How do HTTP/HTTPS monitors work?

Configure HTTP and HTTPS monitors with custom methods, headers, assertions, and SSL verification.

HTTP monitors are the most versatile check type in UpCanary. They make real HTTP requests to your URLs and verify the responses - making them suitable for websites, REST APIs, health check endpoints, and any service accessible over HTTP or HTTPS.

Configuration Options

URL

The full URL to check, including the scheme (http:// or https://).

https://yoursite.com
https://api.yourapp.com/health
http://internal-service:8080/status

Both HTTP and HTTPS URLs are supported. For HTTPS URLs, UpCanary also verifies the SSL certificate by default (configurable).

HTTP Method

Choose the HTTP method for the request:

Method	Typical Use
`GET`	Fetch a page or resource (default)
`POST`	Submit data, trigger an action
`PUT`	Replace a resource
`PATCH`	Partially update a resource
`DELETE`	Remove a resource
`HEAD`	Check headers without downloading the body
`OPTIONS`	Check CORS preflight or supported methods

For most uptime checks, GET is the right choice. Use POST or PUT when your health endpoint expects a request body.

Request Body

For POST, PUT, and PATCH requests, you can send a request body. Enter the raw body content - typically JSON:

{
  "ping": true
}

Set the Content-Type header accordingly (e.g., application/json).

Request Headers

Add custom HTTP headers to the request. Common uses:

Authorization - pass an API key or bearer token
Content-Type - specify the body format
Accept - request a specific response format
X-Custom-Header - any proprietary header your service requires

Authorization: Bearer your-api-key-here
Content-Type: application/json
Accept: application/json

Assertions

Assertions define what a successful response looks like.

Expected Status Code The HTTP status code the response must return. Defaults to 200. Common values:

200 - OK
201 - Created
204 - No Content (common for health endpoints)
301 / 302 - Redirect (if you’re not following redirects)

If the response returns a different status code, the monitor marks as Down or Degraded.

Response Body Contains An optional string that must appear somewhere in the response body. Useful for verifying the response is meaningful, not just a 200 with an error page.

"status":"ok"

healthy

If the response body does not contain this string, the monitor marks as Down even if the status code matched.

Redirects

Follow Redirects - when enabled, UpCanary follows HTTP redirects (301, 302, 307, 308) automatically. Enabled by default.

Max Redirects - the maximum number of redirects to follow before marking the check as failed. Defaults to 5. Set lower if you want to detect redirect loops early.

To assert that a URL redirects to a specific location, disable follow redirects and assert on the 301 or 302 status code.

Timeout

The maximum time in milliseconds to wait for a response before marking the check as failed. Defaults to 30000 (30 seconds).

For most services, a timeout between 5000 and 15000 ms is appropriate. Very slow responses indicate a degraded service even if they technically succeed.

SSL & Domain Expiry Monitoring

HTTP monitors for HTTPS URLs can optionally enable SSL certificate expiry and domain expiry monitoring. These are not separate checks - they are features you toggle on within the HTTP monitor configuration.

When enabled, these checks run on a fixed 24-hour schedule, independent of the monitor’s regular check interval. They consume no additional credits.

Verify SSL - when enabled, the regular HTTP check fails if the SSL certificate is invalid, expired, or self-signed. Enabled by default.

SSL Warning Days - how many days before certificate expiry to trigger a warning alert. Recommended: 30 days.

SSL Critical Days - how many days before certificate expiry to trigger a critical alert. Recommended: 7 days.

Domain expiry monitoring works the same way with its own warning and critical day thresholds.

See SSL & Domain Expiry for the full reference.

Example Configurations

Simple Website Uptime

URL: https://yoursite.com
Method: GET
Expected Status: 200
Follow Redirects: Yes
Verify SSL: Yes
Interval: 5 minutes

JSON API Health Endpoint

URL: https://api.yourapp.com/health
Method: GET
Expected Status: 200
Body Contains: "status":"healthy"
Verify SSL: Yes
Interval: 1 minute

Authenticated API Endpoint

URL: https://api.yourapp.com/v1/users
Method: GET
Headers:
  Authorization: Bearer eyJhbGciOiJIUzI1NiJ9...
Expected Status: 200
Interval: 5 minutes

POST Health Check

URL: https://api.yourapp.com/ping
Method: POST
Body: {"source": "upcanary"}
Headers:
  Content-Type: application/json
Expected Status: 200
Body Contains: "pong"
Interval: 1 minute

Redirect Check

URL: http://yoursite.com
Method: GET
Follow Redirects: No
Expected Status: 301
Interval: 10 minutes

Monitor Overview - All monitor types and how they work
SSL & Domain Expiry - Certificate and domain monitoring built into HTTP checks
Monitoring Regions - Where HTTP checks run from
Check Intervals & Credits - Choose the right check frequency
Alerts & Notifications - Get notified when HTTP monitors detect issues
Monitor Your API Guide - Step-by-step HTTP monitoring for APIs