Skip to main content

Setup

1

Open your application settings

Navigate to your application’s Issues settings in the Nightwatch dashboard.
2

Add a webhook

In the Webhooks section, configure your webhook:
  • Name: A descriptive label for your reference (e.g., “Slack notifications”, “Internal API”)
  • URL: An HTTPS endpoint that accepts POST requests
Only one webhook per application is allowed. To change the URL or name, edit the existing webhook configuration.

Request format

Every webhook request is an HTTP POST with a JSON body of this shape: The payload object always includes: Plus the event-specific fields described for each event below.

Events

issue.opened

Sent when a new issue is created (first time the exception or performance problem is detected). When it fires: A new issue is created for the application (e.g. new exception group or new slow route/job). Payload (in addition to metadata):

issue.reopened

Sent when an issue that was previously resolved is seen again and reopened. When it fires: The same exception or performance issue is detected again after the issue was closed. Payload (in addition to metadata):

issue.ignored

Sent when an issue’s status is set to Ignored. When it fires: A user (or automation) marks the issue as ignored. Payload (in addition to metadata):

issue.resolved

Sent when an issue’s status is set to Resolved. When it fires: A user (or automation) marks the issue as resolved. Payload (in addition to metadata):

Shared payload objects

Issue object

Issue details object

Exception

Request performance issue

Job performance issue

Command performance issue

Scheduled task performance issue

Environment object

Actor object

Present when the action was performed by a user.

Example request


Verifying signatures

Each webhook request includes a Nightwatch-Signature header that allows you to verify the request came from Nightwatch and has not been tampered with.
1

Get your signing secret

You can find and copy the signing secret at any time in your application’s Issues settings > Webhooks > Edit.
2

Compute the expected signature

Using the raw request body (the exact JSON string received) and your signing secret, compute an HMAC-SHA256 signature:
  • Algorithm: HMAC-SHA256
  • Message: Raw request body
  • Key: Your webhook signing secret
3

Compare signatures

Compare the computed signature with the Nightwatch-Signature header using a constant-time comparison to prevent timing attacks. If they match, the request is authentic.
Store your webhook signing secret in your application’s configuration file or environment variables for security.
Laravel example:
Configuration example (config/services.php):