Inbound webhooks
Inbound webhooks let external systems create Manage365 alerts via HTTP. Each webhook has a unique URL + bearer secret; the alert flows through the same channels, escalation rules, and PSA ticket automation as any other alert.
Creating a webhook
Settings → Notifications → Inbound webhooks → New webhook. Give it a name (e.g. "n8n server-down detector") and save. You'll see the POST URL + bearer secret exactly once.
Sending an event
curl -X POST https://api.manage365.com.au/api/v1/inbound/abc123… \
-H "Authorization: Bearer m365_hook_…" \
-H "Content-Type: application/json" \
-d '{
"severity": "high",
"title": "Server unreachable",
"description": "Monitoring probe failed 3 times in a row.",
"customerTenantDomain": "client.onmicrosoft.com",
"dedupeKey": "prtg:server-123"
}'Payload fields
| Field | Required | Notes |
|---|---|---|
title | yes | Short headline — shows on alert rows and Teams/Slack |
description | yes | Longer body. Plain text. |
severity | no | low | medium | high | critical. Defaults to medium. |
category | no | system (default) | security | compliance | licence | drift | billing |
customerTenantId | no | Manage365 UUID. Use this if you have it. |
customerTenantDomain | no | M365 default domain (client.onmicrosoft.com). Nicer for n8n flows — no UUIDs to look up. |
dedupeKey | no | If you send the same key twice, the second call updates the existing alert instead of creating a new one. |
metadata | no | Arbitrary JSON object — surfaced in alert details. |
Response
202 Accepted with { "ok": true, "alertId": "…" } on success. The alert is queued immediately — notification channel fan-out and PSA escalation happen async.
Failure modes
401— wrong bearer secret, or the webhook has been deleted.404— slug doesn't exist, or the webhook is disabled.400— missingtitleordescription, orcustomerTenantDomainnot found on your MSP.
Monitoring
Each hook tracks success + failure counts + last fired/last error on the card. Broken integrations show up in red with the last error message visible — debugging doesn't need server logs.