Documentation

HomeDashboard

Webhooks

Use webhooks when you want Siren to push alerts to your server. You create a webhook in the dashboard, choose which alert types and cities you care about, save the signing secret, and expose an HTTPS endpoint that accepts `POST` requests.

Create And Configure

Name

Label for your own dashboard usage.

Target URL

Your receiver endpoint. Must be HTTPS.

Static headers

Optional headers sent with every request, for example Authorization.

Event types

Leave empty to receive all supported alert types. Otherwise only selected types are sent.

Cities

Leave empty to receive all cities. Otherwise only matching city names are sent. If none match, nothing is delivered.

Signing Secret

When you create a webhook, Siren shows a signing secret once. Store it on your server. For every delivery, Siren sends:

  • x-siren-timestamp
  • x-siren-signature

The signature is HMAC-SHA256 over:
timestamp + "." + raw request body

Verify that value on your server before trusting the payload.

Minimal Receiver Example

javascript
1import crypto from 'node:crypto';
2import express from 'express';
3

4const app = express();
5app.use(express.json({
6  verify(req, _res, buf) {
7    req.rawBody = buf.toString('utf8');
8  },
9}));
10

11app.post('/webhooks/siren', (req, res) => {
12  const secret = process.env.SIREN_WEBHOOK_SECRET;
13  const timestamp = req.header('x-siren-timestamp');
14  const signature = req.header('x-siren-signature');
15

16  const expected = crypto
17    .createHmac('sha256', secret)
18    .update(`${timestamp}.${req.rawBody}`)
19    .digest('hex');
20

21  if (signature !== expected) {
22    return res.status(401).send('invalid signature');
23  }
24

25  const event = req.body;
26  console.log(event.type, event.data.cities);
27

28  return res.sendStatus(204);
29});
30

31app.listen(3000);

Payload Shape

json
1{
2  "id": "event_id",
3  "type": "missiles",
4  "version": "2026-04-09",
5  "occurredAt": "2026-04-09T12:34:56.000Z",
6  "source": "poller",
7  "data": {
8    "alertType": "missiles",
9    "title": "ירי רקטות וטילים",
10    "instructions": "היכנסו למרחב המוגן",
11    "cities": ["תל אביב", "רמת גן"]
12  },
13  "meta": {
14    "test": false,
15    "webhookId": "webhook_id",
16    "filtered": true
17  }
18}

Operational Notes

  • Return a `2xx` response after you accept the event.
  • Disabled webhooks can be re-enabled from the dashboard.