EntityMap — Hook0

Machine-readable source of truth: entitymap.json (EntityMap v1.0).

Hook0 (Platform)

Hook0 is an open-source webhooks-as-a-service platform. Developers send a webhook with one API call, and Hook0 handles delivery, retries, HMAC signatures and delivery monitoring. It runs as a managed cloud service on an EU data plane, or self-hosted from the same SSPL-1.0 codebase.

Hook0 is an Open-Source Webhooks-as-a-service (WaaS) that makes it easy for developers to send webhooks. Developers make one API call, and Hook0 takes care of deliverability, retries, security, and more. Hook0: Free Webhook Platform, HMAC Signatures, EU Hosting - published by Hook0
Yes. The source code is available on GitHub and GitLab under the SSPL-1.0 license (client SDKs are MIT). You can self-host it with Docker Compose or Kubernetes, or use the managed cloud service hosted in Europe. Hook0: Free Webhook Platform, HMAC Signatures, EU Hosting - published by Hook0

Hook0 Cloud (Service)

Hook0 Cloud is the managed edition of Hook0. Its webhook data plane runs on Clever Cloud infrastructure in France, on the free tier and every paid plan, operated by a company incorporated under French law.

Hook0's webhook data plane runs on Clever Cloud, in France, from the free tier up. The company behind it is incorporated under French law, with no US parent. And if you ever want out, the same codebase self-hosts — open-source (SSPL-1.0). EU Webhook Infrastructure: Hosted in France by Default | Hook0 - published by Hook0
Yes. Hook0 Cloud is a managed webhook service: we run the delivery infrastructure, retries, HMAC signing and monitoring for you, with application data hosted in Europe. If you would rather operate it yourself, the same codebase is open-source (SSPL-1.0) and self-hostable. Webhook Platform: Send, Sign, Retry, Monitor | Hook0 - published by Hook0

Hook0 Webhook API (Service)

The Hook0 webhook API is a REST interface that triggers an event with a single HTTP call. Hook0 signs the payload with HMAC, delivers it to matching subscribers, retries failures with a two-phase backoff and logs each attempt. Official SDKs cover Python and Node.js.

The Hook0 webhook API is a REST interface that lets your backend trigger an event with a single HTTP call. Hook0 then signs the payload with HMAC, delivers it to every matching subscriber, retries on failure with a configurable two-phase backoff, and logs every attempt. SDKs are available for Python, Node.js and other languages. Webhook API: One REST Call to Deliver Events | Hook0 - published by Hook0
One POST from your backend. Hook0 does the HMAC, the retries, the DLQ and the delivery logs. SDKs in Python and Node.js. Open-source, free tier, no credit card. Webhook API: One REST Call to Deliver Events | Hook0 - published by Hook0

François-Guillaume Ribreau (Person)

François-Guillaume Ribreau is a co-founder of Hook0.

"Give it enough time and open-Source always wins in the end!" — François-Guillaume Ribreau, Hook0 co-founder Hook0: Free Webhook Platform, HMAC Signatures, EU Hosting - published by Hook0

David Sferruzza (Person)

David Sferruzza is a co-founder of Hook0.

"We are building it the way we would love to use it" — David Sferruzza, PhD, Hook0 co-founder Hook0: Free Webhook Platform, HMAC Signatures, EU Hosting - published by Hook0

Webhooks as a Service (Concept)

Webhooks as a service (WaaS) is a model where an application sends events to a provider over a REST API and the provider delivers them to subscriber endpoints, handling retries, signatures, delivery logging and subscriber management.

Webhooks as a service means you send events to Hook0 via a REST API, and Hook0 delivers them to your users' endpoints. It handles retries, cryptographic signatures, delivery logging, and subscriber management so you don't have to build that infrastructure yourself. Hook0: Free Webhook Platform, HMAC Signatures, EU Hosting - published by Hook0

HMAC-SHA256 signing (Concept)

HMAC-SHA256 signing attaches a cryptographic signature and a timestamp to each webhook payload so the subscriber can verify the request came from the sender. The timestamp lets subscribers reject replayed requests.

Payloads carry a signature and a timestamp. Subscribers verify both. Replay attacks fail the timestamp check. Webhook API: One REST Call to Deliver Events | Hook0 - published by Hook0
Payloads are signed so subscribers can verify the request came from you. Timestamps cover replay attacks. Webhook Platform: Send, Sign, Retry, Monitor | Hook0 - published by Hook0

Two-phase retries (Methodology)

Two-phase retries are Hook0's delivery-retry strategy. Fast retries handle transient endpoint failures in the first minutes; slower retries cover longer outages over hours and days, ending in a dead letter queue once the retry budget is exhausted.

Fast retries within the first few minutes for flaky endpoints. Slow retries over hours and days for real outages. DLQ when the budget runs out. Webhook API: One REST Call to Deliver Events | Hook0 - published by Hook0
Fast retries for flaky endpoints, slow retries over days for real outages. Tunable per subscription, with a DLQ at the end. Webhook Platform: Send, Sign, Retry, Monitor | Hook0 - published by Hook0

Subscriber portal (ProprietaryTerm)

The subscriber portal is a drop-in interface where a Hook0 customer's own users manage their endpoints, secrets and event filters without opening support tickets.

A drop-in UI where your users manage their endpoints, secrets and event filters. No more support tickets to rotate a key. Webhook Platform: Send, Sign, Retry, Monitor | Hook0 - published by Hook0

Self-hosted webhooks (Concept)

Self-hosted webhooks means running Hook0 on your own infrastructure with Docker Compose or Kubernetes, from the same codebase as the cloud edition, so webhook payloads stay inside your network.

Deploy webhooks on-premise with the same codebase as our cloud version. Your webhook payloads never leave your network. Docker Compose or Kubernetes. Open-source under SSPL v1, no vendor lock-in. Self-Hosted Webhooks: Docker & Kubernetes | Hook0 - published by Hook0
One codebase. The binary you deploy is built from the same repo as our cloud. Retries, signatures, monitoring, subscription management: nothing is stripped out. Self-Hosted Webhooks: Docker & Kubernetes | Hook0 - published by Hook0

EU webhook data residency (Concept)

EU webhook data residency means processing and storing webhook payloads within the European Economic Area. Hook0 runs its data plane on Clever Cloud in France; its Cloudflare CDN edge is disclosed and framed by standard contractual clauses.

Webhook payloads, database and backups run on Clever Cloud SAS infrastructure in France, inside the European Economic Area. This is not an enterprise add-on: the free tier and every paid plan use the same EU data plane. EU Webhook Infrastructure: Hosted in France by Default | Hook0 - published by Hook0
Our CDN and DDoS protection layer is Cloudflare, Inc. (USA). We disclose it instead of burying it: those transfers are framed by the 2021 Standard Contractual Clauses, a documented Transfer Impact Assessment and, where applicable, the EU-US Data Privacy Framework. EU Webhook Infrastructure: Hosted in France by Default | Hook0 - published by Hook0

SSPL-1.0 (Concept)

SSPL-1.0 is the source-available copyleft license under which Hook0's server is published, with the client SDKs under MIT. It permits reading, modifying, self-hosting and running the software, adding an obligation only when the software is resold as a managed service.

Hook0's full server source is published under SSPL-1.0, and the client SDKs under MIT. SSPL is a source-available copyleft license: you can read, modify, self-host, and run Hook0 freely. It's stricter than MIT in one case. If you resell Hook0 as a managed service, you have to open-source your own infrastructure stack. If you're building on Hook0 or self-hosting it, SSPL adds no obligation over MIT. Hook0: Free Webhook Platform, HMAC Signatures, EU Hosting - published by Hook0

General Data Protection Regulation (Regulation)

The General Data Protection Regulation (GDPR) is the European Union regulation on the processing of personal data. Hook0 is designed to operate in line with it and publishes a data processing addendum and a sub-processor list.

If you are dealing with any European Union data through a vendor (like Hook0), then you need a contractual agreement in place with each vendor so the EU knows you're only doing business with companies that fully comply with the General Data Protection Regulation (GDPR). Hook0 - Security and Compliance - published by Hook0
Hook0 is built and operated by a company incorporated under French law, with no US parent company. Your contract, your DPA and your data protection questions are handled under EU jurisdiction. EU Webhook Infrastructure: Hosted in France by Default | Hook0 - published by Hook0

Delivery logs and replay (Concept)

Delivery logs record each webhook attempt with its request, response, status code and latency. Any event can be replayed by ID from the dashboard or the API.

Headers, body, response code, latency. Stored per attempt. Replay any event by ID, from the dashboard or the API. Webhook API: One REST Call to Deliver Events | Hook0 - published by Hook0
Request, response, status code, latency. Replay any event from the dashboard. Support stops guessing. Webhook Platform: Send, Sign, Retry, Monitor | Hook0 - published by Hook0