Introduction

Configurer HTTP callbacks to push Level events to your own systems in real time. When something happens in Level — a new alert fires, a device is added, a group is updated — Level sends a POST request to the URL you specify, so you can react to it in your own tooling without polling the API.

For full API reference and per-event payload schemas, see the Level Developer Documentation.

⚙️ PREREQUISITES

A publicly accessible HTTPS endpoint ready to receive POST requests with a JSON body.
Admin access to your Level organization.

Webhook Paramètres

Navigate to Paramètres → Webhooks. The page has two tabs:

Webhooks — your configured webhooks
Requests — the delivery log for all outbound requests

Creating a Webhook

1. Cliquez sur + Ajouter webhook (top right) or + Créer webhook (empty state).

2. Entrer the destination URL. This is where Level will POST event data. Use HTTPS.

3. (Optionnel) Entrer a Secret. Level uses this to sign each outgoing request so your endpoint can verify the payload came from Level.

💡 CONSEIL : Generate your secret with a password manager or openssl rand -hex 32. Use a high-entropy random string.

⚠️ WARNING: The secret can't be viewed again after you save. Copy it somewhere before clicking Ajouter webhook — you'll need it in your endpoint code to verify signatures.

4.. The Activerd toggle is on by default. Leave it on to start receiving events immediately. Désactiver it to pause delivery without deleting the webhook.

5. Under Events to send, choose what triggers this webhook:

Send all event types — Level sends every event type, including any new ones added in the future.
Sélectionnez types to send — pick from the list below.

Available Event Tapezs

Event	When it fires
Alert active	A new alert is raised on a device
Alerte résolue	An existing alert is resolved
Appareil created	A new device is added to your account
Appareil deleted	A device is removed from your account
Appareil updated	An existing device's data or configuration changes
Groupe created	A new device group is created
Groupe deleted	A device group is permanently deleted
Groupe updated	A group's name or configuration is changed

ℹ️ REMARQUE : If you use Sélectionnez types to send, new event types added to Level in the future won't be included automatically. Switch to Send all event types if you want forward-compatible delivery.

6. Cliquez sur Ajouter webhook to save.

Payload Structure

Every webhook delivery — regardless of event type — uses the same JSON envelope:

{
  "event_type": "device_created",
  "event_id": "a3f1b2c4-...",
  "occurred_at": "2026-03-13T18:30:00Z",
  "data": { ... }
}

Field	Tapez	Description
`event_type`	string	One of the 8 event types listed above
`event_id`	UUID	Unique per event; stable across retries — use this to deduplicate
`occurred_at`	ISO 8601 datetime (UTC)	When the event was generated
`data`	object	Resource-specific payload for this event

💡 CONSEIL : Use event_id to make your endpoint idempotent. Level retries failed deliveries automatically, so the same event may arrive more than once.

ℹ️ REMARQUE : For full per-event data schemas, see the Level Developer Documentation.

Verifying Request Signatures

If you configured a secret, Level includes an X-Level-Signature header on every request. The format is sha256=<hex_digest>.

To verify:

Take the raw JSON request body as a string.
Compute HMAC-SHA256 of that string using your secret as the key.
Prefix the result with sha256= and compare it to the X-Level-Signature header value.
If they match, the request is from Level.

ℹ️ REMARQUE : The X-Level-Signature header is only present when a secret is configured on the webhook. If you didn't set one, consider editing the webhook to add it.

Reviewing Delivery Logs

The Requests tab shows every outbound request Level has attempted across all configured webhooks.

Each row shows:

Statut — success or failed badge
Statut code — the HTTP response code from your endpoint (or -- if the connection failed before a response)
URL — the destination for that request

Cliquez sur any row to open the detail panel.

The detail panel shows:

Event time — when the event occurred
Statut code — HTTP response from your server
Full URL — the exact URL Level sent to
Error message — the connection or HTTP error, if any
Response body — what your endpoint returned (or the raw error output)

Automatic Retries

When a delivery fails, Level retries automatically — up to 3 attempts total. Each retry waits approximately 2 minutes, plus a random delay of 1–60 seconds. After 3 failed attempts, Level stops trying and logs the final failure. Non alert is raised and the webhook isn't disabled.

ℹ️ REMARQUE : Because Level retries automatically, the same event may be delivered more than once. Use event_id to deduplicate on your end.

Re-running a Failed Request Manually

If you've fixed the underlying issue and don't want to wait for the next retry, click Re-run request at the bottom of the detail panel. Level resends the original payload immediately.

⚠️ WARNING: Re-run request sends the same payload again. If your endpoint isn't idempotent, this may create duplicates. Check event_id before processing.

Managing Existing Webhooks

On the Webhooks tab, each configured webhook is listed with its URL and enabled status. From there you can edit the configuration, toggle it on or off, or delete it.

ℹ️ REMARQUE : Disabling a webhook stops delivery without deleting it or its request history. Use this when your endpoint is undergoing maintenance.

Questions fréquemment posées

What format does Level use for webhook payloads? Level sends an HTTP POST with a JSON body. Every event uses the same envelope: event_type, event_id, occurred_at, and data. The data object contains the resource-specific payload for that event type. See the Level Developer Documentation for full per-event schemas.
How do I verify that a request came from Level? Set a secret on the webhook. Level includes an X-Level-Signature header formatted as sha256=<hex_digest> on every request. Compute HMAC-SHA256 of the raw request body using your secret, then compare to the header value. See Verifying Request Signatures above.
Who can create and manage webhooks? Webhook configuration — including the Requests log — is restricted to admins. Only technicians with admin access to your Level organization can create, edit, view, or delete webhooks.
My requests are all showing as Failed. What should I check? Open a failed request in the detail panel and read the error message and response body. Common causes: the URL isn't publicly reachable, your endpoint returned a non-2xx status code, or the URL was mistyped. Fix the underlying issue, then use Re-run request to retry without waiting for the automatic retry window.
Can I send the same events to multiple endpoints? Oui. Créer a separate webhook for each destination URL. Each webhook subscribes to event types independently.
What happens after 3 failed delivery attempts? Level stops retrying and logs the final failure. The webhook stays enabled and will continue attempting future events — only that specific delivery is abandoned. You can still manually re-run it from the Requests tab.
I lost my webhook secret. Can I recover it? Non. The secret can't be viewed after the webhook is saved. Modifier the webhook to set a new secret, then update your endpoint code to use the new value.