Does Certimon have a public SSL monitoring API?

Certimon does not expose a public REST API yet. The current monitoring API surface is alert-side: certificates registered via Telegram or the web dashboard are re-checked hourly, and expiry crossings are pushed to Microsoft Teams via a Workflows webhook, to PagerDuty via the Events API v2, or to Telegram. A read API is on the roadmap and this page documents the planned endpoint shape.

How are SSL monitoring alerts delivered today?

Three channels. Microsoft Teams uses a free Workflows webhook that receives an Adaptive Card. PagerDuty uses the Events API v2 with a routing key and triggers an incident. Telegram uses the Certimon bot to push a chat message. All three are configured per reminder window in the web dashboard or via the bot.

What does an SSL expiry webhook payload look like?

It includes the hostname, port, issuer, expiry timestamp, days remaining, the reminder window that fired, the configured threshold and a normalized status such as expiring_soon, expired or invalid. PagerDuty payloads add a dedup key so repeated firings within a window collapse into a single incident.

Can I get a JSON response for a single SSL check via API?

Not over HTTP yet. The /check Telegram command and the web dashboard both run a real TLS handshake against the requested hostname and return the same data a REST endpoint would. The planned REST shape is documented on this page so consumers can prepare integrations.

What authentication will the SSL monitoring API use?

An API token tied to a Certimon account, sent as a bearer header. PagerDuty integrations use a separate per-service routing key, and Microsoft Teams uses the workflow URL itself as the shared secret. Telegram delivery is bound to the chat ID registered through the bot.

SSL monitoring API · Certificate expiry webhooks · Alert integrations

SSL Certificate Monitoring API

Certimon's SSL certificate monitoring runs hourly checks against every registered hostname and fans expiry events out to Microsoft Teams, PagerDuty and Telegram. This page documents how those integrations look on the wire today, and the REST endpoint shape planned for direct programmatic access.

Open the dashboard See webhook payloads

What "SSL monitoring API" means at Certimon today

A monitoring API is a continuous capability, not a one-off check. The job is to watch a list of hostnames over time, notice when a certificate is approaching expiry, and push that event into the system that should react. Certimon does this end-to-end: register a domain through the Telegram bot or the web dashboard at app.certimon.com, set one or more reminder windows, and the service handles the scheduling, TLS handshake and alert dispatch.

The current API surface is the alert side — webhooks into Microsoft Teams, PagerDuty Events API v2 and Telegram. That covers the most common reason teams reach for a monitoring API in the first place: getting expiry events into their existing incident pipeline without writing a cron job that parses openssl s_client output.

If you need a one-shot HTTP check rather than continuous monitoring with alerts, read SSL Checker API: alternatives and design for the request/response shape comparison.

Today's monitoring integrations

Three transports, one event model. Pick the one your team already uses.

Microsoft Teams

Free Workflows webhook receives an Adaptive Card per expiry event. No Office 365 Connector required.

Transport: HTTPS POST · Auth: workflow URL secret · Format: Adaptive Card JSON

Set up Teams →

PagerDuty

Events API v2 trigger that creates an incident, respects escalation policies and dedup keys.

Transport: events.pagerduty.com/v2/enqueue · Auth: routing key · Format: Events v2 JSON

Set up PagerDuty →

Direct message from the Certimon bot to your chat or group, with the same expiry payload.

Transport: Telegram Bot API · Auth: chat binding · Format: plain message

Set up Telegram →

Example webhook payloads

Every alert carries the same core fields: hostname, port, issuer, expiry timestamp, days remaining, and which configured reminder window fired. The transport wraps that core in the format the destination expects.

PagerDuty Events API v2 trigger

POST https://events.pagerduty.com/v2/enqueue
Content-Type: application/json

{
  "routing_key": "R0UT1NGK3Y...",
  "event_action": "trigger",
  "dedup_key": "certimon:example.com:443:30d",
  "payload": {
    "summary": "SSL certificate for example.com expires in 30 days",
    "severity": "warning",
    "source": "certimon",
    "component": "example.com:443",
    "group": "ssl-expiry",
    "class": "certificate",
    "custom_details": {
      "host": "example.com",
      "port": 443,
      "issuer": "Let's Encrypt",
      "valid_until": "2026-06-24T23:59:59Z",
      "days_remaining": 30,
      "reminder_window_days": 30,
      "status": "expiring_soon"
    }
  }
}

Microsoft Teams Adaptive Card

POST https://prod-XX.westeurope.logic.azure.com/workflows/.../triggers/...
Content-Type: application/json

{
  "type": "message",
  "attachments": [{
    "contentType": "application/vnd.microsoft.card.adaptive",
    "content": {
      "type": "AdaptiveCard",
      "version": "1.4",
      "body": [
        { "type": "TextBlock", "size": "Large", "weight": "Bolder",
          "text": "SSL expiry warning: example.com" },
        { "type": "FactSet", "facts": [
          { "title": "Host",            "value": "example.com:443" },
          { "title": "Issuer",          "value": "Let's Encrypt" },
          { "title": "Expires",         "value": "2026-06-24 23:59 UTC" },
          { "title": "Days remaining",  "value": "30" },
          { "title": "Reminder window", "value": "30 days" }
        ]}
      ]
    }
  }]
}

Telegram messages are plain text. The bot formats the same fields into a single message so the chat history stays readable on mobile.

Planned REST endpoints

A read/write REST API is on the roadmap so callers can register domains, list monitored certificates and pull a snapshot of expiry state from CI, an inventory system or a status page. The shape below is what Certimon plans to ship and welcomes feedback on before locking it in.

Authentication

Authorization: Bearer ck_live_***   # account-scoped API token
X-Certimon-Account: acct_123        # optional, for multi-account users

List monitored domains

GET /v1/domains
{
  "data": [
    {
      "host": "example.com",
      "port": 443,
      "reminder_windows_days": [30, 7, 1],
      "last_checked_at": "2026-05-25T22:00:00Z",
      "valid_until": "2026-07-25T23:59:59Z",
      "days_remaining": 61,
      "issuer": "Let's Encrypt",
      "status": "ok"
    }
  ],
  "next_cursor": null
}

Register or update a domain

PUT /v1/domains/example.com
{
  "port": 443,
  "reminder_windows_days": [30, 7, 1],
  "destinations": ["telegram", "pagerduty:routing_key_id", "teams:workflow_id"]
}

On-demand check

GET /v1/check?host=example.com&port=443
{
  "host": "example.com",
  "port": 443,
  "checked_at": "2026-05-25T22:01:13Z",
  "status": "ok",
  "days_remaining": 61,
  "valid_from": "2026-04-26T00:00:00Z",
  "valid_until": "2026-07-25T23:59:59Z",
  "issuer": "Let's Encrypt",
  "subject": "CN=example.com",
  "subject_alt_names": ["example.com", "www.example.com"],
  "hostname_matches": true,
  "chain_valid": true,
  "protocol": "TLSv1.3",
  "error": null
}

Rate limits

Planned at 60 reads/minute and 5,000/day per token. Burst above is throttled, not billed.

Idempotency

PUT /v1/domains/<host> is idempotent. Reposting the same body is a no-op.

Safety

Private IPs, localhost and ports outside the allowlist are rejected to avoid SSRF abuse.

Pricing

Certimon's monitoring service is free for unlimited domains today, including the Microsoft Teams, PagerDuty and Telegram alert integrations. There is no per-domain charge, no trial period and no premium plan.

The REST API described above will follow the same approach: a generous free tier suitable for small teams and side projects, with optional paid limits only if a usage pattern emerges that needs them. Want early access or a higher quota for a specific workload? Email [email protected] and Certimon will get back to you.

Wire SSL expiry into your alerting today

Set up the Microsoft Teams, PagerDuty or Telegram integration in the web dashboard. The REST endpoints arrive on top of the same monitoring core when they ship.

Open the dashboard Contact for API early access