Skip to content
Amrah StudioAmrah Studio Support

Webhooks

A webhook makes MacWatcher POST a JSON event to a URL you choose — wire alerts into your own server, a self-hosted inbox, or an automation tool.

Add a webhook

Section titled “Add a webhook”
  1. Settings → Delivery → Add webhook.
  2. Name it and paste an HTTPS URL (only https:// is allowed).
  3. Send on — pick the events: armed, disarmed, trigger, capture (none selected = all).
  4. Include photo — for capture events, attach the image inline (base64). Best for small images.
  5. (Optional) Shared secret — sign each request so your endpoint can verify it really came from MacWatcher. The secret is stored securely in your macOS Keychain, never in plain config.
  6. Send test to fire a sample event and see the response.

Payload

Section titled “Payload”
{
  "event": "capture",
  "trigger": "usb-attached",
  "at": "2026-06-21T14:03:22Z",
  "device": "<your hashed device id>",
  "data": { "file": "capture-2026-06-21-140322.jpg" }
}

Verifying the signature

Section titled “Verifying the signature”

If you set a shared secret, MacWatcher adds a header:

X-MacWatcher-Signature: sha256=<HMAC-SHA256 of the exact request body>

Compute the same HMAC on your side with your secret and compare — reject the request if it doesn’t match.

Good to know

Section titled “Good to know”
  • Requests never follow redirects (so a signed body can’t be replayed elsewhere).
  • Capture deliveries are retried if your endpoint is briefly down.