> ## Documentation Index
> Fetch the complete documentation index at: https://docs.foggyhq.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Alert Webhook

> Generic inbound webhook. Any alerting tool that can POST JSON can trigger Foggy.

Foggy receives alerts through a single generic HTTPS webhook. Anything that can POST JSON — Alertmanager, Grafana Alerts, PagerDuty, Opsgenie, a cron job, your own code — can trigger an investigation.

## What you get

* One endpoint per workspace, authenticated by a Bearer token.
* Every incoming alert is matched against your [automation filter rules](/features/automations). Matches kick off an investigation. Non-matches are recorded but ignored.
* Payloads up to **1 MB** are accepted. Larger = `413`.
* Multiple tokens per workspace (you can rotate or revoke individually).

## Setup

1. In the Console sidebar, click **Integrations**.

2. On the **Alert Webhook** card, click **Configure**.

3. Click **Generate token**. Copy the full `foggy_wh_...` token — it is shown once.

4. Copy the webhook URL (shape: `https://<your-foggy-host>/api/v1/projects/<id>/webhooks/alerts`).

5. In your alerting tool, add a webhook / HTTP receiver pointing at that URL, with header:

   ```
   Authorization: Bearer <token>
   Content-Type: application/json
   ```

6. Fire a test alert. The webhook returns `200 OK` immediately; the investigation runs in the background.

### Example receiver configs

**Prometheus Alertmanager** (`alertmanager.yml`):

```yaml theme={null}
receivers:
  - name: foggy
    webhook_configs:
      - url: https://foggy.your-company.com/api/v1/projects/1/webhooks/alerts
        http_config:
          authorization:
            type: Bearer
            credentials: <token>
```

**Grafana contact point**: set type **Webhook**, URL as above, Authentication header `Authorization: Bearer <token>`.

## Response codes

| Code  | Meaning                                                                                                       |
| ----- | ------------------------------------------------------------------------------------------------------------- |
| `200` | Accepted. Response body shows how many automations matched: `{"status":"ok","investigations_triggered":"2"}`. |
| `401` | Missing, malformed, or disabled token.                                                                        |
| `413` | Payload larger than 1 MB. Trim or summarise alerts upstream.                                                  |
| `422` | Body is not valid JSON.                                                                                       |

## Troubleshooting

* **No investigation fires even though the webhook returned 200** — no automation's filter rules matched the payload. Open any automation, check the filter rules against the alert's labels.
* **401 on every call** — the token was disabled in the UI, or copied wrong. Regenerate in **Integrations** → **Alert Webhook** and update your alerting tool's config.
* **413 on large Alertmanager groups** — Alertmanager can batch many alerts into one POST. Set `group_wait`, `group_interval`, and `repeat_interval` in your route to keep payloads under 1 MB.

## Next steps

<CardGroup cols={2}>
  <Card title="Automations" icon="clock" href="/features/automations">
    Filter rules decide which incoming alerts trigger investigations.
  </Card>

  <Card title="Security" icon="shield-halved" href="/platform/security">
    Webhook token handling and credential isolation.
  </Card>
</CardGroup>
