Webhooks
Receive campaign alert events at your own HTTPS endpoint — the exact payload, delivery, and retry behavior.
iSearchFrom can POST an event to an endpoint you control whenever a tracking campaign raises an
alert. This is the one outbound webhook the platform sends today: campaign alerts. Use it to route
alerts into Slack, an incident tool, an internal dashboard, or a data warehouse.
When to use webhooks
Section titled “When to use webhooks”- Alerts need to enter an internal tool, Slack channel, or incident workflow.
- You want to store alert events in a data warehouse.
- Another workflow should run when a campaign’s rankings, ads, or AI visibility change.
For a complete walkthrough including a relay to Slack, see the cookbook Send alerts to Slack.
Configure a webhook
Section titled “Configure a webhook”- Open the campaign’s alert settings (in the app, or via the campaign’s
alertSettingsthrough the API). - Enable alerts and set a public HTTPS endpoint as the webhook URL.
- Save the campaign.
- Trigger a low-risk alert to confirm delivery before relying on it.
The endpoint must accept POST and return a 2xx quickly. If you need slow processing, acknowledge
fast and process asynchronously.
Payload shape
Section titled “Payload shape”Every delivery is JSON with this exact shape:
{ "event": "tool.alert.created", "timestamp": "2026-07-07T14:05:00.000Z", "data": { "alertId": "…", "targetType": "position_campaign", "campaignId": "…", "campaignName": "Brand keywords — US", "type": "…", "severity": "…", "metadata": { "…": "…" } }}| Field | Notes |
|---|---|
event | Always tool.alert.created today. Branch on it; new event types may be added. |
timestamp | ISO-8601 time the alert was raised. |
data.alertId | Unique alert id — use it for idempotency (see below). |
data.targetType | Which kind of campaign (position, ad-tracker, or AI-visibility). |
data.campaignId | The campaign that raised the alert. |
data.campaignName | The campaign’s name, for display. |
data.type | The alert rule that fired. |
data.severity | The alert’s severity. |
data.metadata | Alert-type-specific detail (varies by type). |
Handle unknown fields safely — new fields may be added without changing existing ones.
Delivery behavior
Section titled “Delivery behavior”- Retries: a failed delivery is retried up to 4 times with exponential backoff (roughly 5s, 25s, 2m, 10m). After that it’s given up.
- Idempotency: the same alert can arrive more than once (a retry after your endpoint was briefly
slow). De-duplicate on
data.alertIdif duplicates would matter. - Response: return
2xxonly once you’ve accepted the event. Use5xxor a timeout for temporary failures (which trigger a retry); a4xxstill counts as a failed attempt. - Keep responses small — iSearchFrom does not surface your endpoint’s response anywhere.
Security recommendations
Section titled “Security recommendations”- Use HTTPS and a unique URL per integration so you can rotate or revoke one independently.
- The webhook URL is effectively a secret — treat a leaked one as compromised and rotate it.
- If your receiver needs to authenticate the caller, put a secret token in your own URL path/query or use a gateway rule. Never put API keys in the webhook URL.
- Don’t put secrets in campaign names or alert labels — they appear in the payload.