Garmingo Docs
Types

Signal

Receive critical outage and recovery alerts via Signal messenger.

Send critical outage and recovery alerts through Signal using a secure self‑hosted (or trusted) Signal gateway.

How It Works

Garmingo sends a JSON payload to your provided Signal Gateway (REST) endpoint. The gateway authenticates the request with your API token and forwards the message from the configured sender (phone number) to subscribed recipients through the Signal network (end‑to‑end encrypted beyond the gateway boundary).

Prerequisites

  1. A running Signal gateway / relay (e.g. a REST wrapper around signal-cli).
  2. A registered Signal phone number (sender) linked to that gateway.
  3. An API token generated by (or configured on) the gateway for authenticating inbound requests.
  4. Publicly reachable HTTPS URL (strongly recommended TLS; use a certificate trusted by standard roots).

Setup in Garmingo

Fill the three fields exactly as shown in the UI:

FieldWhat to EnterExample
Signal Phone NumberThe sender number registered on your gateway (E.164).+49123456789
Signal API URLBase URL of your Signal gateway endpoint (include protocol + optional port, no trailing slash).https://signal.example.com:8080
Signal API TokenGateway auth token (keep secret).sgl_live_xxxxxxxxx

Click Save / Connect. A lightweight validation request is sent (HEAD or small POST depending on gateway adapter) – failures surface immediately.

Testing the Gateway (Optional)

Before wiring Garmingo, verify manually:

curl -X POST \
	-H "Authorization: Bearer <TOKEN>" \
	-H "Content-Type: application/json" \
	https://signal.example.com:8080/send \
	-d '{"number": "+49123456789", "recipients": ["+49111222333"], "message": "Signal test OK"}'

Expect HTTP 200/202. Any 4xx means auth / format issue; 5xx indicates gateway failure.

Event Coverage

Recommended to enable only high‑impact events:

  • Monitor DOWN / UP (recovery)
  • Incident created / resolved / severity change
  • Optional: Maintenance started / ended (only for premium stakeholders)

Message Format

Default layout (first line optimized for quick glance):

[CRITICAL][DOWN] API Gateway – 5xx spike
Region: eu-central-1
Duration: 2m 14s
Link: https://status.example.com/incidents/123

You can fine‑tune which dynamic fields appear (where supported) under Integration → Edit later.

Security

  • Treat the Signal API Token as a secret (store in a vault; do not commit to code repos).
  • Use HTTPS only; reject plain HTTP.
  • Restrict gateway firewall to only Garmingo egress IPs (if your plan exposes them) to reduce abuse surface.
  • Rotate the token at least every 90 days or immediately upon suspicion of compromise.
  • Monitor gateway logs for unusual burst patterns.

Rotation Procedure

  1. Create a new token in the gateway.
  2. Update the integration in Garmingo with the new token (keep tab open).
  3. Send a test (incident test or dummy monitor) → confirm delivery.
  4. Revoke the old token.

Troubleshooting

SymptomLikely CauseResolution
401 / UnauthorizedWrong or expired API TokenRegenerate token; update integration; retest
400 / Validation errorMalformed phone numberUse full E.164 +<country><number> format
Timeout / No responseGateway offline / DNS failureCheck container / service logs; verify DNS & TLS cert
Delivered twiceGateway retry logic + slow ackEnsure idempotent handling; tune gateway timeout
Incident not sent but monitor alerts areEvent filtering excludes incident typesEdit integration → enable incident events

Best Practices

  • Keep Signal reserved for critical, low-volume alerts to maintain signal/noise ratio.
  • Combine with a broader channel (email / Slack) for verbose context; link back rather than duplicating full payload.
  • Sanitize dynamic titles (avoid secrets / internal hostnames when possible).

Data Privacy

Only the message text, severity metadata, and link are transmitted. No credentials or raw logs are included. For additional redaction, adjust the incident / monitor templating rules before Signal dispatch.