Scheduled Scans
Scheduled scans run cloud scans on a recurring cron schedule for continuous drift monitoring. When a scheduled scan fails, DriftWise can notify you via Slack.
Creating a Schedule
Via the UI
- Go to Schedules in the sidebar
- Click Create Schedule
- Set a name and cron expression, and optionally restrict the scan to a single cloud account or a subset of regions
- Click Save
Via the API
curl -X POST "https://app.driftwise.ai/api/v2/orgs/$ORG_ID/schedules" \
-H "x-api-key: $DRIFTWISE_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Nightly production scan",
"schedule": "0 2 * * *",
"cloud_account_id": "<account-uuid>"
}'
Request Fields
| Field | Type | Required | Description |
|---|---|---|---|
name | string | yes | Human-readable schedule name |
schedule | string | yes | 5-field cron expression |
cloud_account_id | string | no | Specific account to scan. Omit to scan all accounts |
filter_regions | string[] | no | Cloud regions to include (empty = all) |
notify_webhook_config_ids | string[] | no | Reserved for future use (not yet implemented) |
notify_slack_channel | string | no | Slack channel for failure notifications |
enabled | bool | no | Defaults to true |
Cron Syntax
Standard 5-field format: minute hour day-of-month month day-of-week
| Expression | Meaning |
|---|---|
0 2 * * * | Daily at 2:00 AM |
0 */6 * * * | Every 6 hours |
0 9 * * 1-5 | Weekdays at 9:00 AM |
30 0 1 * * | First of every month at 12:30 AM |
*/15 * * * * | Every 15 minutes |
Your plan may enforce a minimum interval between runs. If the schedule fires more frequently than your plan allows, creation returns 402.
Managing Schedules
Pause a schedule
curl -X PUT "https://app.driftwise.ai/api/v2/orgs/$ORG_ID/schedules/<schedule_id>" \
-H "x-api-key: $DRIFTWISE_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "enabled": false }'
Resume a schedule
curl -X PUT "https://app.driftwise.ai/api/v2/orgs/$ORG_ID/schedules/<schedule_id>" \
-H "x-api-key: $DRIFTWISE_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "enabled": true }'
Trigger immediately
Run a scheduled scan right now without waiting for the next cron tick:
curl -X POST "https://app.driftwise.ai/api/v2/orgs/$ORG_ID/schedules/<schedule_id>/run" \
-H "x-api-key: $DRIFTWISE_API_KEY"
Returns the scan IDs created by the run.
Delete a schedule
curl -X DELETE "https://app.driftwise.ai/api/v2/orgs/$ORG_ID/schedules/<schedule_id>" \
-H "x-api-key: $DRIFTWISE_API_KEY"
Failure Handling
Scheduled scans track consecutive failures automatically:
- Each failed run increments a
consecutive_failurescounter - Each successful run resets the counter to 0
- The
last_errorfield shows the most recent failure reason - After 5 consecutive failures (configurable via
SCHEDULE_MAX_CONSECUTIVE_FAILURES), the schedule is auto-disabled
Auto-disabled schedules show a disabled_reason of "auto-disabled after repeated failures". Fix the underlying issue (expired credentials, deleted account, etc.), then re-enable manually.
Notifications
Link a Slack channel to get notified when scheduled scans fail:
{
"name": "Nightly scan with alerts",
"schedule": "0 2 * * *",
"notify_slack_channel": "#drift-alerts"
}
Failure notifications are best-effort — a failed notification does not affect the scan or schedule.
notify_webhook_config_ids is accepted in the API but not yet acted upon. Outbound webhook notifications are planned for a future release.
Response
{
"id": "schedule-uuid",
"org_id": "org-uuid",
"name": "Nightly production scan",
"schedule": "0 2 * * *",
"cloud_account_id": "account-uuid",
"enabled": true,
"consecutive_failures": 0,
"disabled_reason": null,
"last_run_at": "2026-04-10T02:00:00Z",
"last_error": null,
"next_run_at": "2026-04-11T02:00:00Z",
"created_at": "2026-04-01T15:30:00Z",
"updated_at": "2026-04-10T02:00:12Z"
}
Listing Schedules
curl "https://app.driftwise.ai/api/v2/orgs/$ORG_ID/schedules" \
-H "x-api-key: $DRIFTWISE_API_KEY"
Returns paginated results. Use ?limit=N&offset=N (default limit: 50, max: 200).