notes idThe new channel id — use it to update or delete
Credentials are stored encrypted and never returned by the API after
creation. Keep a copy of any HMAC secret you generated; if you lose
it, rotate it via PUT /v1/config/notifications/{id}
Status error.codeWhen 400 VALIDATION_ERRORBody failed validation (missing fields, bad type, name too long) 401 UNAUTHORIZEDMissing or invalid API key 403 FORBIDDENKey lacks config:write 403 QUOTA_EXCEEDEDPlan's per-project channel limit reached
curl -X POST https://api.sigsentry.com/v1/config/notifications \ -H "Authorization: Bearer ss_secret_..." \ -H "Content-Type: application/json" \ -d '{ "type": "slack", "name": "#engineering-alerts", "credentials": { "webhookUrl": "https://hooks.slack.com/services/T.../B.../..." }, "severityThreshold": "high" }' The number of channels per project depends on your plan — see
Notification Channels → Quotas .
