Skip to content
HookBridge Docs

Endpoint URL Requirements

Why You Would Use This

Section titled “Why You Would Use This”

HookBridge validates every endpoint URL when you create or update an endpoint. These rules apply equally to outbound endpoints (where HookBridge delivers webhooks) and inbound forwarding URLs (where HookBridge forwards received webhooks).

Understanding the requirements up front avoids validation errors during setup.

Requirements

Section titled “Requirements”

HTTPS Only

Section titled “HTTPS Only”

All endpoint URLs must use HTTPS. HTTP URLs are rejected.

https://your-app.example/webhooks    ✓
http://your-app.example/webhooks     ✗

URL Length

Section titled “URL Length”
  • Minimum: 12 characters
  • Maximum: 2,048 characters

Resolvable Domain

Section titled “Resolvable Domain”

The endpoint’s domain must resolve via DNS. If the domain cannot be resolved, the endpoint is rejected with ENDPOINT_UNREACHABLE.

No Private or Internal Addresses

Section titled “No Private or Internal Addresses”

Endpoint URLs must not target private, internal, or reserved IP addresses. This includes:

  • Loopback addresses (127.0.0.0/8, ::1, localhost)
  • Private network ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
  • Link-local addresses (169.254.0.0/16, fe80::/10)
  • IPv6 unique local addresses (fc00::/7)
  • Multicast addresses (224.0.0.0/4)
  • Unspecified addresses (0.0.0.0, ::)

Requests to these addresses are rejected with ENDPOINT_BLOCKED.

No Self-Referencing URLs

Section titled “No Self-Referencing URLs”

Endpoint URLs must not point back to HookBridge domains. This is rejected with a validation error.

Error Codes

Section titled “Error Codes”
CodeMeaning
INVALID_ENDPOINTURL is not HTTPS, is too short/long, or is otherwise malformed.
ENDPOINT_UNREACHABLEDomain could not be resolved via DNS.
ENDPOINT_BLOCKEDURL resolves to a private or internal address.
Personalize Examples

Enter your credentials to populate code examples throughout the docs.