Observer
Observer

Slack, Discord, Teams, and webhooks

Post incident alerts to a chat channel or a signed HTTPS endpoint.

Slack, Discord, Microsoft Teams, the generic webhook, and email all follow the same shape: you provide one connection value, choose a scope, and save. Each formats the incident for its destination.

Slack

  1. Create an incoming webhook

    In Slack, open Apps, add Incoming Webhooks, and choose the channel that should receive alerts. Slack returns a webhook URL that starts with https://hooks.slack.com/services/.

  2. Add the integration

    In the Observer console, open Alerts, choose Add alert, pick Slack, and paste the webhook URL. Choose org-wide or a single page, then save.

  3. Test it

    Use Test on the row. A sample message formatted with Slack Block Kit should appear in the channel.

Slack rate-limits incoming webhooks to roughly one message per second. Observer paces delivery to stay under that.

Discord

Create a webhook in Server Settings, Integrations, Webhooks, and copy its URL (it starts with https://discord.com/api/webhooks/). Add a Discord integration in Observer and paste the URL. Alerts arrive as a rich embed colored by severity.

Microsoft Teams

Add an Incoming Webhook connector to the target Teams channel and copy the URL (it ends in webhook.office.com). Add a Microsoft Teams integration in Observer and paste the URL. Alerts arrive as an Adaptive Card.

Generic webhook

The generic webhook posts a JSON body to any HTTPS endpoint you control.

  1. Add the integration

    Pick Generic webhook, paste your endpoint URL, and optionally set a signing secret.

  2. Verify the signature

    When a secret is set, every request carries an X-Observer-Signature header: sha256= followed by the HMAC-SHA-256 of timestamp.body, where timestamp is the X-Observer-Timestamp header value. A legacy X-Observer-Signature-Legacy header signs the body alone. This matches the scheme used by Observer's API outbound webhooks, so a single verifier handles both.

The body includes the event type, incident id, org id, page, title, severity, status, and a link.

Email

Pick Email and enter the address that should receive incident alerts. This is the operator alert path. It is separate from the public subscriber emails that visitors sign up for on the status page.

Was this page helpful?