Status · webhook subscription
Mama status events, to any HTTPS endpoint.
JSON payload, HMAC-signed, retried on 5xx. The transport of choice if you aggregate vendor statuses in a tool like Statuspal, FireHydrant, or your own internal incident bot.
Subscribe
In Mama: Settings → Status → Webhooks → Add endpoint. Or via API:
curl -X POST https://api.signalmama.com/v1/status/subscriptions \
-H "Authorization: Bearer $MAMA_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"url": "https://hooks.your-domain.com/mama-status",
"events": ["incident.created","incident.updated","incident.resolved","maintenance.scheduled"],
"severity_min": "degraded"
}'
Response includes a signing_secret — store it server-side, you'll use it to verify HMAC signatures on every delivery.
Payload shape
{
"event": "incident.created",
"event_id": "evt_2026_04_05_001",
"delivered_at": "2026-04-05T14:12:38Z",
"incident": {
"id": "inc_2026_04_05_brief_queue",
"title": "Brief generation paused",
"severity": "major",
"status": "investigating",
"components": ["brief-queue", "opener-api"],
"started_at": "2026-04-05T14:12:00Z",
"url": "https://signalmama.com/status"
}
}
Signature verification
Every request is signed with X-Mama-Signature: sha256=<hex>. Verify with:
const sig = req.headers['x-mama-signature'].slice(7);
const expected = crypto.createHmac('sha256', SIGNING_SECRET)
.update(req.rawBody)
.digest('hex');
if (!crypto.timingSafeEqual(Buffer.from(sig), Buffer.from(expected))) {
return res.status(401).send('bad signature');
}
Retry behavior
2xx = delivered. 5xx (or no response in 10s) = retried with exponential backoff at 1m, 5m, 25m, 2h, 12h. 4xx = treated as a permanent error and not retried (we assume you intentionally rejected it).