Create Alert Rule
developer/v1/alerts/rulesCreates a new alert rule to proactively monitor domains, SSL/TLS certificates, DNS records, or security configurations. Supports 14 alert types spanning system health (error rates, latency), usage tracking (budget thresholds, rate limits), and domain security (SSL expiry, DNS changes, subdomain discovery). Notifications are delivered via email with configurable cooldown periods to prevent alert fatigue — a key practice recommended by Google SRE and PagerDuty incident management frameworks.
What It Does
Defines an alert rule with a specific type (e.g., ssl_expiry, dns_changed, security_score_drop), trigger threshold, check window, notification channel (email), and cooldown period. The rule is evaluated continuously against live metrics. When conditions are met and the cooldown has elapsed, an alert is triggered and notifications are dispatched.
Why It's Useful
Proactive monitoring is the foundation of reliable infrastructure. Industry data shows that SSL certificate expiration is a leading cause of preventable outages — with best practices recommending alerts at 90, 30, 14, and 7 days before expiry. DNS change detection catches unauthorized modifications that could indicate DNS hijacking (an attack vector highlighted by OWASP and CISA). Automated alerting reduces Mean Time to Detect (MTTD) by up to 70%, enabling faster incident response.
Use Cases
SSL Certificate Expiry Monitoring
Set up tiered alerts at 90, 30, 14, and 7 days before SSL certificate expiration across all production domains to ensure timely renewal via ACME/Let's Encrypt or manual processes.
Prevent certificate-related outages that cause browser warnings, broken HTTPS, and service disruptions.
DNS Hijacking Detection
Monitor critical A, AAAA, CNAME, MX, and NS records for unauthorized changes that could indicate domain hijacking, BGP route leaks, or cache poisoning attacks.
Detect DNS-based attacks within minutes instead of hours — aligning with OWASP Domain Protect recommendations.
Security Score Regression Monitoring
Alert when any monitored domain's security score drops below your organization's compliance threshold, catching misconfigurations in SPF, DKIM, DMARC, or security headers.
Maintain continuous compliance with security policies and frameworks like SOC 2, ISO 27001, and NIST CSF.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
type | string | Required | Alert type: ssl_expiry, domain_expiry, dns_changed, security_score_drop, new_subdomain, error_rate_spike, latency_spike, external_api_down, circuit_breaker_open, degradation_active, rate_limit_hit, anomaly_detectedExample: ssl_expiry |
Response Fields
| Field | Type | Description |
|---|---|---|
rule.id | string | Unique alert rule ID (e.g., rule_abc123) |
rule.alert_type | string | Alert type identifier |
rule.enabled | boolean | Whether the rule is actively monitoring |
rule.threshold_value | number | Trigger threshold (e.g., 30 for days, 5 for percentage) |
rule.channels | array | Notification channels: ["email"] |
rule.cooldown_minutes | number | Minutes between repeated alerts (default: 60) |
rule.created_at | string | ISO 8601 creation timestamp |
Code Examples
curl "https://api.edgedns.dev/v1/alerts/rules" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d "type=ssl_expiry"const response = await fetch(
'https://api.edgedns.dev/v1/alerts/rules?type=ssl_expiry',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/alerts/rules',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
'type': 'ssl_expiry'
}
)
data = response.json()
print(data)Read the full Create Alert Rule guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.
Try This Endpoint
Test the Create Alert Rule endpoint live in the playground.