Why Alerting and Notifications Are Necessary for Outbound Webhook Providers
Webhook delivery fails. Endpoints go down, TLS certificates expire, authentication tokens rotate, and servers return 500s for reasons nobody can explain on a Friday afternoon. None of this is unusual. What is unusual (and inexcusable) is when your consumers discover the failure before you do.
If you're sending webhooks on behalf of your platform, delivery failures aren't just a technical hiccup. They're a breach of trust. Your consumers built integrations against your API because they expected to be notified when things happened. When those notifications stop arriving and nobody tells them, they lose data, they lose confidence, and eventually they lose patience.
This is the problem that alerting and notifications solve. They're the observability layer on top of your webhook delivery pipeline that ensures failures are detected, surfaced, and acted on before they cascade into something worse.
What can go wrong (and how quietly it happens)
The most dangerous webhook failures are the silent ones. A consumer's endpoint starts returning 503s because their cloud provider is having a bad day. Your retry logic kicks in, backs off exponentially, and eventually exhausts its attempts. The event lands in a dead-letter queue (or worse, gets dropped entirely). Meanwhile, the consumer's billing integration hasn't processed an invoice in six hours and they have no idea.
This isn't hypothetical. Platforms like WooCommerce automatically disable webhooks after just five consecutive delivery failures. The intent is reasonable: stop hammering a dead endpoint. But the execution is brutal, because there's no built-in alerting to tell the store owner their webhook was disabled. Order notifications, inventory syncs, CRM updates — all silently stopped. The store owner finds out when a customer complains.
The pattern repeats across the industry. Endpoints get disabled, subscriptions get put on probation, delivery queues back up, and the people who need to know are the last to find out. The root cause isn't the failure itself. It's the absence of alerting around it.
The alerts your webhook system needs
Not all alerts are created equal. A well-designed alerting system for outbound webhooks needs to cover several distinct failure modes, each with different urgency levels and audiences.
Consecutive failure alerts
This is the most critical alert type. When deliveries to a specific destination fail repeatedly, something is fundamentally wrong. The endpoint might be down, the URL changed, authentication broke, or the consumer's server is rejecting your payloads.
Consecutive failure alerts should fire at escalating thresholds. A single failure is noise. Five consecutive failures are a pattern. Fifty consecutive failures are an emergency. The alert should escalate accordingly: an informational notification at lower thresholds, an urgent one as failures approach the point where the destination will be disabled.
The key data points in a consecutive failure alert are: which destination is failing, how many consecutive failures have occurred, what the maximum threshold is, what response the endpoint returned, and whether the destination is about to be auto-disabled. Armed with this information, someone can diagnose and act.
Destination disabled alerts
When a destination crosses the failure threshold and gets disabled, a separate alert should fire immediately. This is a state change, not just a data point. Events are no longer being delivered. The consumer's integration is offline. Every minute without notification is a minute of silent data loss.
This alert needs to reach both you (the provider) and, critically, your consumer. They need to know their endpoint was disabled, why it happened, and what they need to do to re-enable it.
Delivery latency alerts
Failures aren't always binary. Sometimes an endpoint responds, but it takes thirty seconds to do it. If your delivery pipeline has timeouts, these slow responses may be recorded as successes today and failures tomorrow. Latency alerts catch the degradation before it becomes an outage. Track your p95 and p99 delivery latencies. When they start climbing, something is changing on the consumer's end, and it's worth a notification.
Queue depth and backlog alerts
If your system queues events before delivery, the depth of that queue is a leading indicator of trouble. A growing backlog means events are being produced faster than they're being delivered — either because delivery is slow, destinations are failing, or your system is under unusual load. Alert when the backlog exceeds a threshold or when the estimated time to drain starts growing. These are early warnings that give you time to act before consumers notice delayed deliveries.
Error rate alerts
Individual failures are normal. A spike in the aggregate error rate across all destinations is not. If your system goes from a baseline 0.5% error rate to 15% in ten minutes, that's a systemic issue like a bad deploy, a network partition, or a misconfigured load balancer. Error rate alerts should fire on deviations from your baseline, not on absolute numbers, so they adapt as your traffic grows.
Who needs to be alerted (and why it matters)
Webhook alerting serves two distinct audiences with different needs.
You, the provider
As the platform sending webhooks, you need operational visibility. Which destinations are failing? Is it isolated to one consumer or is it systemic? Are your retry queues healthy or backing up? Provider-side alerts feed into your operational dashboards, on-call rotations, and incident response workflows. They help you answer the question: "Is our webhook infrastructure healthy?"
Your consumers
Your consumers need to know when their specific integration is in trouble. They don't care about your aggregate error rates or queue depths. They care that their endpoint stopped receiving events, why it happened, and what they can do about it. Consumer-facing alerts should be actionable and specific. "Your endpoint at https://billing.example.com/webhooks has failed 15 consecutive deliveries. The last response was a 401 Unauthorized. Please verify your authentication configuration." That's an alert someone can act on.
The challenge is that you, as the provider, may not have a direct notification channel to every consumer. You might not know their preferred alert destination. This is where the architecture of your alerting system matters. It needs to produce alerts that you can route through whatever notification infrastructure you already have.
Choosing the right alert channels
The channel an alert travels through should match its urgency.
For provider operations, a tiered approach works well. Low-severity alerts (a single destination failing intermittently) go to a logging system or a low-priority Slack channel. Medium-severity alerts (a destination approaching its disable threshold) go to an on-call channel. High-severity alerts (a systemic spike in error rates, or a destination being auto-disabled) page the on-call engineer via PagerDuty or SMS.
For consumer-facing notifications, email is the baseline — it's asynchronous and doesn't require any integration. In-app notifications work for consumers who use your management portal. And for consumers who want real-time awareness, a callback URL that fires a webhook when their webhook fails (yes, the irony) gives them the flexibility to route alerts into their own systems: Slack, PagerDuty, a custom dashboard, whatever they've built.
Alert design principles
A few principles keep webhook alerting useful rather than annoying.
Be progressive, not binary. Don't wait until a destination is disabled to send the first alert. Escalate through thresholds (50%, 70%, 90%, 100% of the failure limit) so the consumer (or your ops team) has time to investigate before the situation becomes critical.
Include context, not just the event. An alert that says "delivery failed" is almost useless. An alert that includes the destination, the event topic, the HTTP status code, the response body, and whether auto-disable is imminent gives someone everything they need to start debugging.
Respect the retry window. Don't alert on the first failure of an event that has retries remaining. Alert on the pattern (like consecutive failures across multiple events) that indicates a persistent problem rather than a transient blip.
Make alerts actionable. Every alert should imply a next step. If a destination was disabled, tell the consumer how to re-enable it. If error rates spiked, link to the relevant dashboard. If a specific event failed, provide a way to replay it.
How Hookdeck Outpost handles alerts
Outpost, Hookdeck's open-source outbound webhook infrastructure, implements alerting as a callback-based system designed to integrate with whatever notification infrastructure you already have.
When a delivery attempt fails, Outpost can trigger alerts scoped to the specific destination that's experiencing problems. Rather than prescribing a particular notification channel (email, Slack, PagerDuty), Outpost produces alerts on a callback URL configured through the ALERT_CALLBACK_URL environment variable. The alert payload is delivered as an HTTP request authenticated with your Admin API Key via a bearer token. It's then your responsibility to format and route that alert to your tenant using your existing notification systems.
This design is deliberate. Every platform has its own way of reaching its users: some send emails, some push in-app notifications, some post to Slack. Outpost doesn't try to replace that infrastructure. It gives you the raw alert data and lets you deliver it however makes sense for your product.
Consecutive failure alerts
Outpost's primary alert type is the consecutive failure alert, configured through the ALERT_CONSECUTIVE_FAILURE_COUNT variable. When you set a maximum consecutive failure count, Outpost triggers alerts at escalating thresholds: 50%, 70%, 90%, and 100% of that limit.
The alert payload includes everything needed to diagnose the problem: the event that failed, the current and maximum consecutive failure counts, the destination details, and the actual HTTP response from the endpoint (status code and body). It also includes a will_disable flag that tells you whether the destination is about to be automatically taken offline.
Auto-disabling destinations
At 100% of the consecutive failure threshold, Outpost can automatically disable the destination if you've enabled the ALERT_AUTO_DISABLE_DESTINATION configuration. This prevents your system from endlessly retrying against a dead endpoint, wasting resources and generating noise. The combination of progressive alerts and auto-disable means the consumer gets multiple warnings before their destination goes offline, and the final alert tells them exactly what happened and why.
Reliable alert delivery
Outpost treats alert delivery with the same seriousness as event delivery. If the alert callback URL doesn't respond with a 200, Outpost retries with exponential backoff and logs the failure. Your alerting infrastructure gets the same reliability guarantees as your webhook pipeline.
This approach gives you a complete alerting foundation without locking you into any particular notification vendor or consumer communication pattern.
The cost of skipping alerting
It's tempting to defer alerting and focus on the core delivery pipeline first. The logic seems sound: get delivery working, handle retries, build the consumer portal, and add alerting later when there's time.
But "later" has a cost. Without alerting, every delivery failure is invisible until someone manually checks a dashboard — or until a consumer opens a support ticket asking why their integration stopped working. The first scenario requires discipline that doesn't scale. The second means your consumer discovered the problem before you did, which is the worst possible outcome for trust.
The operational cost compounds, too. Without progressive alerts, you can't warn consumers before their destinations get disabled. Without error rate monitoring, a bad deploy can silently break delivery for hours. Without queue depth alerts, a backlog can grow until latency is measured in hours rather than seconds.
Alerting isn't a nice-to-have feature you add after launch. It's the mechanism that turns a webhook delivery system into a webhook delivery service that your consumers can rely on because it tells them when something goes wrong, not just when everything is fine.