Hızlı Başlangıç
Send your first webhook in under 5 minutes. Works with all 11 SDKs.
1. Get Your API Key
- Sign up at
hooksniff.vercel.app - Go to Settings → API Keys
- Click Create API Key
- Copy the key (starts with
hr_live_)
Keep your API key secret. Never expose it in client-side code or public repos. Use environment variables.
2. Install SDK
Choose your language and install the SDK:
Node.js
npm install hooksniffPython
pip install hooksniffGo
go get github.com/servetarslan02/hooksniff-goRust
cargo add hooksniffRuby
gem install hooksniffJava
Maven CentralKotlin
Maven CentralPHP
composer require hooksniff/hooksniffC#
dotnet add package HookSniffElixir
{:hooksniff, "~> 1.1"}Swift
SPM3. Create an Endpoint & Send a Webhook
An endpoint is a URL where webhooks are delivered. Each endpoint gets a unique signing secret for signature verification.
import {HookSniff} from 'hooksniff';
const hs = new HookSniff({apiKey: process.env.HOOKSNIFF_API_KEY!});
// 1. Create an endpoint
const endpoint = await hs.endpoint.create({
url: 'https://myapp.com/webhook',
description: 'My first endpoint',
});
console.log('Endpoint ID:', endpoint.id);
console.log('Signing secret:', endpoint.secret); // → whsec_...
// 2. Send a webhook
const delivery = await hs.message.create({
endpoint_id: endpoint.id,
event: 'order.created',
data: {order_id: 'ORD-001', amount: 49.99},
});
console.log('Delivery ID:', delivery.id);
console.log('Status:', delivery.status); // → "pending" Save the signing secret! The endpoint.secret (starts with whsec_) is needed to verify incoming webhooks. You can also rotate it later via the dashboard or API.
4. Verify Incoming Webhooks
When HookSniff delivers a webhook to your endpoint, it includes three headers for signature verification. Always verify before processing:
| Header | Description |
|---|---|
| webhook-id | Unique message ID (e.g., msg_abc123) |
| webhook-timestamp | Unix timestamp. Reject if older than 5 minutes (replay protection). |
| webhook-signature | Space-separated v1, signatures. Verify at least one matches. |
The signature is computed as: v1,base64(hmac_sha256(secret, "{webhook-id}.{webhook-timestamp}.{body}"))
import {Webhook} from 'hooksniff';
const wh = new Webhook('whsec_your_endpoint_secret');
app.post('/webhook', express.raw({type: 'application/json'}), (req, res) => {
try {
const payload = wh.verify(req.body, {
'webhook-id': req.headers['webhook-id'],
'webhook-timestamp': req.headers['webhook-timestamp'],
'webhook-signature': req.headers['webhook-signature'],
});
// ✅ Valid — process event
console.log('Event:', payload.event);
console.log('Data:', payload.data);
res.status(200).send('OK');
} catch (err) {
// ❌ Invalid — reject
res.status(401).send('Invalid signature');
}
});5. Monitor Deliveries
Check delivery status via the API or the dashboard at hooksniff.vercel.app:
# List recent deliveries
curl https://hooksniff-api-1046140057667.europe-west1.run.app/v1/webhooks?limit=10 \
-H "Authorization: Bearer hr_live_YOUR_KEY"
# Get specific delivery details
curl https://hooksniff-api-1046140057667.europe-west1.run.app/v1/webhooks/MSG_ID \
-H "Authorization: Bearer hr_live_YOUR_KEY"
# Get delivery attempts (HTTP responses from your server)
curl https://hooksniff-api-1046140057667.europe-west1.run.app/v1/webhooks/MSG_ID/attempts \
-H "Authorization: Bearer hr_live_YOUR_KEY"What Happens Next?
Automatic Retries
If your endpoint returns a non-2xx status, HookSniff retries with exponential backoff (up to 5 attempts by default).
Analytics
Track delivery success rates, latency, and failure reasons in the dashboard.
Alerts
Get notified when delivery rates drop or endpoints fail repeatedly.
Dead Letter Queue
Failed deliveries are preserved for debugging. Replay them when your endpoint is back up.
Next Steps
<BookOpen size={16} strokeWidth={1.75} className="inline-block align-text-bottom mr-1" /> Full SDK Reference
All 30+ API resources for each language.
<Lock size={16} strokeWidth={1.75} className="inline-block align-text-bottom mr-1" /> Security Best Practices
SSRF protection, TLS, 2FA, key rotation.
<RefreshCw size={16} strokeWidth={1.75} className="inline-block align-text-bottom mr-1" /> Retries & DLQ
Configure retry policies and replay failed webhooks.
<Shuffle size={16} strokeWidth={1.75} className="inline-block align-text-bottom mr-1" /> Smart Routing
Round-robin and failover routing.
<Plug size={16} strokeWidth={1.75} className="inline-block align-text-bottom mr-1" /> Integrations
GitHub, Stripe, Shopify inbound webhooks.
<Building2 size={16} strokeWidth={1.75} className="inline-block align-text-bottom mr-1" /> Build Stripe-like Webhooks
Production-grade webhook system guide.