Multi-Step Checks
Multi-step monitors let you chain several HTTP requests together, simulating real user workflows — like logging in, adding to cart, and checking out.
Use cases
- 🔐 Authentication flows — Login and check that a dashboard loads
- 🛒 E-commerce — Search → Add to cart → Checkout
- 📊 API workflows — Create resource → Read it back → Delete it
- 📧 Transactional flows — Submit form → Check for confirmation email
Structure
A multi-step check is a sequence of steps, where each step can:
- Make an HTTP request
- Extract values from the response (for use in later steps)
- Assert conditions on the response
- Set variables
Example: Login flow
name: "Login End-to-End"
type: multi-step
interval: 300
regions: [us-east-1, eu-west-1]
steps:
- name: "Get CSRF token"
method: GET
url: https://app.yourapp.com/login
extract:
csrf_token:
type: regex
pattern: 'name="_token" value="([^"]+)"'
- name: "Submit login"
method: POST
url: https://app.yourapp.com/login
headers:
Content-Type: application/x-www-form-urlencoded
body: "[email protected]&password={{secrets.MONITOR_PASS}}&_token={{csrf_token}}"
assert:
status: 302
extract:
session_cookie:
type: header
name: Set-Cookie
- name: "Load dashboard"
method: GET
url: https://app.yourapp.com/dashboard
headers:
Cookie: "{{session_cookie}}"
assert:
status: 200
body_contains: "Welcome back"
response_time_ms: { lt: 3000 }
Extraction types
| Type | What it extracts | Example |
|---|---|---|
json_path | JSONPath expression | $.data.access_token |
regex | First capture group of regex | "token":"([^"]+)" |
header | Response header value | Authorization |
cookie | Specific cookie value | session_id |
env | Static environment variable | Uses {{secrets.VAR}} |
Step assertions
assert:
status: 200 # Exact status code
status_range: [200, 299] # Range of acceptable codes
body_contains: "success" # String must appear in body
body_matches: '"id":\s*\d+' # Regex match on body
json_path:
- path: "$.status"
value: "ok"
response_time_ms:
lt: 5000 # Response must be under 5 seconds
header:
Content-Type: "application/json" # Header must match
Timing
The total check duration is the sum of all step response times. The monitor is reported as down if any step:
- Returns an unexpected status code
- Fails an assertion
- Times out
Secrets in multi-step checks
Store sensitive values (passwords, tokens) in Settings → Secrets:
# Reference secrets in any step field
password: "{{secrets.MONITOR_PASSWORD}}"
api_key: "{{secrets.STAGING_API_KEY}}"
Secrets are never logged or included in alert notifications.