Skip to content
HookBridge Docs

Outbound Endpoint Lifecycle

Why You Would Use This

Section titled “Why You Would Use This”

Use this page to manage where outbound webhooks are delivered and how signatures are secured over time.

Console Workflow

Section titled “Console Workflow”
  1. Open Endpoints and stay on the Outbound tab.
  2. Create an endpoint with destination URL and optional description.
  3. Edit the endpoint when destination details change.
  4. Rotate the signing secret when needed (security policy, leaked secret, receiver migration).
  5. Delete the endpoint when it is no longer used.

Signing Key Rotation

Section titled “Signing Key Rotation”

Each endpoint can have up to two active signing keys at a time. This allows zero-downtime rotation — your receiver can validate against either key during the transition.

How Dual-Key Signing Works

Section titled “How Dual-Key Signing Works”
  • When an endpoint has two active keys, every delivery includes signatures from both keys in the X-Webhook-Signature header, separated by a comma.
  • Your receiver can verify against either signature — if one matches, the request is authentic.
  • This means you can add the new key, update your receiver at your own pace, then remove the old key.

Safe Rotation Sequence

Section titled “Safe Rotation Sequence”
  1. Add a new signing key in the console or via API. The new secret is shown once — store it securely.
  2. Update your receiver to accept signatures from either the new key or the old key.
  3. Verify that deliveries are succeeding with the new key by monitoring Messages.
  4. Delete the old key once your receiver is fully updated.

You cannot delete the last remaining signing key on an endpoint.

Console Workflow

Section titled “Console Workflow”
  1. Open Endpoints and select your outbound endpoint.
  2. In the Signing Keys section, click Add Signing Key.
  3. Copy the new secret from the modal — it will not be shown again.
  4. Update your receiver with the new secret.
  5. Once confirmed, click Delete on the old key.

API Workflow

Section titled “API Workflow”

API reference:

Terminal window
# Create endpoint
curl -X POST https://api.hookbridge.io/v1/endpoints \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url":"https://your-app.example/webhooks","description":"Production"}'


# List endpoints
curl https://api.hookbridge.io/v1/endpoints \
  -H "Authorization: Bearer YOUR_API_KEY"


# Update endpoint
curl -X PATCH https://api.hookbridge.io/v1/endpoints/YOUR_ENDPOINT_ID \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"description":"Updated description"}'


# Add a new signing key
curl -X POST https://api.hookbridge.io/v1/endpoints/YOUR_ENDPOINT_ID/signing-keys \
  -H "Authorization: Bearer YOUR_API_KEY"


# List signing keys
curl https://api.hookbridge.io/v1/endpoints/YOUR_ENDPOINT_ID/signing-keys \
  -H "Authorization: Bearer YOUR_API_KEY"


# Delete an old signing key
curl -X DELETE https://api.hookbridge.io/v1/endpoints/YOUR_ENDPOINT_ID/signing-keys/YOUR_SIGNING_KEY_ID \
  -H "Authorization: Bearer YOUR_API_KEY"


# Delete endpoint
curl -X DELETE https://api.hookbridge.io/v1/endpoints/YOUR_ENDPOINT_ID \
  -H "Authorization: Bearer YOUR_API_KEY"
Personalize Examples

Enter your credentials to populate code examples throughout the docs.