Substitution in webhook endpoint requests

Many ticketing systems, such as ServiceNow and PagerDuty, generate an ID when they create a new ticket or incident. When an Incident Management webhook sends a CREATE request, it can parse the response and store the ID in an ${outbound.<integration_name>.external_id} substitution.

You can configure UPDATE notifications to parse the external response to a CREATE request and store the relevant value in an ${outbound.<integration_name>.external_id} substitution. To identify the relevant key string in the response, you can select a known default or specify a regex. The value for <integration_name> is specified in the Integration Name field in the Send to Endpoint action. Include this information in the URL field in the Endpoint section of the incident or alert webhook endpoint you are using for updates.

An example of an endpoint URL for incident webhook endpoint updates:

https://ticketsystem.example.com/incident/update?ticket_id=${outbound.MyIntegrationName.external_name}

The ticket (or equivalent) ID is stored in the external_id equivalent: $(outbound.<integration_name>.external_id.

You can use either the ${outbound.<integration_name>.external_name} or the ${outbound.<integration_name>.external_id} reference to send updates. Both are ways of referring to the ticket (or other incident equivalent) on the external system, though ${outbound.<integration_name>.external_name} usually identifies the ticket by a friendly name, and ${outbound.<integration_name>.external_id} refers to it by ID.