Skip to content
HookBridge Docs

Inbound Verification Options

Why You Would Use This

Section titled “Why You Would Use This”

Verification settings let you define what a valid inbound webhook looks like before HookBridge forwards it. This helps block spoofed or malformed traffic at ingest instead of discovering problems later in downstream systems.

Available Options

Section titled “Available Options”
  • verify_static_token: require a known token value in a header or query param.
  • verify_hmac: require a valid HMAC signature header.
  • timestamp_header_name + timestamp_ttl_seconds: enforce timestamp freshness when verifying signed requests.
  • verify_ip_allowlist: require sender IP to be in configured CIDR ranges.
  • ingest_response_code: choose the 2xx code returned on successful ingest.
  • signing_enabled: add HookBridge signatures on forwarded deliveries to your destination.

Console Workflow

Section titled “Console Workflow”
  1. Open Endpoints and switch to Inbound.
  2. Open the endpoint you want to configure.
  3. Enable only the verification modes your provider supports.
  4. Enter required headers/secrets/CIDRs and save.
  5. Send a provider test webhook and confirm accepted vs rejected behavior.

API Workflow

Section titled “API Workflow”

API reference:

Terminal window
curl -X PATCH https://api.hookbridge.io/v1/inbound-endpoints/YOUR_INBOUND_ENDPOINT_ID \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "verify_hmac": true,
    "hmac_header_name": "X-Signature",
    "hmac_secret": "YOUR_PROVIDER_HMAC_SECRET",
    "timestamp_header_name": "X-Webhook-Timestamp",
    "timestamp_ttl_seconds": 300,
    "verify_ip_allowlist": true,
    "allowed_cidrs": ["203.0.113.0/24"],
    "ingest_response_code": 202
  }'
Personalize Examples

Enter your credentials to populate code examples throughout the docs.