Getting Started: Receive Webhooks
This guide is for implementers who want HookBridge to ingest webhooks from external providers, verify them, and forward them to internal destinations reliably.
Prerequisites
Section titled “Prerequisites”- HookBridge account at app.hookbridge.io
- A selected project in the console
- A destination forwarding URL where your system accepts events (must be
https://)
How Inbound Works
Section titled “How Inbound Works”- You create an inbound endpoint in HookBridge.
- HookBridge gives you an
ingest_url. - External providers POST to that
ingest_url. - HookBridge verifies requests using your configured checks.
- Accepted events are forwarded to your configured destination URL.
Step 1: Create an Inbound Endpoint
Section titled “Step 1: Create an Inbound Endpoint”Console
Section titled “Console”- Open Endpoints.
- Switch to the Inbound tab.
- Click Create Inbound Endpoint.
- Set a name and forwarding URL.
- Save and copy the generated
ingest_url.
curl -X POST https://api.hookbridge.io/v1/inbound-endpoints \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "name": "Stripe webhooks", "url": "https://your-app.com/inbound/stripe" }'import { HookBridge } from '@hookbridge/sdk';
const client = new HookBridge({ apiKey: 'YOUR_API_KEY' });
const inbound = await client.createInboundEndpoint({ url: 'https://your-app.com/inbound/stripe', name: 'Stripe webhooks'});
console.log(inbound.ingestUrl);from hookbridge import HookBridge
client = HookBridge(api_key="YOUR_API_KEY")
inbound = client.create_inbound_endpoint( url="https://your-app.com/inbound/stripe", name="Stripe webhooks")
print(inbound.ingest_url)client, _ := hookbridge.NewClient("YOUR_API_KEY")
name := "Stripe webhooks"inbound, _ := client.CreateInboundEndpoint(ctx, hookbridge.CreateInboundEndpointRequest{ URL: "https://your-app.com/inbound/stripe", Name: &name,})
fmt.Println(inbound.IngestURL)require "hookbridge"
client = HookBridge.new(api_key: "YOUR_API_KEY")
inbound = client.create_inbound_endpoint( url: "https://your-app.com/inbound/stripe", name: "Stripe webhooks")
puts inbound.ingest_url<?php
use HookBridge\HookBridge;
$client = new HookBridge('YOUR_API_KEY');
$inbound = $client->createInboundEndpoint( url: 'https://your-app.com/inbound/stripe', name: 'Stripe webhooks',);
echo $inbound->ingestUrl . PHP_EOL;Store the ingest_url and secret_token from the response. They are only returned once.
Step 2: Configure Verification Options
Section titled “Step 2: Configure Verification Options”HookBridge supports all inbound verification options shown in the console.
Console
Section titled “Console”- Open the inbound endpoint.
- Configure one or more verification modes:
- Static token
- HMAC signature verification
- IP allowlist
- Save updates.
curl -X PATCH https://api.hookbridge.io/v1/inbound-endpoints/YOUR_INBOUND_ENDPOINT_ID \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "verify_static_token": true, "token_header_name": "X-Webhook-Token", "token_value": "my-secret-token", "verify_hmac": true, "hmac_header_name": "Stripe-Signature", "hmac_secret": "whsec_abc123", "timestamp_header_name": "X-Webhook-Timestamp", "timestamp_ttl_seconds": 300, "verify_ip_allowlist": true, "allowed_cidrs": ["203.0.113.0/24"], "idempotency_header_names": ["Idempotency-Key"], "signing_enabled": true }'Step 3: Point Provider Traffic to HookBridge
Section titled “Step 3: Point Provider Traffic to HookBridge”Console
Section titled “Console”- Copy the endpoint
ingest_urlfrom inbound endpoint details. - In your provider system (Stripe, GitHub, partner system, etc.), set webhook destination to that
ingest_url. - Send a test event from the provider.
Provider systems should send HTTP POST requests to:
https://receive.hookbridge.io/v1/webhooks/receive/{inbound_endpoint_id}/{secret_token}Example test request:
curl -X POST "https://receive.hookbridge.io/v1/webhooks/receive/YOUR_INBOUND_ENDPOINT_ID/YOUR_SECRET_TOKEN" \ -H "Content-Type: application/json" \ -H "X-Webhook-Token: my-secret-token" \ -d '{"event":"payment.succeeded","id":"evt_123"}'Step 4: Monitor Inbound Activity
Section titled “Step 4: Monitor Inbound Activity”Console
Section titled “Console”- Open Dashboard and Messages to view delivery status.
- Open the inbound endpoint detail page for endpoint-specific activity.
- Check rejections when verification fails.
# Inbound logscurl "https://api.hookbridge.io/v1/inbound-logs?limit=50" \ -H "Authorization: Bearer YOUR_API_KEY"
# Inbound metricscurl "https://api.hookbridge.io/v1/inbound-metrics?window=24h" \ -H "Authorization: Bearer YOUR_API_KEY"
# Rejectionscurl "https://api.hookbridge.io/v1/inbound-rejections?limit=50" \ -H "Authorization: Bearer YOUR_API_KEY"Step 5: Pause/Resume and Replay
Section titled “Step 5: Pause/Resume and Replay”Console
Section titled “Console”- Open the inbound endpoint details page.
- Use Pause during maintenance windows.
- Use Resume when ready to accept traffic.
- Replay failed inbound messages from endpoint/message workflows.
Use values from your created inbound endpoint:
YOUR_INBOUND_ENDPOINT_ID: from the endpoint recordYOUR_INBOUND_MESSAGE_ID: from inbound logs/message detail
# Pause endpointcurl -X POST https://api.hookbridge.io/v1/inbound-endpoints/YOUR_INBOUND_ENDPOINT_ID/pause \ -H "Authorization: Bearer YOUR_API_KEY"
# Resume endpointcurl -X POST https://api.hookbridge.io/v1/inbound-endpoints/YOUR_INBOUND_ENDPOINT_ID/resume \ -H "Authorization: Bearer YOUR_API_KEY"
# Replay one messagecurl -X POST https://api.hookbridge.io/v1/inbound-messages/YOUR_INBOUND_MESSAGE_ID/replay \ -H "Authorization: Bearer YOUR_API_KEY"
# Replay many by statuscurl -X POST "https://api.hookbridge.io/v1/inbound-messages/replay-all?status=failed_permanent&limit=100" \ -H "Authorization: Bearer YOUR_API_KEY"Next Steps
Section titled “Next Steps” Personalize Examples
Enter your credentials to populate code examples throughout the docs.