Substitution in webhook endpoint requests
You can include incident data fields and alert data fields in HTTP requests to webhook endpoints. APEX AIOps Incident Management supports substitutions that you can include in the URL or payload. For example, the following CREATE payload includes substitutions for the incident ID, description, and severity:
{ ... "short_description": "Moog Incident ID ${id} - ${description} ", "impact": "${severity}" ... }
Updating incidents on external systems
Note
If you want a webhook endpoint to send UPDATE requests for incidents or alerts, the requests must include the relevant ID so the external system can identify the incident or alert to update.
Many ticketing systems, such as ServiceNow and PagerDuty, generate an ID when they create a new ticket or incident. When an Incident Management webhook sends a CREATE request, it can parse the response and store the ID in an ${outbound.<integration_name>.external_id}
substitution.
You can configure UPDATE notifications to parse the external response to a CREATE request and store the relevant value in an ${outbound.<integration_name>.external_id}
substitution. To identify the relevant key string in the response, you can select a known default or specify a regex. The value for <integration_name> is specified in the Integration Name field in the Send to Endpoint action. Include this information in the URL field in the Endpoint section of the incident or alert webhook endpoint you are using for updates.
An example of an endpoint URL for incident webhook endpoint updates:
https://ticketsystem.example.com/incident/update?ticket_id=${outbound.MyIntegrationName.external_name}
The ticket (or equivalent) ID is stored in the external_id
equivalent: $(outbound.<integration_name>.external_id
.
You can use either the ${outbound.<integration_name>.external_name}
or the ${outbound.<integration_name>.external_id}
reference to send updates. Both are ways of referring to the ticket (or other incident equivalent) on the external system, though ${outbound.<integration_name>.external_name}
usually identifies the ticket by a friendly name, and ${outbound.<integration_name>.external_id}
refers to it by ID.