Skip to content
JITSudo Docs

Notification Channels

JITSudo sends notifications through configured channels when access request lifecycle events occur.

Supported Events

Section titled “Supported Events”
EventDescription
request.pendingNew request submitted, awaiting review
request.approvedRequest approved
request.deniedRequest denied
request.expiredApproval timeout reached
request.break_glassEmergency break-glass access used
grant.activeGrant provisioned, access is live
grant.expiring_soonGrant nearing expiration
grant.expiredGrant expired
grant.revokedGrant revoked

Channel Types

Section titled “Channel Types”

Slack Webhook

Section titled “Slack Webhook”
Terminal window
curl -X POST https://jitsudo.example.com/v1/notification-channels/slack-webhook \
  -H "X-API-Key: <api-key>" \
  -H "X-Tenant-ID: <tenant-uuid>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "engineering-slack",
    "webhook_url": "https://hooks.slack.com/services/T.../B.../xxx",
    "event_filters": ["request.pending", "request.approved", "grant.active"]
  }'

Email (SMTP)

Section titled “Email (SMTP)”
Terminal window
curl -X POST https://jitsudo.example.com/v1/notification-channels/email \
  -H "X-API-Key: <api-key>" \
  -H "X-Tenant-ID: <tenant-uuid>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "security-team-email",
    "smtp_host": "smtp.example.com",
    "smtp_port": 587,
    "from_address": "jitsudo@example.com",
    "to_addresses": ["security@example.com"]
  }'

Generic Webhook

Section titled “Generic Webhook”
Terminal window
curl -X POST https://jitsudo.example.com/v1/notification-channels/generic-webhook \
  -H "X-API-Key: <api-key>" \
  -H "X-Tenant-ID: <tenant-uuid>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "pagerduty-webhook",
    "url": "https://events.pagerduty.com/integration/xxx/enqueue",
    "headers": {"Authorization": "Token token=xxx"}
  }'

AWS SNS

Section titled “AWS SNS”
Terminal window
curl -X POST https://jitsudo.example.com/v1/notification-channels/aws-sns \
  -H "X-API-Key: <api-key>" \
  -H "X-Tenant-ID: <tenant-uuid>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "ops-sns-topic",
    "topic_arn": "arn:aws:sns:us-east-1:123456789012:jitsudo-notifications"
  }'

Event Filtering

Section titled “Event Filtering”

Each channel can specify event_filters — an array of event types to subscribe to. An empty array (or omitted) means all events are delivered.

Notification Processing

Section titled “Notification Processing”

Notifications are processed asynchronously by the NotifyWorker:

  • Non-blocking — notification failures don’t affect request processing
  • Retries up to 3 times on failure
  • Deduplication by payload with a 2-hour window