Documentation | Flowtriq DDoS Detection API & Agent Setup
Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications NEW
Research & Guides
Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services Compliance NEW
Docs/Alert Channels

Alert Channels

Flowtriq supports 12 alert channel types. Configure them from the dashboard under Alert Channels.

Discord

Setup: Create a webhook in your Discord channel (Settings → Integrations → Webhooks → New Webhook). Copy the URL.

Payload: Rich embed with severity color, attack family, peak PPS/BPS, node name, source IP count, AI summary, and a link to the incident dashboard.

Options: Custom bot name, avatar URL, @everyone mention on all alerts.

Slack

Setup: Create an Incoming Webhook in your Slack workspace (Apps → Incoming Webhooks → Add). Copy the URL.

Payload: Block Kit message with the same fields as Discord, plus action buttons.

Options: Custom bot name, icon URL or emoji, @everyone mention.

PagerDuty

Setup: Create a service in PagerDuty, add an Events API v2 integration, copy the Routing Key.

Payload: Creates a PagerDuty incident. Deduplication key = Flowtriq incident UUID (prevents duplicate pages for the same attack). Auto-resolves when attack ends.

OpsGenie

Setup: Create an API integration in OpsGenie, copy the API Key.

Payload: Creates an OpsGenie alert with all incident metadata as custom properties.

Email

Setup: Enter the recipient email address. Emails are sent via SendGrid.

Payload: Branded HTML email with full incident details, protocol breakdown, and dashboard link.

SMS

Setup: Enter a US phone number in +1XXXXXXXXXX format.

Payload: Concise SMS: node name, attack type, peak PPS. Sent via Textbelt.

Webhook

Setup: Enter any HTTPS URL. Optionally set a secret for HMAC-SHA256 signature verification.

Payload: JSON POST with full incident data. See Webhook Reference for format and verification.

Microsoft Teams

Setup: Create an Incoming Webhook connector in your Teams channel. Copy the webhook URL.

Payload: Adaptive Card message with severity-colored header, structured incident fields, and a link to the dashboard.

Telegram

Setup: Create a bot via @BotFather, get the bot token, and enter the chat ID for your group or private chat.

Payload: Formatted message with attack type, peak PPS/BPS, node name, and incident link. Supports private and group chats.

Grafana

Setup: Enter your Grafana instance URL and an API key with annotation or alerting permissions.

Payload: Creates Grafana annotations or webhook alerting events. Overlay attack windows directly on your dashboards.

DataDog

Setup: Enter your DataDog API key and application key.

Payload: Creates DataDog events with incident metadata. Correlate DDoS attacks with your existing APM and infrastructure metrics on the Events timeline.

Prometheus Alertmanager

Setup: Enter your Alertmanager endpoint URL (e.g. http://alertmanager:9093).

Payload: Fires alerts into your Alertmanager pipeline. Routes through your existing silences, inhibitions, and receivers.

Test any channel with one click from the dashboard → Alert Channels → "Test" button. Flowtriq sends a synthetic alert payload so you can verify delivery before a real incident.