Webhooks & API

Beacon exposes a REST API for all operations available in the dashboard. Webhooks allow external systems to receive push notifications when alert states change, devices check in, or jobs complete.

Authentication

All API requests require a Bearer token:

Authorization: Bearer <your-api-token>

Generate API tokens at Dashboard → Settings → API Tokens. Tokens inherit the role and company scope of the user that creates them. Service account tokens with restricted scopes can be created by Administrators.

Base URL

https://<your-worker-domain>/v1

Devices

GET  /v1/devices           # List all devices (paginated)
GET  /v1/devices/:id       # Get device details and current metrics
POST /v1/devices/:id/archive  # Archive a device

Jobs

GET  /v1/jobs              # List jobs
POST /v1/jobs              # Create a job
GET  /v1/jobs/:id          # Get job details and command results

Create job payload:

{
  "name": "Flush DNS",
  "type": "quick",
  "target": { "type": "all" },
  "components": [
    {
      "component_id": "comp_abc123",
      "variables": { "VAR_NAME": "value" }
    }
  ]
}

Alerts

GET  /v1/alerts            # List alerts (filter: ?status=active&priority=high)
GET  /v1/alerts/:id        # Get alert details
POST /v1/alerts/:id/acknowledge  # Acknowledge an alert
POST /v1/alerts/:id/resolve      # Manually resolve an alert

Webhooks

Outgoing webhooks are configured at Dashboard → Settings → Notification Channels → New Channel → Webhook. Beacon sends a POST to your endpoint on alert state changes.

Webhook payload

{
  "event": "alert.created",
  "alert": {
    "id": "alrt_abc123",
    "priority": "high",
    "status": "active",
    "check_type": "disk_space",
    "message": "Drive C: has 7.2 GB free (below 10 GB threshold)",
    "triggered_at": "2026-07-16T14:23:00Z",
    "device": {
      "id": "dev_xyz789",
      "name": "DESKTOP-ABC01",
      "company": "Acme Corp",
      "site": "Main Office"
    }
  }
}

Webhook events

EventFires when
alert.createdA new alert is raised
alert.acknowledgedA technician acknowledges the alert
alert.resolvedAlert is resolved (auto or manual)
device.onlineDevice checks in after being offline
device.offlineDevice triggers an offline alert
job.completedA job finishes (all commands done)

Webhook security

Beacon signs each webhook POST with an HMAC-SHA256 signature in the X-Beacon-Signature header. Verify it:

import hmac, hashlib

def verify_signature(payload: bytes, signature: str, secret: str) -> bool:
    expected = hmac.new(secret.encode(), payload, hashlib.sha256).hexdigest()
    return hmac.compare_digest(f"sha256={expected}", signature)

Configure your webhook secret at Settings → Notification Channels → [channel] → Signing Secret.

See also: Notification Channels, Autotask PSA