Introduction

Overview of the HookSentry API — a reliable webhook delivery platform with retries, circuit breaking, HMAC signing and payload transformation.

HookSentry is a reliable webhook delivery platform. You send it events over HTTP, it queues them through RabbitMQ, and delivers them to the destinations you configure — with exponential backoff, circuit breaking, HMAC-SHA256 signing, and full observability.

This section documents every endpoint exposed by the HookSentry API: authentication, tenants, destinations, senders, events, and the ingest endpoint your external services call to send you webhooks.

Base URL

HookSentry can run self-hosted or on HookSentry Cloud. Use the base URL that matches your deployment in every request shown in this reference.

DeploymentBase URL
HookSentry Cloudhttps://api.hooksentry.com
Self-hosted (Docker Compose default)http://localhost:5143

All endpoints are versioned under /api/v1, for example POST /api/v1/tenants.

Core concepts

  • Tenant — an isolated account. Every resource (users, destinations, senders, events) belongs to exactly one tenant. Data never crosses tenant boundaries.
  • Destination URL — the HTTPS endpoint HookSentry delivers webhooks to. Each destination has its own ingest token, rate limit, and optional outbound authentication (API key, bearer token, JWT bearer, or basic auth).
  • Sender — an optional identity scoped to a destination. Senders get their own ingest token and can apply a payload mapping (a small DSL) before the event reaches the queue — useful when you have several upstream services and want to normalize their payloads before delivery.
  • Event — a single webhook occurrence accepted by the ingest endpoint. Events move through Pending → Processing → Succeeded (or Failed → WaitingRetry → CriticalFailure on repeated failures).
  • Ingest token — the credential embedded in the ingest URL (dst_... for destinations, sndr_... for senders). It identifies what is sending the event; the X-Api-Key header authenticates that the caller is allowed to send it.

Code examples

Every endpoint in this reference includes ready-to-run request examples in .NET, Node.js, Go and Python. Swap the base URL, tokens, and body values for your own.

Two authentication schemes:

Dashboard/management endpoints (tenants, users, destinations, senders, events, API keys) use a JWT Bearer token obtained via /api/v1/auth/login. The ingest endpoint uses an API key in the X-Api-Key header instead. See Authentication for details.