CT Watch

Documentation

CT Watch tails the Certificate Transparency logs and alerts you when a new certificate matches something you watch. Start with the quickstart, then dig into the CLI, webhooks, and the search model.

Quickstart

From zero to your first search and watch rule in about five minutes.

Accounts & sign-in

How accounts, the hosted login and MFA, sessions, and plans work.

The ctw CLI

The ctw command — sign in with ctw login, then search and manage watch rules from the terminal.

How auth works

Browser auth-code + PKCE, CLI device-code, token refresh — no API keys.

Webhooks

Delivery targets, the payload shape, and X-CT-Signature verification.

The search model

Domains, subdomains, the local archive, lazy backfill, and limits.

Plans & limits

Plans, quotas, rate limits, and what 403 and 429 mean.