Documentation Index
Fetch the complete documentation index at: https://docs.guardway.ai/llms.txt
Use this file to discover all available pages before exploring further.
What this is for
Settings → Notifications lets you push gateway events to any HTTPS endpoint and create alert rules that fire into those endpoints when conditions cross a threshold. Use it to feed SIEM tools, page on-call, drop budget warnings into Slack, or replicate audit events into your own pipeline. The page has two sections: Alert Rules (conditions that trigger notifications) and Webhook Endpoints (where the notifications go).Options
Webhook Endpoints
Create Webhook form:| Field | Notes |
|---|---|
| Name | Display label (e.g. Slack Notifications). |
| URL | HTTPS endpoint that receives the POST (e.g. https://example.com/webhook). |
| Events | Multi-select from the webhook event catalog. Pick only the events this endpoint should receive. |
| Secret | Shared secret used to compute the X-Guardway-Signature HMAC header. |
| Timeout (ms) | How long the gateway waits before declaring a delivery failed. |
| Max Retries | Maximum retry attempts on 5xx and network errors (exponential backoff). |
Available events
Events are grouped by category. Common ones:| Event | When it fires |
|---|---|
request.completed | A request finished successfully. |
request.failed | A request failed. |
request.rate_limited | A request was rate-limited. |
latency.threshold | p95/p99 or moving average crossed your SLA. |
quota.threshold | A budget or request threshold was crossed (50 / 80 / 100 %). |
quota.exceeded | A budget or request limit was exceeded and the request was blocked. |
guardrail.violation | A guardrail policy blocked or redacted a request. |
audit.action | An administrative action was recorded on the platform. |
Alert Rules
Create Alert form:| Field | Notes |
|---|---|
| Name | Display label (e.g. High Error Rate). |
| Condition | Free-text condition expression (e.g. error_rate > 5%). |
| Threshold | Numeric or human threshold the condition compares against (e.g. 100 requests). |
| Severity | Critical, Warning, or Info. |
| Cooldown | 1 minute, 5 minutes, 15 minutes, 1 hour, or 24 hours. |
| Webhook endpoint | Pick from the configured endpoints. Required. |
Delivery guarantees
- HMAC signing — every request includes a
X-Guardway-Signatureheader computed over the body with the shared secret. - Retries — exponential backoff on 5xx and network errors, up to Max Retries.
- Per-webhook filters — only the events selected on each endpoint are delivered.
- Audit trail — every delivery attempt (success or failure) is recorded in Audit Log.
How to configure
Create a webhook endpoint
Open Settings → Notifications from the dashboard sidebar, scroll to Webhook Endpoints, click Create Webhook. Fill Name, URL, Events, Secret, Timeout, and Max Retries. Save.
Verify on your receiver
Trigger one of the selected events (e.g. an MCP call for
request.completed) and confirm your endpoint received a signed POST.Create an alert rule
Scroll to Alert Rules, click Create Alert. Set Name, Condition, Threshold, Severity, Cooldown, and pick the Webhook endpoint the alert should notify.
Test it
Force the condition (e.g. cross a budget threshold from Playground) and confirm both the gateway log and your endpoint show the delivery.
Verifying the signature
Compute HMAC-SHA256 over the raw request body using your webhook Secret and compare to theX-Guardway-Signature header. Reject the delivery if they don’t match.
Related
- Audit Log — every webhook delivery attempt is recorded here.
- Integrations — first-party integrations that don’t need a webhook.