Ingest

The endpoint external services call to send HookSentry a webhook for asynchronous delivery.

Ingest Event

POST /api/v1/ingest/{tenantId}/{token}

Receives an arbitrary JSON payload and persists it for asynchronous delivery to the destination URL associated with the given ingest token. Configure this URL directly in the external service that emits webhooks — no need to structure the payload beforehand.

Auth: API key (X-Api-Key header) — see Authentication

Path parameters

ParameterTypeDescription
tenantIdUUIDTenant UUID
tokenstringIngest token of the destination URL or sender

Two token types are accepted:

PrefixScopeBehavior
dst_<token>Destination URLPayload delivered without transformation
sndr_<token>SenderPayload transformed by the sender's configured mapping, if any

Headers

HeaderRequiredDescription
X-Api-KeyYesAPI key for authentication — see API Keys
X-Idempotency-KeyNoKey up to 255 characters, no control characters. If an event already exists with this key for the tenant, returns 200 OK with the original event data instead of reprocessing

Body

Arbitrary JSON object to be delivered to the destination URL.

var request = new HttpRequestMessage(
    HttpMethod.Post,
    $"https://api.hooksentry.com/api/v1/ingest/{tenantId}/dst_5f8a3b2c1d9e4f6a")
{
    Content = JsonContent.Create(new
    {
        evento = "push",
        repositorio = "acme/repo",
        branch = "main",
        autor = "dev@example.com"
    })
};
request.Headers.Add("X-Api-Key", apiKey);
request.Headers.Add("X-Idempotency-Key", "push-9f8e7d6c"); // optional

using var client = new HttpClient();
var response = await client.SendAsync(request);

Return codes

  • 202 Accepted — event accepted for asynchronous delivery
  • 200 OK — duplicate event returned via idempotency key, not reprocessed
  • 400 Bad Request — invalid payload, or token with an unrecognized prefix
  • 401 Unauthorized — missing or invalid API key
  • 403 Forbidden — ingest token belongs to another tenant
  • 404 Not Found — ingest token or tenant not found
  • 422 Unprocessable Entity — destination URL inactive or suspended
{
  "eventId": "2b3c4d5e-6f7a-4b8c-9d0e-1f2a3b4c5d6e",
  "status": "Pending",
  "acceptedAt": "2026-07-03T14:32:00.000Z"
}

Verifying deliveries on your server:

HookSentry signs every outbound delivery with X-HookSentry-Signature: sha256=<hmac>, computed over the raw body with the tenant's webhook secret. Use Verify Webhook Signature to test your verification logic, or recompute the HMAC yourself with the secret from Get Webhook Secret.