If you have internal systems that can perform tasks like rolling back deploys, you may want a way to dispatch an HTTP request from FireHydrant to it. This article explains how to setup a runbook step that will send a webhook to an endpoint of your choice.

Adding the step

First, edit the runbook you'd like to send the webhook from. Add the step under the Patchy category called "Send A Webhook".

  • In the endpoint field, enter in the URL you'd like to send this webhook to.
  • In the HMAC Secret field, enter in a short string you can then use to verify the webhooks came from FireHydrant in your application.
  • For JSON Payload, this is a field that we use the liquid templating syntax to interpolate values into a JSON string that we'll send to your endpoint. If you're curious what you can use in this, you can always visit the API to see your incidents and the payload structure (you did know we had an API right?). https://api.firehydrant.io/v1/incidents

JSON Payload Templating

We allow formatting the payload we send to your endpoint however you like, as long as it results in valid JSON in the end. If you'd like to include a JSON version of certain parts of the payload, you may also use liquid filters to convert input to JSON. For example:

{{ incident.labels | toJSON }}

This will convert the labels attribute on the incident to JSON so it can easily be sent in the JSON payload like so:

{
"incident_id": "{{incident.id}}",
"labels": {{ incident.labels | toJSON }}
}

This enables you to include whatever data you'd like in the payload easily.

Signature Verification

Every payload request you receive from FireHydrant will have a fh-signature header that contains the computed signature of the HMAC Secret that you provide and the JSON payload. FireHydrant uses SHA256 to compute the signature.

Using Ruby as an example, you'd use this code to calculate the signature with the secret key and check it against the one received

key = "super-secret-key" 
data = request.body
signature = headers['Fh-Signature']

if signature == OpenSSL::HMAC.hexdigest("SHA256", key, data)
# perform task
end
Did this answer your question?