Configure webhooks
There are a variety of services you can connect to Cloudflare using webhooks to receive notifications from your Cloudflare account. Refer to the table below to learn how to connect your Cloudflare account to popular webhook services.
- Log in to the Cloudflare dashboard ↗ and select your account.
- Go to Notifications > Destinations.
- In the Webhooks card, select Create.
- Give your webhook a name to use for identification later.
- In the URL field, enter the URL of the third-party service that you have previously set up and want to connect to your Cloudflare account.
- If needed, insert the Secret. Secrets are how webhooks are encrypted and vary according to the service you are connecting to Cloudflare.
- Select Save and Test to finish setting up your webhook.
The new webhook will appear in the Webhooks card.
You can only edit the name of webhooks and/or delete them.
- Log in to the Cloudflare dashboard ↗ and select your account.
- Go to Notifications > Destinations.
- In the Webhooks card, select Edit on the webhook that you want to edit.
- Update the webhook’s name and select Save.
You can delete a webhook after selecting Edit or by selecting Delete in the list of webhooks displayed in the Destinations card.
If you use a service that is not covered by Cloudflare’s currently available webhooks, you can configure your own, and enter a valid webhook URL.
It is always recommended to use a secret for generic webhooks. Cloudflare will send your secret in the cf-webhook-auth
header of every request made. If this header is not present, or is not your specified value, you should reject the webhook.
After selecting Save and Test, your webhook should now be configured as a destination that you can use to attach to policies.
When Cloudflare sends you a webhook, it will have the following schema:
Cloudflare generic webhook notifications will only be dispatched to a publicly resolvable IP address on port 80 or 443.
If you want to receive the generic webhook notification on a private IP address or different port, you can either receive and forward the notification using Workers or set up a Cloudflare Tunnel to route to your connected application.
You can use Cloudflare Workers with a generic webhook to deliver notifications to any service that accepts webhooks.
Cloudflare has an example tool ↗ to help you understand how you can use Workers and generic webhooks. The example provided transforms a generic webhook response in order for it to be delivered to Rocket.Chat. The code provided is heavily commented to guide you in the process of adapting the example to your needs.
For Google Chat ↗:
- Secret: The secret is part of the URL. Cloudflare parses this information automatically and there is no input needed from the user.
- URL: URL varies depending on the Google Chat channel’s address.
For Slack ↗:
- Secret: The secret is part of the URL. Cloudflare parses this information automatically and there is no input needed from the user.
- URL: URL varies depending on the Slack channel’s address.
For DataDog ↗:
- Secret: The secret is required and has to be entered by the user. This is what DataDog refers to as API Key ↗
- URL:
https://api.datadoghq.com/api/v1/events
For Discord ↗:
- Secret: The secret is part of the URL. Cloudflare parses this information automatically and there is no input needed from the user.
- URL: URL varies depending on the Discord channel’s address.
For OpsGenie ↗:
- Secret: The secret is the
API Key
for OpsGenie’s REST API. - URL:
https://api.opsgenie.com/v2/alerts
For Splunk ↗:
- Secret: The secret is required and has to be entered by the user. This is what Splunk refers to as
token
. Refer to Splunk’s documentation ↗ for details. - URL:
- We only support three Splunk endpoints: services/collector, services/collector/raw, and services/collector/event.
- If SSL is enabled on the token, the port must be 443. If SSL is not enabled on the token, the port must be 8088.
- SSL must be enabled on the server.
- Enable indexer acknowledgement must be disabled on the Splunk HTTP Event Collector.
For Feishu ↗:
- Secret: The secret is part of the URL. Cloudflare parses this information automatically and there is no input needed from the user.
- URL: The URL varies depending on the Custom Robot.
For Teams ↗:
- Secret: The secret is part of the URL. Cloudflare parses this information automatically and there is no input needed from the user.
- URL: URL is provided by Teams when the Incoming Webhook connector is created.
For ServiceNow ↗:
- Secret: User decides. Ensure that the secret entered in Cloudflare Notifications matches with ServiceNow. Refer to ServiceNow’s documentation ↗ for details.
- URL:
https://{servicenow_instance}.com/{base_api_path}
For a Generic webhook:
- Secret: User decides.
- URL: User decides.
When creating a Google Chat, Slack, Discord, or Feishu webhook, the secret is part of the URL. You can choose to remove the secret from the URL and explicitly set the value of secret
rather than letting Cloudflare automatically extract it.
This can be useful when defining your webhook infrastructure as code using Terraform since the URL will not be modified by Cloudflare.