Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.scrubbe.com/llms.txt

Use this file to discover all available pages before exploring further.

The ingestion API normalizes and deduplicates events from your existing monitoring and alerting tools, routing them into the Scrubbe signal pipeline for triage, correlation, and incident creation. All ingestion endpoints use X-API-Key authentication — JWT Bearer tokens are not accepted on these routes. Endpoints live under /api/v1/ingestion.
Ingestion endpoints accept only X-API-Key: <key> authentication. Requests with Authorization: Bearer headers will be rejected with 401 Unauthorized. Generate a key with the ingestion:write scope from the API Keys page.

How ingestion works

Each endpoint accepts a source-specific event payload, normalizes it to a canonical Scrubbe signal format, and deduplicates it against the existing signal stream. Duplicate events — identified by a combination of source, event type, and a fingerprint derived from the payload — are merged rather than creating redundant signals. 
POST /api/v1/ingestion/<source>
X-API-Key: <key>
Content-Type: application/json

{ ...source-specific payload... }
A successful ingestion returns a signal ID you can use to track the event through the pipeline. 
{
  "success": true,
  "message": "Event ingested successfully.",
  "data": {
    "signalId": "sig_01HX...",
    "deduplicated": false,
    "source": "prometheus"
  }
}
data.signalId
string
Unique ID assigned to this signal in the Scrubbe pipeline.
data.deduplicated
boolean
true if this event was merged into an existing signal rather than creating a new one.
data.source
string
The normalized source name recorded for the signal.

POST /ingestion/github

Ingest a GitHub webhook event (push, pull request, deployment status, etc.).
action
string
required
GitHub event action. Example: "opened", "completed".
repository
object
required
GitHub repository object from the webhook payload.
sender
object
GitHub user object representing the actor who triggered the event.
Point your GitHub webhook directly at this endpoint. Set the content type to application/json in your repository’s webhook settings.

POST /ingestion/gitlab

Ingest a GitLab webhook event (push, merge request, pipeline, etc.).
object_kind
string
required
GitLab event kind. Example: "push", "merge_request", "pipeline".
project
object
required
GitLab project object from the webhook payload.
user
object
GitLab user who triggered the event.

POST /ingestion/kubernetes

Ingest a Kubernetes event or alert (e.g., pod crash, OOMKilled, node not ready).
type
string
required
Kubernetes event type. Example: "Warning", "Normal".
reason
string
required
Short reason string from the event. Example: "OOMKilling", "BackOff".
message
string
required
Human-readable event message.
involvedObject
object
required
The Kubernetes resource the event relates to (kind, name, namespace).
metadata
object
Standard Kubernetes object metadata (namespace, labels, creationTimestamp).

POST /ingestion/pagerduty

Ingest a PagerDuty webhook event (incident triggered, acknowledged, resolved, etc.).
messages
object[]
required
Array of PagerDuty webhook message objects. Each message includes event, incident, and log_entries.
PagerDuty webhook v3 payloads are supported. Configure the outbound webhook in your PagerDuty account to point to this endpoint.

POST /ingestion/prometheus

Ingest an Alertmanager webhook payload from Prometheus.
receiver
string
required
Alertmanager receiver name.
status
string
required
Alert group status. One of: "firing", "resolved".
alerts
object[]
required
Array of Prometheus alert objects. Each alert contains status, labels, annotations, startsAt, and endsAt.
curl --request POST \
  --url "https://your-api-domain.com/api/v1/ingestion/prometheus" \
  --header "Content-Type: application/json" \
  --header "X-API-Key: $API_KEY" \
  --data '{
    "receiver": "scrubbe-webhook",
    "status": "firing",
    "alerts": [
      {
        "status": "firing",
        "labels": {
          "alertname": "HighErrorRate",
          "severity": "critical",
          "service": "payment-api"
        },
        "annotations": {
          "summary": "Error rate above 5% for 5 minutes",
          "description": "The payment-api service is returning 5xx errors at 8.3%."
        },
        "startsAt": "2025-05-22T14:00:00Z",
        "endsAt": "0001-01-01T00:00:00Z"
      }
    ]
  }'

POST /ingestion/datadog

Ingest a Datadog webhook notification (monitor alert, recovery, etc.).
id
string
required
Datadog monitor ID.
type
string
required
Datadog event type. Example: "monitor alert", "metric alert".
title
string
required
Monitor alert title.
body
string
Full monitor alert body text.
priority
string
Alert priority. One of: "normal", "low".
Configure your Datadog webhook integration to point to this endpoint. Include the API key in the URL as a query parameter or set it as a custom header named X-API-Key.

POST /ingestion/webhook

Generic canonical webhook endpoint for tools not covered by a dedicated integration. Submit a normalized signal payload directly.
source
string
required
Identifier for the originating tool or system. Example: "custom-monitor", "statuspage".
title
string
required
Short description of the event.
severity
string
required
Signal severity. One of: "critical", "high", "medium", "low", "info".
status
string
required
Current state of the event. One of: "firing", "resolved".
message
string
Detailed description of the event.
metadata
object
Arbitrary key-value pairs for additional context. These are stored with the signal and surfaced in the Scrubbe UI.
timestamp
string
ISO 8601 timestamp of the original event. Defaults to the time of ingestion if omitted.
{
  "source": "custom-monitor",
  "title": "Database connection pool exhausted",
  "severity": "critical",
  "status": "firing",
  "message": "All 100 connections in pool are in use. New queries are being queued.",
  "metadata": {
    "region": "us-east-1",
    "service": "orders-db"
  },
  "timestamp": "2025-05-22T15:30:00Z"
}