Automating Operational Notifications from Zscaler with OneAPI

How OneAPI eliminates manual monitoring by pushing critical operational alerts directly to the tools teams already use.

The problem with manual monitoring

IT and security teams today manage complex environments that span dozens of vendors and countless solutions for secure web access, private application access, data protection, digital experience monitoring, endpoint posture, traffic forwarding, and more. Each generates its own alerts, reports, and dashboards. Keeping on top of everything requires practitioners to constantly pivot between interfaces, manually refresh their views, and hope they catch the right signal before it becomes an incident.

This approach is time-consuming and error-prone. Critical operational signals often go unnoticed until a user files a ticket. Hours that could be spent on higher-value work like threat hunting, policy tuning, and incident response are consumed by routine monitoring instead. And as environments grow, the burden compounds.

What organizations need is not another dashboard to watch. They need a security platform that reaches out when something matters, automatically, through the channels where their teams already work.

OneAPI and Zero Trust Automation

When it comes to Zscaler, practitioners can avoid the above challenges entirely. That’s because the Zero Trust Exchange platform includes OneAPI, a single, unified programming interface that provides programmatic access across ZIA, ZPA, ZDX, Client Connector, Zscaler’s authentication service, and more—and, it’s included for free as part of the platform, with no additional SKU or provisioning required.

OneAPI helps organizations move away from manual administrative tasks and toward automated, repeatable workflows. Customers are already using it to automate policy configuration, retrieve analytics data, and build custom reports, reducing management overhead and freeing admins to focus on more strategic work. Now, Zscaler is expanding OneAPI’s capabilities to include automated operational notifications.

Introducing automated notifications through OneAPI

Zscaler is rolling out the ability for customers to subscribe to platform event notifications, which are pushed directly to relevant parties without requiring them to manually log in or check various dashboards. Rather than asking administrators to go looking for problems, the platform proactively delivers the signal when and where it is needed.

This capability is being introduced first for operational notifications: events that indicate whether infrastructure is healthy and traffic is forwarding correctly. That includes things like connector health, capacity thresholds, and service availability. These are the signals that, when missed, tend to surface as user-reported outages rather than proactive catches.

Security incident notifications and end-user policy events will continue to be handled through their existing dedicated channels for now. Operational health is where automated push notifications are launching first, given their direct and immediate impact on day-to-day operations. We will provide updates in the coming months on security-oriented alerts through OneAPI.

How it works

The setup for automated notifications is straightforward. Zscaler already detects operational health conditions internally—that is what populates our dashboards today. Our new notification framework just pushes those signals out to customers automatically. At a high level, the process works like this:

1. Authenticate once: register an API client in Zscaler’s authentication service (formerly ZIdentity) and use it to obtain an access token; one identity gets one token across the platform.
2. Subscribe to events: browse the event catalog, select a source and source type, and choose specific events worth tracking, such as status changes, threshold breaches, and availability issues.
3. Choose a delivery channel: notifications can be delivered via email, webhooks, and SNS, with more options like Slack and SMS on the way. Webhook URLs are validated, and duplicate events are automatically de-duplicated to prevent alert fatigue.
4. Let alerts drive remediation: each notification includes enough context to trigger a remediation playbook without requiring anyone to log in to the portal.
5. Close the loop: when remediation requires a configuration change, playbooks can call back into OneAPI to update the relevant settings, automatically closing the loop for deploying, monitoring, and responding.

What this looks like in practice

To make this concrete, here are two examples of how automated operational notifications can streamline daily operations.

Connector health: catching degradation before users notice

Consider a scenario in which connectors in a certain group begin going offline, and the remaining ones start running above CPU and memory thresholds. Historically, this kind of situation surfaces when users start filing tickets—at which point, an administrator has to log in to the portal to reconstruct what happened.

When using OneAPI for notifications, administrators simply subscribe to the relevant status and metrics events. The moment a threshold is breached, a webhook delivers the component ID, event type, threshold value, and current value to whatever automation platform the team uses. A playbook can then immediately remove the affected component from rotation, provision additional capacity, and open a ticket for the on-call engineer before any user is impacted.

Tunnel health: finding issues before they escalate

Traffic forwarding underpins everything else in a Zscaler deployment. When a GRE or IPSec tunnel from a branch or data center starts flapping, every downstream protection, such as policy enforcement, DLP, and sandboxing, is degraded for that location. Subscribing to tunnel health events means a notification can land in Slack or ServiceNow the moment a tunnel flaps, with enough context to route the issue to the network team and trigger a failover automatically.

The above pattern applies across any operational signal: administrators decide what is worth being notified about and automation handles the alert delivery (and perhaps even the remediation).

The business case

Automating operational notifications through OneAPI delivers meaningful improvements that enable a more secure, productive, and cost-effective business:

• Less manual effort: administrators no longer have to stay glued to their dashboards in order to catch problems. The platform surfaces what matters automatically.
• Faster response times: automated first-line response shrinks mean time to remediation (MTTR), reducing the scope and duration of incidents.
• Fewer human errors: codified playbooks replace ad hoc manual workflows, removing the potential for operational mistakes.
• Better use of skilled resources. When routine monitoring is automated, security and network teams can focus on investigation, tuning, response, and other strategic, value-added work that requires human judgment.

Wrap-up

Automated operational notifications represent the next step in Zscaler's Zero Trust Automation journey, extending OneAPI's programmatic reach from configuration and analytics to ongoing operational monitoring. By pushing the right signal to the right place at the right time, organizations can reduce complexity, respond faster, and free their teams to focus on higher-value work.

To see automated notifications in action, watch this webinar that includes a demo. To get started with SDKs, code samples, and template playbooks, visit the Zscaler Automation Hub. And to see examples of use cases you can automate with OneAPI, read our latest ebook.