This topic provides answers to some frequently asked questions about custom webhooks.

How do I configure an alert template?

If you want to send alert notifications by using a custom webhook, we recommend that you configure content in your alert template in a valid JSON format. This way, the result after rendering is in a valid JSON format.

Assume that you want to configure an alert template for the following alert message. In the alert message, the value of the alert.annotations.message field contains double quotation marks (""). If you directly reference the {{ alert.annotations.message }} field, the result after rendering is in an invalid JSON format, and alert notifications fail to be sent.

You must use the built-in function quote(value) in alert templates to reference the field. This prevents an invalid JSON format that is caused by special characters.

  • Sample alert message
        "project": "test-alert",
        "region": "cn-hangzhou",
        "labels": {
            "service": "signin",
            "env": "prod"
        "annotations": {
            "message": "user \"xxx\" signin failed, error is: userNotFound"
  • Sample alert template
        "project": "{{ alert.project }}",
        "service": "{{ alert.labels.service }}",
        "message": {{ alert.annotations.message  quote }}
  • Sample result after rendering
        "project": "test-alert",
        "service": "signin",
        "message": "user \"xxx\" signin failed, error is: userNotFound"

How do I select a network?

The alerting system of Log Service sends webhook-based alert notifications only over the Internet. If you use an internal system and do not want to enable Internet access for the system, you can use an Internet proxy. The following figure shows the network architecture. Network architecture

How do I verify access permissions?

To verify access permissions, you can configure an IP address whitelist or an HTTP header.
  • Configure an IP address whitelist for your webhook and add the IP addresses and to the whitelist.
  • Configure an HTTP header.
    • Use a custom token. You can set the Request Header parameter to Authorization: Bearer token. Replace token with your custom token.
    • Use basic authentication. You can set the Request Header parameter to Authorization: Basic $(base64_encode(username:password)). Replace username and password with your actual username and password.

For example, if your webhook uses the NGINX reverse proxy, you can configure basic authentication in NGINX to verify access permissions.

  1. Configure basic authentication in NGINX.
    1. Add a user to the password file.
      Notice If the conf/passwd file does not exist, you must create a password file.

      The username admin and the password foobar are used as examples.

      htpasswd -b conf/passwd admin foobar
    2. Configure the auth_basic and auth_basic_user_file parameters in NGINX to enable basic authentication.
      location / {
          auth_basic  on;
          auth_basic_user_file  conf/passwd;
          root   html;
          index  index.html index.htm;
    3. Restart NGINX.
  2. Configure a custom webhook in an action policy.
    The echo -n admin:foobar base64 command returns YWRtaW46Zm9vYmFy. Therefore, when you configure a custom webhook, you can set the Request Header parameter to Authorization: Basic YWRtaW46Zm9vYmFy. For more information, see Webhook-Custom.