How to alert Slack before a Zendesk SLA breach

Why alert before SLA breaches?

SLA breaches are preventable — but only if your team knows they're coming. By the time a ticket breaches its SLA, the damage is done: you've missed your response commitment, reporting takes a hit, and the customer's frustration has compounded. Teams that track SLA compliance typically see breach rates between 5-15%, with most breaches happening during peak hours when agents are handling multiple tickets and don't notice a timer running out.

Proactive Slack alerts when tickets approach their SLA deadline give agents a window to act. A first-reply-time warning 30 minutes before breach means the difference between a timely response and a missed commitment. Research from Zendesk's own benchmarking shows that teams with proactive SLA monitoring reduce breach rates by 30-50% compared to reactive workflows. Over time, the alert feed also surfaces capacity issues — if the same time slots, ticket types, or agents consistently approach breach, you can fix staffing and routing rather than reacting to individual misses.

How it works

Regardless of which tool you use, every approach follows the same pattern:

1. Identify at-risk tickets — search for open tickets and check their SLA metrics (first reply time, resolution time) against the configured targets. Zendesk exposes this via the ticket metrics API (/tickets/{id}/metrics.json) which includes target, elapsed, and is_completed for each SLA metric.
2. Calculate remaining time — for each SLA metric that hasn't been completed, compare elapsed against target to find tickets within your warning threshold (e.g., 60 minutes before breach).
3. Alert the team — post a formatted Slack message with the ticket number, subject, specific SLA metric at risk, time remaining, priority, and a direct link to the Zendesk ticket.

The approaches below differ in timing precision (hourly vs. 15-minute), formatting (email vs. Block Kit), and flexibility (fixed rules vs. conversational queries).

Which approach should I use?

• Zendesk Automation — zero-cost starting point using built-in "hours until breach" conditions. Best for teams who just need email alerts and don't need tight timing. The main limitation: automations run hourly with up to 1-hour variance, so a "2 hours before breach" warning might actually fire between 1-2 hours before breach.
• n8n (Recommended) — polls ticket metrics every 15 minutes and posts Block Kit alerts to Slack. Best for teams who need tighter timing precision and rich Slack formatting. Free when self-hosted; $24/mo on n8n Cloud.
• Claude Code — a guided Claude Code skill with workflow guidelines and API references. Ask Claude to check SLA status, filter by priority or agent, or summarize breach trends — it generates and runs the right code. Best for teams already using Claude Code who want conversational flexibility alongside scheduled checks.

What you'll need

Choose your approach

Select an approach below to see the full step-by-step guide.