Introduction

Pingui Alert is a lightweight notification service that allows you to send alerts to your Telegram account directly from your code. It's designed to be dead simple to use, with zero configuration required on your server.

Setup & Authentication

To start sending alerts, you need to obtain an API Key from our Telegram bot.

  1. Open Telegram and search for @PinguiAlertBot (or your hosted bot instance).
  2. Start a chat and send the command /start to register.
  3. Send the command /temporal_token to get a temporary access token. (Once you create your first integration, you will get a new permanent token)
  4. Use the API to create your first integration and start sending alerts.
Note: The service is completely free. The 10 alerts per day limit helps prevent service degradation due to Telegram API rate limits and server capacity constraints on @PinguiAlertBot. If your instance is self-hosted, you can increase the limit by setting the MAX_ALERTS environment variable.

The Commandments

To keep Pingui Alert useful and stable for everyone, we adhere to a strict set of rules. Follow these commandments to ensure the best experience.

📜 The Golden Rule: Pingui Alert is for actionable, critical incidents. It is not a logging service.
  1. I. Critical Use Only
    You shall use it only for critical alerts that must be corrected immediately. Design your system to trigger these alerts sparingly—only once per incident type (avoid alert storms).
  2. II. Production Standards
    If you send errors from your API using our bot, you must follow production best practices. Ensure your error handling is robust before piping it to an alert.
  3. III. Self-Host for Customization
    If you require any customization (no matter how simple), you shall use the self-hosted option. You can host Pingui Alert anywhere; we suggest a VPS or a local server due to its minimal resource footprint, but cloud options are also valid.
  4. IV. Actionable Alerts
    You shall ensure every alert is actionable. Every alert should prompt a specific, immediate response.
  5. V. No Data Leakage
    You shall not send sensitive user data (PII), identifiers, or secrets in your alerts. Keep messages safe and compliant.
  6. VI. Fail Safely
    You shall implement error handling so that a failed alert notification never crashes your main application. The alert service failure should be silent to your end users.

Production Usage

When using Pingui Alert in production environments, follow these best practices to ensure optimal service quality for everyone.

⚠️ Important: If you're using the hosted @PinguiAlertBot instance in production, please reserve it exclusively for critical alerts (e.g., system failures, security incidents, critical errors). This helps maintain service availability for all users.

Recommended Production Setup

For production workloads with frequent notifications, we recommend one of these approaches:

  • Self-Host Your Instance: Deploy your own Pingui Alert server and bot. This gives you full control over rate limits and ensures dedicated resources.
  • Use for Critical Alerts Only: If using @PinguiAlertBot, implement filtering logic to send only high-priority notifications (failures, errors, security events).
  • Implement Batching: Group multiple non-critical alerts into periodic summary messages instead of sending individual notifications.

Self-Hosting

To self-host Pingui Alert:

git clone https://github.com/juanvidev1/pingui-alert
cd pingui-alert

# Set your environment variables
export BOT_TOKEN="your_telegram_bot_token"
export JWT_SECRET="your_secret_key"
export MAX_ALERTS=100  # Customize your daily limit

# Install dependencies
pnpm install

# Run the server
pnpm run dev

API Reference

Here you can find the API reference for the Pingui Alert service.

Send an Alert

Send a POST request to the /alert endpoint to deliver a message.

Send an Alert

Send a POST request to the /alert endpoint to deliver a message.

POST /alert

Headers

Header Value Description
Authorization Bearer <YOUR_API_KEY> Your permanent JWT token received from /createIntegration endpoint.
Content-Type application/json Required.

Body

{
    "title": "Your title here",
    "message": "Your message here",
    "chatId": "The telegram chat id where the alert will be sent"
  }

Example (cURL)

curl -X POST https://api.pingui.com/alert \
    -H "Authorization: Bearer YOUR_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{"title": "Your title here", "message": "Your message here", "chatId": "The telegram chat id where the alert will be sent"}'

Create Integration

Create a new integration for a specific chat using the temporal token. The scope is a string open to the user criteria

POST /createIntegration

Headers

Header Value Description
Authorization Bearer <TEMPORAL_TOKEN> The temporal token received from the /temporal_token command.
Content-Type application/json Required.

Body

{
  "chatId": 123456789,
  "scope": "prod"
}

Example (cURL)

curl -X POST https://api.pingui-alert.dev/createIntegration \
  -H "Authorization: Bearer YOUR_TEMPORAL_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"chatId": 123456789, "scope": "prod"}'

Get Integration

Retrieve details about a specific integration.

Get Integration

Retrieve details about a specific integration.

GET /integrations/:chatId

Headers

Header Value Description
Authorization Bearer <YOUR_API_KEY> Your JWT token (API Key).

Example (cURL)

curl -X GET https://api.pingui-alert.dev/integrations/123456789 \
    -H "Authorization: Bearer YOUR_API_KEY"

Update Rate Limit

Update the rate limit for a specific integration.
POST /updateRateLimit

Headers

Header Value Description
Authorization Bearer <YOUR_API_KEY> Your JWT token (API Key).
Content-Type application/json Required.

Body

{
    "chatId": 123456789,
    "rateLimit": 50
  }

Example (cURL)

curl -X POST https://api.pingui-alert.dev/updateRateLimit \
    -H "Authorization: Bearer YOUR_API_KEY" \
    -H "Content-Type: application/json" \
    -d '{"chatId": 123456789, "rateLimit": 50}'

Revoke Integration

Revoke (deactivate) an integration.
POST /revokeIntegration

Headers

Header Value Description
Authorization Bearer <YOUR_API_KEY> Your JWT token (API Key).
Content-Type application/json Required.

Body

{
    "chatId": 123456789
  }

Example (cURL)

curl -X POST https://api.pingui-alert.dev/revokeIntegration \
    -H "Authorization: Bearer YOUR_API_KEY" \
    -H "Content-Type: application/json" \
    -d '{"chatId": 123456789}'

NPM Package

If you are using Node.js or TypeScript, we recommend using our official package in case you just want to send alerts using Pingui Alert server. Rate limit and quota are handled by the server and you need to still use the endpoint createIntegration to get your permanent API KEY.

Installation

npm install pingui-alert

Usage

  1. Follow the steps in the Create Integration section to get your permanent API KEY.
  2. On the public bot use the command /get_me to get your chatId.
  3. Use the API KEY and chatId in the code below:
import { Pingui } from 'pingui-alert';

const client = new Pingui('YOUR_API_KEY');

await client.send('Database backup completed successfully! ✅', 'YOUR_CHAT_ID');

Use Cases

Here are some clear examples of how to apply Pingui Alert in real-world scenarios, strictly adhering to the Commandments.

1. Critical Error Monitoring (Payment Gateway)

Scenario: A user's payment fails due to a server-side 500 error.
Commandments Applied: I (Critical Use Only), V (No Data Leakage).

payment.controller.ts
try {
  await processPayment(orderId, amount);
} catch (error) {
  // ❌ BAD: Sending the full error stack or user PII
  // await client.send(`Payment failed for user ${user.email}: ${error.stack}`);

  // ✅ GOOD: Actionable, specific, safe
  logger.error(error); // Log details locally
  await client.send(
    `🚨 Critical: Payment Gateway Failure\n` +
    `Gateway: Stripe\n` +
    `OrderId: ${orderId}\n` +
    `Action: Check Stripe Status & Logs immediately.`
  );
}

2. System Resource Monitoring

Scenario: Server disk space is dangerously low.
Commandments Applied: I (Critical Use Only), IV (Actionable).

health-check.sh
#!/bin/bash
USAGE=$(df / | grep / | awk '{ print $5 }' | sed 's/%//g')

# Only alert if usage is > 90% (Critical)
if [ "$USAGE" -gt 90 ]; then
  curl -X POST https://api.pingui-alert.dev/alert \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
      "alert": "💾 Server Disk Critical\nUsage is at '"$USAGE"'%.\nClean up logs or expand volume NOW."
    }'
fi

3. Security Incidents

Scenario: Multiple failed login attempts detected from a single IP (Brute Force).
Commandments Applied: I (Critical), V (No PII).

auth.middleware.ts
if (failedAttempts > 10) {
  // Block IP logic...

  // Alert Security Team
  await client.send(
    `🛡️ Security Alert: Brute Force Detected\n` +
    `IP: ${req.ip}\n` +
    `Attempts: ${failedAttempts}\n` +
    `Action: IP has been temporarily banned. Verify traffic source.`
  );
}

4. Background Job Failures

Scenario: A nightly backup job fails.
Commandments Applied: IV (Actionable), VI (Fail Safely).

backup-cron.ts
job.on('failed', async (err) => {
  try {
    await client.send(
      `💥 Backup Job Failed\n` +
      `Job: nightly_db_backup\n` +
      `Error: Connection timeout\n` +
      `Action: Manually retry backup via admin panel.`
    );
  } catch (alertError) {
    // Fail safely - do not crash the worker if alert fails
    console.error('Failed to send alert:', alertError);
  }
});