API & Integrations
Webhooks
Receive real-time HTTP notifications when events occur on your status page — incidents created, components updated, maintenance scheduled, and more.
Setting Up Webhooks
Navigate to Dashboard → Settings → Webhooks and click Add Webhook. Provide:
Event Types
| Event | Triggered When |
|---|---|
| incident.created | A new incident is created |
| incident.updated | An incident status or message is updated |
| incident.resolved | An incident is marked as resolved |
| component.updated | A component status changes |
| maintenance.scheduled | A new maintenance window is scheduled |
| maintenance.started | A scheduled maintenance begins |
| maintenance.completed | A maintenance window ends |
Payload Format
Webhook payloads are sent as JSON via HTTP POST:
{
"event": "incident.created",
"timestamp": "2026-02-12T08:30:00Z",
"data": {
"id": "clx123...",
"title": "API Latency Increase",
"status": "INVESTIGATING",
"impact": "MINOR",
"message": "We are investigating...",
"components": ["API Server"],
"statusPageSlug": "your-company"
}
}HMAC Signature Verification
Every webhook request includes an X-PingBase-Signature header containing an HMAC-SHA256 signature of the request body using your webhook secret.
To verify the signature:
const crypto = require('crypto');
function verifySignature(body, signature, secret) {
const expected = crypto
.createHmac('sha256', secret)
.update(body)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}Always verify the signature before processing webhook payloads to prevent spoofing. Use timing-safe comparison to prevent timing attacks.
Retry Logic
If your endpoint returns a non-2xx status code or times out, PingBase retries the delivery with exponential backoff:
- Attempt 1 — Immediate
- Attempt 2 — After 1 minute
- Attempt 3 — After 5 minutes
After all retries are exhausted, the delivery is marked as failed. You can view delivery history and retry failed deliveries from the dashboard.