Ingest Event
POST /api/v1/ingest/{tenantId}/{token}
Receives an arbitrary JSON payload and persists it for asynchronous delivery to the destination URL associated with the given ingest token. Configure this URL directly in the external service that emits webhooks — no need to structure the payload beforehand.
Auth: API key (X-Api-Key header) — see Authentication
Path parameters
| Parameter | Type | Description |
|---|---|---|
tenantId | UUID | Tenant UUID |
token | string | Ingest token of the destination URL or sender |
Two token types are accepted:
| Prefix | Scope | Behavior |
|---|---|---|
dst_<token> | Destination URL | Payload delivered without transformation |
sndr_<token> | Sender | Payload transformed by the sender's configured mapping, if any |
Headers
| Header | Required | Description |
|---|---|---|
X-Api-Key | Yes | API key for authentication — see API Keys |
X-Idempotency-Key | No | Key up to 255 characters, no control characters. If an event already exists with this key for the tenant, returns 200 OK with the original event data instead of reprocessing |
Body
Arbitrary JSON object to be delivered to the destination URL.
var request = new HttpRequestMessage(
HttpMethod.Post,
$"https://api.hooksentry.com/api/v1/ingest/{tenantId}/dst_5f8a3b2c1d9e4f6a")
{
Content = JsonContent.Create(new
{
evento = "push",
repositorio = "acme/repo",
branch = "main",
autor = "dev@example.com"
})
};
request.Headers.Add("X-Api-Key", apiKey);
request.Headers.Add("X-Idempotency-Key", "push-9f8e7d6c"); // optional
using var client = new HttpClient();
var response = await client.SendAsync(request);
Return codes
202 Accepted— event accepted for asynchronous delivery200 OK— duplicate event returned via idempotency key, not reprocessed400 Bad Request— invalid payload, or token with an unrecognized prefix401 Unauthorized— missing or invalid API key403 Forbidden— ingest token belongs to another tenant404 Not Found— ingest token or tenant not found422 Unprocessable Entity— destination URL inactive or suspended
{
"eventId": "2b3c4d5e-6f7a-4b8c-9d0e-1f2a3b4c5d6e",
"status": "Pending",
"acceptedAt": "2026-07-03T14:32:00.000Z"
}
Verifying deliveries on your server:
HookSentry signs every outbound delivery with X-HookSentry-Signature: sha256=<hmac>, computed
over the raw body with the tenant's webhook secret. Use
Verify Webhook Signature to test your verification
logic, or recompute the HMAC yourself with the secret from
Get Webhook Secret.