Token Management
Create, rotate, and manage alert ingest tokens for secure webhook delivery.
Token Management
Alert ingest tokens authenticate incoming webhooks. Each token is tied to your organization and works across all provider endpoints.
Creating a token
- Go to Settings > Integrations > Alert Ingestion
- Click Create Token
- Optionally assign a label and link it to a specific service
- Copy the token — it is only shown once
The token format is alt_<hex> and is stored as a SHA-256 hash. The plaintext is never persisted after creation.
Token options
| Option | Description |
|---|---|
| Label | A human-readable name (e.g., "Production AlertManager") |
| Service | Optional service routing — alerts using this token are automatically associated with the selected service |
| Signing secret | Optional HMAC-SHA256 secret for Datadog signature verification |
| Active | Toggle to temporarily disable a token without deleting it |
Rotating a token
Rotate a token to generate a new secret while preserving the token's configuration:
- Go to Settings > Integrations > Alert Ingestion
- Click the rotate icon next to the token
- Update your alerting tool with the new token value
The previous token is immediately invalidated.
Idempotency
To prevent duplicate alert deliveries, include an X-Idempotency-Key header with a unique value per alert event. BlameTrail deduplicates deliveries with the same token and idempotency key combination.
Some providers generate natural idempotency keys automatically (e.g., AlertManager group keys, CloudWatch message IDs).