PagerDuty Integration
Connect PagerDuty to enable the AI agent to access incidents, on-call schedules, and alert data during investigations.
Capabilities
Once connected, the AI agent can:
| Capability | Description |
|---|---|
| View Incidents | Access PagerDuty incident details and timelines |
| On-Call Schedules | Look up who is currently on call |
| Alert Data | Retrieve alert details and trigger information |
| Service Status | Check service health and escalation policies |
| Incident History | Search past incidents for similar patterns |
| Alert Source Webhooks | Receive PagerDuty incident events (triggered, acknowledged, resolved) via Generic Webhook v3, with optional HMAC-SHA256 signature verification |
Prerequisites
- A PagerDuty account with API access
- A REST API Key (General Access or User Token)
- Read permissions for incidents, services, and schedules
Setup
- Log in to your PagerDuty account
- Navigate to Integrations → Developer Tools → API Access Keys
- Click Create New API Key
- Enter a description (e.g., "Autoheal Integration")
- Select Read-only API Key if available
- Copy the generated API key
- Go to Integrations in Autoheal
- Click PagerDuty
- Enter a name (e.g., "Production PagerDuty")
Enter the following:
- API Key: Your PagerDuty REST API key
Click Test Connection to verify, then Save.
API Key Types
PagerDuty supports two types of REST API keys:
| Type | Scope | Recommended |
|---|---|---|
| General Access REST API Key | Account-wide access | Yes (for org-level visibility) |
| User Token REST API Key | Scoped to a specific user | Yes (for limited access) |
Use a General Access REST API Key for the broadest visibility into incidents and services. If you need to limit scope, use a User Token REST API Key tied to a service account.
Required Permissions
The API key should have at least these permissions:
| Permission | Why It's Needed |
|---|---|
| Read access to Incidents | View incident details and timelines |
| Read access to Services | Check service status |
| Read access to Schedules | Look up on-call information |
| Read access to Users | Identify responders |
Example Queries
Once connected, you can ask the AI agent questions like:
Who is currently on call for the payments team?
Show me all open PagerDuty incidents
What incidents were triggered for the checkout service this week?
Get the timeline for PagerDuty incident #12345
Alert Source Setup
PagerDuty can act as an alert source by forwarding incident events to Autoheal via a Generic Webhook v3. Autoheal ingests triggered, acknowledged, and resolved events and maps them to alerts on the Alerts page.
Configure PagerDuty as an Alert Source
- Open your PagerDuty integration in Autoheal
- Scroll to the Alert Source section
- Enable the webhook and copy the Webhook URL
- In PagerDuty, go to Integrations → Generic Webhooks (v3) and click New Webhook
- Paste the Webhook URL from Autoheal into the URL field
- Set Scope Type to Service (or Team) and select the services/teams whose incidents you want forwarded
- Under Event Subscriptions, select at least
incident.triggered. Also enableincident.acknowledgedandincident.resolvedif you want status updates - Click Add Webhook. PagerDuty will display a one-time Signing Secret — copy it immediately
- Back in Autoheal, paste the Signing Secret into the Signing Secret field of the PagerDuty integration
- When set, Autoheal verifies the HMAC-SHA256 signature on every delivery. If the signature is missing or invalid, the request is rejected with 401
Trigger a test incident on one of the scoped services (for example via pd-test or by manually creating an incident). The alert should appear on Autoheal's Alerts page within a few seconds.
PagerDuty signs webhook deliveries with HMAC-SHA256 using the format v1=<hex> in the x-pagerduty-signature header. The signing secret is shown only once when the webhook is created — if you lose it, regenerate the webhook in PagerDuty and update the value in Autoheal.
The webhook URL already contains a unique per-integration secret, so only a caller with that exact URL can reach your endpoint. Adding the Signing Secret provides a second line of defence by verifying the payload signature.
Troubleshooting
401 Unauthorized Error
- Verify the API key is correct and has not been revoked
- Check that the API key has the required permissions
- Ensure the key is a REST API key (not an Events API key)
No Incidents Found
- Verify the time range includes active incidents
- Check that the API key has access to the relevant services
- Ensure there are incidents matching your query criteria
Rate Limiting
- PagerDuty enforces API rate limits
- Reduce query frequency if you encounter 429 errors
- Use more specific queries to reduce the number of API calls
Webhook Alerts Not Appearing in Autoheal
- Verify the webhook URL pasted into PagerDuty matches the one shown in Autoheal exactly
- Check that the webhook's Scope covers the service(s) whose incidents you want forwarded
- Ensure at least
incident.triggeredis selected in Event Subscriptions - Confirm the webhook is enabled in the Autoheal integration settings
Webhook Returns 401 (Signature Verification Failed)
- If you configured a Signing Secret in Autoheal, confirm it matches the value PagerDuty showed when the webhook was created
- PagerDuty signing secrets are shown only once — if unsure, regenerate the webhook and update the secret in Autoheal
- To disable signature verification, clear the Signing Secret field in Autoheal