Quickstart
Send your first webhook in under 5 minutes. HookSniff handles delivery, retries, and monitoring.
1. Get Your API Key
Sign up at hooksniff.vercel.app and grab your API key from the dashboard settings. Keys are prefixed with hr_live_.
โ ๏ธ Keep your API key secret. Never expose it in client-side code or public repos. Use environment variables.
2. Create an Endpoint
An endpoint is a URL where webhooks will be delivered. Each endpoint gets a unique signing secret for verification.
curl -X POST https://hooksniff-api-1046140057667.europe-west1.run.app/v1/endpoints \
-H "Authorization: Bearer hr_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"url": "https://myapp.com/webhook"}'3. Send a Webhook
Use the SDK or API to send webhook events to your endpoints.
import { HookSniff } from 'hooksniff-sdk';
const hr = new HookSniff({ apiKey: process.env.HOOKSNIFF_API_KEY! });
// 1. Create an endpoint
const endpoint = await hr.endpoints.create({
url: 'https://myapp.com/webhook',
description: 'Production webhook',
});
// 2. Send a webhook
const delivery = await hr.webhooks.send({
endpointId: endpoint.id,
event: 'order.created',
data: { order_id: '12345', total: 99.99 },
});
console.log('Delivery ID:', delivery.id);4. Verify Signatures
Every webhook includes an HMAC-SHA256 signature in the X-HookSniff-Signature header. Always verify it:
import hmac, hashlib
def verify_signature(payload: bytes, signature: str, secret: str) -> bool:
expected = hmac.HMAC(
secret.encode(), payload, hashlib.sha256
).hexdigest()
return hmac.compare_digest(f"sha256={expected}", signature)5. Monitor Deliveries
Check delivery status via the API or dashboard:
curl https://hooksniff-api-1046140057667.europe-west1.run.app/v1/webhooks \
-H "Authorization: Bearer hr_live_YOUR_KEY"