Alert Channels
Alert channels control where Merlonix sends notifications when a check result changes state — an SSL certificate approaching expiry, a DNS record drifting unexpectedly, or a vendor incident affecting a service your clients depend on.
Each channel has a type (email, Slack webhook, or custom webhook), a severity filter (which alert levels trigger a notification), and a scope (which client's assets it covers).
Channel types
Merlonix sends a plain-text email with the asset name, check type, severity level, and a direct link to the asset detail page. Your billing email is pre-configured as a channel automatically.
To add an additional email channel:
- Go to Settings → Alert channels
- Click Add channel
- Select Email
- Enter the recipient address
- Set the severity filter (see below)
- Click Save
You can add multiple email channels — for example, a shared #[email protected] address for the team and a separate channel for each client contact.
Slack webhook
Merlonix posts a formatted message to a Slack channel using an Incoming Webhook URL. The message includes the asset label, check type, severity, and a link.
For step-by-step Slack setup, see How to Configure Slack Alerts for Client SSL Expiry.
To add a Slack channel:
- Go to Settings → Alert channels → Add channel → Slack
- Paste the Incoming Webhook URL from your Slack app configuration
- Set a severity filter
- Click Save
Custom webhook
For PagerDuty, Teams, custom dashboards, or any other endpoint, use a custom webhook. Merlonix sends a signed POST request with a JSON body.
Webhook payload:
{
"asset_id": "uuid",
"asset_label": "Client A — main site",
"check_type": "ssl",
"classifier": "expiring_soon",
"severity": "warning",
"detail": { "days_remaining": 22 },
"alert_id": "uuid",
"fired_at": "2026-04-30T09:14:00Z"
}
Signature verification:
Each request includes an X-Merlonix-Signature: sha256=<hex> header. Verify it against your webhook secret to confirm the request originated from Merlonix.
const crypto = require('crypto');
const expected = crypto
.createHmac('sha256', process.env.WEBHOOK_SECRET)
.update(rawBody)
.digest('hex');
if (`sha256=${expected}` !== req.headers['x-merlonix-signature']) {
return res.status(401).end();
}
Your webhook secret is shown once when you create the channel. Store it in your environment secrets.
Severity filters
Each channel has a severity filter that controls which alert levels trigger a notification on that channel.
| Level | When it fires |
|---|---|
info | First check result, routine state changes, resolved incidents |
warning | SSL expiry 8–30 days, low-severity DNS drift, minor vendor incidents |
critical | SSL expiry ≤ 7 days, key downgrade, NS record change, major vendor outages |
Recommended configuration for most agencies:
| Channel | Severity filter | Purpose |
|---|---|---|
| Internal team email or Slack | warning and above | Catch issues while there is still time to act |
| Client-facing email or Slack | critical only | Notify clients only when action is needed now |
| PagerDuty / on-call webhook | critical only | Page the right person at 3 AM |
Setting your internal channel to info creates noise. Setting your client channel to warning generates alerts that clients cannot act on themselves. The configuration above keeps signal high on both sides.
Per-client routing
Alert channels are scoped to your tenant. Every channel you create receives alerts from all assets under your account.
To route alerts to a specific client contact only:
- Create a channel for that client (e.g., email
[email protected], severity: critical) - The channel will receive alerts from all assets — filter is by severity, not by asset
If you need asset-level routing (e.g., only Client A's domains trigger Client A's Slack channel), use a custom webhook and filter on asset_label in your receiver.
Note: Per-asset alert channel assignment is on the roadmap. The current model sends all severity-matching alerts to all matching channels.
Testing a channel
After creating a channel, click Test to send a sample alert payload. Confirm the notification arrives before relying on the channel for production alerts.
If the test notification does not arrive:
- Email: check spam folders and confirm the address is correct
- Slack: verify the Incoming Webhook URL is still active in your Slack app settings
- Webhook: check your endpoint logs for the incoming request and verify signature handling
Alert deduplication
Merlonix deduplicates alerts on a 24-hour window per (asset, check type, severity, classifier) combination. You receive at most one notification per day for the same condition on the same asset — until the condition resolves and recurs.
This means a single SSL certificate approaching expiry fires one alert per day, not one per check cycle. After you renew the certificate, the expiring_soon condition resolves; if expiry is detected again on a new cycle, a fresh alert fires.
Acknowledging or resolving an alert in the dashboard resets the deduplication window for that alert immediately.
Next: return to Getting Started or read Monitoring Concepts to understand how alerts are classified.