One curl creates a monitor that probes any HTTPS URL on a schedule and runs an immediate first check. Grab a key from Settings → API keys, swap in your URL, and paste this into your terminal.

{
  "id":              "d290f1ee-6c54-4b01-90e6-d701748f0851",
  "name":            "Marketing site",
  "url":             "https://www.example.com",
  "checkType":       "http",
  "method":          "GET",
  "expectedStatus":  200,
  "intervalSeconds": 60,
  "currentStatus":   "unknown",
  "isPaused":        false,
  "regions":         ["iad1"],
  "initialCheck":    { "isUp": true, "statusCode": 200, "responseTimeMs": 142 },
  "createdAt":       "2026-05-29T17:55:00.000Z"
}

Every API request carries a Bearer token. Create a key in Settings → API keys — the full key (it starts with wt_) is shown once at creation, so store it somewhere safe. Keys are hashed on our side; only the prefix stays visible in the dashboard for identification. A missing, placeholder, invalid, or revoked key returns 401 with a descriptive message.

Authorization: Bearer wt_a1b2c3d4e5f6...

A monitor is a recurring check against one URL. The only required fields are namerequired and urlrequired; everything else has a sensible default — checkType defaults to http, method to GET, expectedStatus to 200, and intervalSeconds to 300.

curl -X POST "https://watchtower.works/api/v1/monitors" \
  -H "Authorization: Bearer <WATCHTOWER_API_KEY>" \
  -H "Content-Type: application/json" \
  -d {
    "name": "Checkout API",
    "url": "https://api.example.com/health",
    "expectedStatus": 200,
    "keywordMatch": "ok",
    "intervalSeconds": 60
  }'

Until you verify a domain, WatchTower caps it at one monitor and a minimum check interval of one hour. Verifying the apex (e.g. example.com) lifts both caps for every subdomain. Register the domain with POST /api/v1/domains — the response returns a pathToken and a verificationToken you satisfy via a .well-known file or a DNS TXT record.

# Serve the path token at this URL on your domain:
#   https://www.example.com/.well-known/watchtower/<pathToken>.txt
# whose body is exactly the verificationToken.

printf '%s' "<verificationToken>" \
  > /var/www/.well-known/watchtower/<pathToken>.txt

When a monitor goes down, WatchTower opens an incident and notifies your alert channels. The channels available depend on your tier: Free is email-only; Starter adds Slack and webhook; Pro and Business add Discord and PagerDuty. Configure channels on the Alerts page — Pro+ can also set per-channel escalation delays so a channel only fires once an incident has been open for N minutes.

Two Pro-tier upgrades sharpen detection:

SSL-expiry checks. Set checkType: "ssl" on a monitor and WatchTower performs a TLS handshake against the URL, alerting you as the certificate's expiry approaches. SSL monitoring is gated to Pro and Business — a Free/Starter request with checkType: "ssl" returns 403.

Multi-location probing. Pro+ monitors can run from both a US region (iad1) and an EU region (fra1). The check is a strict quorum — if any region reports the target down, the monitor is marked down — which cuts false positives from a single bad network path.