HookSentry is a reliable webhook delivery platform. You send it events over HTTP, it queues them through RabbitMQ, and delivers them to the destinations you configure — with exponential backoff, circuit breaking, HMAC-SHA256 signing, and full observability.
This section documents every endpoint exposed by the HookSentry API: authentication, tenants, destinations, senders, events, and the ingest endpoint your external services call to send you webhooks.
Base URL
HookSentry can run self-hosted or on HookSentry Cloud. Use the base URL that matches your deployment in every request shown in this reference.
| Deployment | Base URL |
|---|---|
| HookSentry Cloud | https://api.hooksentry.com |
| Self-hosted (Docker Compose default) | http://localhost:5143 |
All endpoints are versioned under /api/v1, for example POST /api/v1/tenants.
Core concepts
- Tenant — an isolated account. Every resource (users, destinations, senders, events) belongs to exactly one tenant. Data never crosses tenant boundaries.
- Destination URL — the HTTPS endpoint HookSentry delivers webhooks to. Each destination has its own ingest token, rate limit, and optional outbound authentication (API key, bearer token, JWT bearer, or basic auth).
- Sender — an optional identity scoped to a destination. Senders get their own ingest token and can apply a payload mapping (a small DSL) before the event reaches the queue — useful when you have several upstream services and want to normalize their payloads before delivery.
- Event — a single webhook occurrence accepted by the ingest endpoint. Events move through
Pending → Processing → Succeeded(orFailed → WaitingRetry → CriticalFailureon repeated failures). - Ingest token — the credential embedded in the ingest URL (
dst_...for destinations,sndr_...for senders). It identifies what is sending the event; theX-Api-Keyheader authenticates that the caller is allowed to send it.
Code examples
Every endpoint in this reference includes ready-to-run request examples in .NET, Node.js, Go and Python. Swap the base URL, tokens, and body values for your own.
Two authentication schemes:
Dashboard/management endpoints (tenants, users, destinations, senders, events, API keys) use a
JWT Bearer token obtained via /api/v1/auth/login. The ingest endpoint uses an API key
in the X-Api-Key header instead. See Authentication for
details.