Webhook API

The Webhook API That Just Works in 30 Minutes

One POST from your backend. Hook0 does the HMAC, the retries, the DLQ and the delivery logs. SDKs in Python and Node.js. Open-source, free tier, no credit card.

Start Free Read the API Reference

100 events/day free. No credit card. Open-source.

Trusted by teams at

Coinbase WoodWing Optery Alteos ActiveAnts Apizee
Hook0 on Product Hunt
Code

Send your first event in 30 seconds

One endpoint, one payload. No SDK required, no webhook concepts to learn first.

POST https://api.hook0.com/api/v1/event
Authorization: Bearer <APPLICATION_AUTH_TOKEN>
Content-Type: application/json

{
  "application_id": "c0ea6ffa-1972-4435-b434-ec9e93d38f42",
  "event_type":     "invoice.paid",
  "event_id":       "evt_Wqb1k73rXprtTm7Qdlr38G",
  "payload": {
    "invoice_id": "in_8X9aBcDeFgHiJk",
    "status":     "paid",
    "amount_eur": 4990
  },
  "labels": { "tenant": "acme", "env": "prod" }
}

Python

hook0 = Hook0("AUTH_TOKEN")
hook0.message.create(
  "app_id",
  MessageIn(
    event_type="invoice.paid",
    event_id="evt_123",
    payload={"status": "paid"}
  )
)

Node.js

const hook0 = Hook0("AUTH_TOKEN");
await hook0.message.create("app_id", {
  event_type: "invoice.paid",
  event_id:   "evt_123",
  payload:    { status: "paid" }
});
Browse the full API reference →
Inside the API

What the webhook API does for you

HMAC-SHA256 signing

Payloads carry a signature and a timestamp. Subscribers verify both. Replay attacks fail the timestamp check.

Two-phase retries

Fast retries within the first few minutes for flaky endpoints. Slow retries over hours and days for real outages. DLQ when the budget runs out.

Idempotent event IDs

Pass your own event_id. Hook0 deduplicates on it, so the API call is safe to retry without firing twice downstream.

Delivery logs and replay

Headers, body, response code, latency. Stored per attempt. Replay any event by ID, from the dashboard or the API.

Open-source SDKs

Python and Node.js. Generated from the OpenAPI spec, so the client and the API stay in sync.

Free tier, no gates

100 events per day, no credit card. Paid plans scale volume. Every feature on this page is in the free tier.

FAQ

Webhook API questions

What is the Hook0 webhook API?

The Hook0 webhook API is a REST interface that lets your backend trigger an event with a single HTTP call. Hook0 then signs the payload with HMAC, delivers it to every matching subscriber, retries on failure with a configurable two-phase backoff, and logs every attempt. SDKs are available for Python, Node.js and other languages.

How do I authenticate with the webhook API?

Authentication uses a Bearer token (application authentication token) passed in the Authorization header. Tokens are scoped to an application and can be rotated from the dashboard at any time.

Does the webhook API include retries and HMAC signatures?

Yes. Every event triggered via the webhook API is automatically signed with HMAC (so subscribers can verify it) and retried using a two-phase backoff strategy on delivery failure. Dead letter queues capture events that exhaust their retry budget.

What SDKs are available for the Hook0 webhook API?

Official SDKs include Python and Node.js, with community libraries available for more languages. The REST API is fully documented in the API reference, so any HTTP client works.

Is the webhook API rate-limited?

Yes. Rate limits scale with the plan: the free tier allows 100 events per day, paid tiers raise both the daily volume and the burst rate. Self-hosted deployments are not rate-limited by Hook0.

Related

Webhook Platform Hook0 vs Svix Hook0 vs Hookdeck Build vs Buy Webhooks Self-Hosted Webhooks Open-Source Webhooks

You have better things to build

Stop building webhook infrastructure. Start shipping features. Get started in minutes.

Authentication Monitoring
Start Free Quick Start Guide
No credit card required
Setup in 5 minutes
Cancel anytime