CAP (Common Alerting Protocol)
Slug: cap
Provider: CAP 1.2 XML POST to a CAP aggregator
Inbound ACK: No
How it works
PSAPLink generates a CAP 1.2 XML alert document and POSTs it to a configured endpoint — typically a CAP aggregator, IPAWS gateway, or EAS encoder. The payload is signed with an HMAC-SHA256 signature header if a secret is configured.
Configuration schema
| Field | Type | Required | Description |
|---|---|---|---|
endpoint_url | string | Yes | HTTPS URL of the CAP aggregator or receiver endpoint. |
sender | string | Yes | CAP <sender> identifier (e.g. alerts@yourorg.gov). |
secret | string | No | HMAC signing secret. If set, PSAPLink adds an X-CAP-Signature header to the POST. |
scope | string | No | CAP <scope> field (default: Restricted). |
restriction | string | No | CAP <restriction> field (default: For Official Use Only). |
Create a channel
POST /api/v1/transport-channels
Authorization: Bearer <token>
Content-Type: application/json
{
"transport_type_slug": "cap",
"name": "IPAWS CAP",
"config": {
"endpoint_url": "https://cap.yourorg.gov/ingest",
"sender": "alerts@yourorg.gov",
"scope": "Restricted",
"restriction": "For Official Use Only"
}
}
CAP XML structure
PSAPLink generates a minimal CAP 1.2 document:
<alert xmlns="urn:oasis:names:tc:emergency:cap:1.2">
<identifier>psaplink-{deliveryId}</identifier>
<sender>{sender}</sender>
<sent>{timestamp}</sent>
<status>Actual</status>
<msgType>Alert</msgType>
<scope>{scope}</scope>
<restriction>{restriction}</restriction>
<info>
<event>{incidentType}</event>
<urgency>Immediate</urgency>
<severity>Extreme</severity>
<certainty>Observed</certainty>
<description>{incidentDescription}</description>
<area>
<areaDesc>{city}, {state}</areaDesc>
</area>
</info>
</alert>
Test the channel
POST /api/v1/transport-channels/{id}/test
Authorization: Bearer <token>
Limitations
- No inbound ACK.
- The endpoint must accept
Content-Type: application/xmlPOST requests. - PSAPLink does not validate CAP aggregator responses beyond HTTP status.