Create Destination
POST /api/v1/destinations
Registers an HTTPS destination URL to receive webhooks delivered by HookSentry.
Auth: Bearer token
Body
| Field | Type | Required | Description |
|---|---|---|---|
url | string | Yes | Valid HTTPS URL of the destination endpoint |
serverRateLimit | integer | No (default 5) | Maximum number of concurrent requests |
authType | string | No | ApiKey, BearerToken, JwtBearer, or BasicAuth |
credentials | object | Required if authType set | See shapes below |
credentials shape by authType
authType | Shape |
|---|---|
ApiKey | { "headerName": "X-Api-Key", "value": "..." } |
BearerToken | { "token": "..." } |
JwtBearer | { "tokenEndpoint": "https://...", "clientId": "...", "clientSecret": "...", "scope": "..." } |
BasicAuth | { "username": "...", "password": "..." } |
Credentials are encrypted with AES-256-GCM before persisting and are never returned in responses.
Ingest token shown only once:
The ingestToken returned in the 201 response is shown only once — save it to configure the
webhook in the external service. Use Regenerate Ingest Token if you
lose it.
var request = new HttpRequestMessage(HttpMethod.Post, "https://api.hooksentry.com/api/v1/destinations")
{
Content = JsonContent.Create(new
{
url = "https://my-server.com/webhook",
serverRateLimit = 5,
authType = "BearerToken",
credentials = new { token = "my-secret-token" }
})
};
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
using var client = new HttpClient();
var response = await client.SendAsync(request);
Return codes
201 Created— destination URL created400 Bad Request— invalid URL, malformed credentials, or unknownauthType401 Unauthorized— missing or invalid token404 Not Found— tenant not found
{
"id": "7d8e9f0a-1b2c-4d3e-8f5a-6b7c8d9e0f1a",
"tenantId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"url": "https://my-server.com/webhook",
"status": "Active",
"serverRateLimit": 5,
"authType": "BearerToken",
"createdAt": "2026-07-03T14:32:00.000Z",
"updatedAt": "2026-07-03T14:32:00.000Z",
"ingestToken": "dst_5f8a3b2c1d9e4f6a7b8c9d0e1f2a3b4c"
}
Get Destinations
GET /api/v1/destinations
Returns a page of destination URLs belonging to the authenticated tenant. See Pagination & Filtering for the shared query parameters.
Auth: Bearer token
var request = new HttpRequestMessage(HttpMethod.Get,
"https://api.hooksentry.com/api/v1/destinations?Qt=10&Pg=1&CpOrd=id&TpOrd=Desc");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
using var client = new HttpClient();
var response = await client.SendAsync(request);
Return codes
200 OK— paginated list of destination URLs400 Bad Request— invalid sort field401 Unauthorized— missing or invalid token
{
"total": 2,
"items": [
{
"id": "7d8e9f0a-1b2c-4d3e-8f5a-6b7c8d9e0f1a",
"tenantId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"url": "https://my-server.com/webhook",
"status": "Active",
"serverRateLimit": 5,
"authType": "BearerToken",
"createdAt": "2026-07-03T14:32:00.000Z",
"updatedAt": "2026-07-03T14:32:00.000Z"
}
]
}
Update Destination
PATCH /api/v1/destinations/{id}
Partially updates a destination URL belonging to the authenticated tenant.
Auth: Bearer token
Path parameters
| Parameter | Type | Description |
|---|---|---|
id | UUID | Destination URL UUID |
Body (all fields optional)
| Field | Type | Description |
|---|---|---|
url | string | New valid HTTPS URL |
serverRateLimit | integer | New concurrent request limit (min 1) |
status | string | active or inactive — suspended is managed by the circuit breaker |
authType | string | New authentication type |
credentials | object | New credentials (required if authType provided) |
removeAuth | boolean | true to remove the configured authentication |
var request = new HttpRequestMessage(HttpMethod.Patch, $"https://api.hooksentry.com/api/v1/destinations/{destinationId}")
{
Content = JsonContent.Create(new { serverRateLimit = 10, status = "active" })
};
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
using var client = new HttpClient();
var response = await client.SendAsync(request);
Return codes
200 OK— destination URL updated400 Bad Request— invalid value, unknownauthType, or malformed credentials401 Unauthorized— missing or invalid token403 Forbidden— destination URL belongs to another tenant404 Not Found— destination URL not found
{
"id": "7d8e9f0a-1b2c-4d3e-8f5a-6b7c8d9e0f1a",
"tenantId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"url": "https://my-server.com/webhook",
"status": "Active",
"serverRateLimit": 10,
"authType": "BearerToken",
"createdAt": "2026-07-03T14:32:00.000Z",
"updatedAt": "2026-07-03T15:05:00.000Z"
}
Regenerate Ingest Token
POST /api/v1/destinations/{id}/ingest-token
Generates a new ingest token for the destination URL, invalidating the previous one.
Auth: Bearer token
Path parameters
| Parameter | Type | Description |
|---|---|---|
id | UUID | Destination URL UUID |
Ingest token shown only once:
Immediately update the webhook configuration in the external service before closing this response — the token cannot be retrieved again.
var request = new HttpRequestMessage(HttpMethod.Post,
$"https://api.hooksentry.com/api/v1/destinations/{destinationId}/ingest-token");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
using var client = new HttpClient();
var response = await client.SendAsync(request);
Return codes
200 OK— new ingest token generated401 Unauthorized— missing or invalid token403 Forbidden— destination URL belongs to another tenant404 Not Found— destination URL not found
{
"ingestToken": "dst_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6"
}