Destinations

Register and manage the HTTPS destination URLs HookSentry delivers webhooks to.

Create Destination

POST /api/v1/destinations

Registers an HTTPS destination URL to receive webhooks delivered by HookSentry.

Auth: Bearer token

Body

FieldTypeRequiredDescription
urlstringYesValid HTTPS URL of the destination endpoint
serverRateLimitintegerNo (default 5)Maximum number of concurrent requests
authTypestringNoApiKey, BearerToken, JwtBearer, or BasicAuth
credentialsobjectRequired if authType setSee shapes below

credentials shape by authType

authTypeShape
ApiKey{ "headerName": "X-Api-Key", "value": "..." }
BearerToken{ "token": "..." }
JwtBearer{ "tokenEndpoint": "https://...", "clientId": "...", "clientSecret": "...", "scope": "..." }
BasicAuth{ "username": "...", "password": "..." }

Credentials are encrypted with AES-256-GCM before persisting and are never returned in responses.

Ingest token shown only once:

The ingestToken returned in the 201 response is shown only once — save it to configure the webhook in the external service. Use Regenerate Ingest Token if you lose it.

var request = new HttpRequestMessage(HttpMethod.Post, "https://api.hooksentry.com/api/v1/destinations")
{
    Content = JsonContent.Create(new
    {
        url = "https://my-server.com/webhook",
        serverRateLimit = 5,
        authType = "BearerToken",
        credentials = new { token = "my-secret-token" }
    })
};
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);

using var client = new HttpClient();
var response = await client.SendAsync(request);

Return codes

  • 201 Created — destination URL created
  • 400 Bad Request — invalid URL, malformed credentials, or unknown authType
  • 401 Unauthorized — missing or invalid token
  • 404 Not Found — tenant not found
{
  "id": "7d8e9f0a-1b2c-4d3e-8f5a-6b7c8d9e0f1a",
  "tenantId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "url": "https://my-server.com/webhook",
  "status": "Active",
  "serverRateLimit": 5,
  "authType": "BearerToken",
  "createdAt": "2026-07-03T14:32:00.000Z",
  "updatedAt": "2026-07-03T14:32:00.000Z",
  "ingestToken": "dst_5f8a3b2c1d9e4f6a7b8c9d0e1f2a3b4c"
}

Get Destinations

GET /api/v1/destinations

Returns a page of destination URLs belonging to the authenticated tenant. See Pagination & Filtering for the shared query parameters.

Auth: Bearer token

var request = new HttpRequestMessage(HttpMethod.Get,
    "https://api.hooksentry.com/api/v1/destinations?Qt=10&Pg=1&CpOrd=id&TpOrd=Desc");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);

using var client = new HttpClient();
var response = await client.SendAsync(request);

Return codes

  • 200 OK — paginated list of destination URLs
  • 400 Bad Request — invalid sort field
  • 401 Unauthorized — missing or invalid token
{
  "total": 2,
  "items": [
    {
      "id": "7d8e9f0a-1b2c-4d3e-8f5a-6b7c8d9e0f1a",
      "tenantId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
      "url": "https://my-server.com/webhook",
      "status": "Active",
      "serverRateLimit": 5,
      "authType": "BearerToken",
      "createdAt": "2026-07-03T14:32:00.000Z",
      "updatedAt": "2026-07-03T14:32:00.000Z"
    }
  ]
}

Update Destination

PATCH /api/v1/destinations/{id}

Partially updates a destination URL belonging to the authenticated tenant.

Auth: Bearer token

Path parameters

ParameterTypeDescription
idUUIDDestination URL UUID

Body (all fields optional)

FieldTypeDescription
urlstringNew valid HTTPS URL
serverRateLimitintegerNew concurrent request limit (min 1)
statusstringactive or inactivesuspended is managed by the circuit breaker
authTypestringNew authentication type
credentialsobjectNew credentials (required if authType provided)
removeAuthbooleantrue to remove the configured authentication
var request = new HttpRequestMessage(HttpMethod.Patch, $"https://api.hooksentry.com/api/v1/destinations/{destinationId}")
{
    Content = JsonContent.Create(new { serverRateLimit = 10, status = "active" })
};
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);

using var client = new HttpClient();
var response = await client.SendAsync(request);

Return codes

  • 200 OK — destination URL updated
  • 400 Bad Request — invalid value, unknown authType, or malformed credentials
  • 401 Unauthorized — missing or invalid token
  • 403 Forbidden — destination URL belongs to another tenant
  • 404 Not Found — destination URL not found
{
  "id": "7d8e9f0a-1b2c-4d3e-8f5a-6b7c8d9e0f1a",
  "tenantId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "url": "https://my-server.com/webhook",
  "status": "Active",
  "serverRateLimit": 10,
  "authType": "BearerToken",
  "createdAt": "2026-07-03T14:32:00.000Z",
  "updatedAt": "2026-07-03T15:05:00.000Z"
}

Regenerate Ingest Token

POST /api/v1/destinations/{id}/ingest-token

Generates a new ingest token for the destination URL, invalidating the previous one.

Auth: Bearer token

Path parameters

ParameterTypeDescription
idUUIDDestination URL UUID

Ingest token shown only once:

Immediately update the webhook configuration in the external service before closing this response — the token cannot be retrieved again.

var request = new HttpRequestMessage(HttpMethod.Post,
    $"https://api.hooksentry.com/api/v1/destinations/{destinationId}/ingest-token");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);

using var client = new HttpClient();
var response = await client.SendAsync(request);

Return codes

  • 200 OK — new ingest token generated
  • 401 Unauthorized — missing or invalid token
  • 403 Forbidden — destination URL belongs to another tenant
  • 404 Not Found — destination URL not found
{
  "ingestToken": "dst_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6"
}