Webhooks
When you configure an HTTP notification method, Angelcam sends a signed POST request to your URL whenever a notification rule fires.
Request body
Section titled “Request body”The body is a JSON object. All notifications include these common fields:
| Field | Description |
|---|---|
user_name | Name of the user |
user_email | Email of the user |
title | Notification title |
short_description | Short description |
long_description | Long description |
Additional fields by notification type:
Incident notifications:
| Field | Description |
|---|---|
incident_id | ID of the incident |
incident_category | Category of the incident |
sensor_name | Name of the triggering sensor |
incident_false_alarm | true / false / null (unknown) |
Action notifications:
| Field | Description |
|---|---|
action | Action that was performed |
invoker | Who performed the action |
Camera status notifications:
| Field | Description |
|---|---|
camera_id | Camera ID |
camera_name | Camera name |
online | true if online |
Arrow client status notifications:
| Field | Description |
|---|---|
arrow_client_id | Arrow client ID |
angelbox_id | Angelbox ID (if applicable) |
mac_address | MAC address |
online | true if online |
affected_cameras | List of affected camera IDs |
Signature verification
Section titled “Signature verification”Each request includes an X-Angelcam-Signature header containing a JWT token signed with the private key you provided when creating the notification method.
The JWT claims:
| Claim | Description |
|---|---|
iat | Issued at timestamp |
nbf | Not before (60 seconds in the past) |
exp | Expiration (120 seconds in the future) |
ver | Token version (currently 1) |
csm | Base64-encoded SHA-256 hash of the request body |
Verify the signature using your private key and confirm that csm matches the body hash to ensure the request is authentic and untampered.