The Webhook API That Just Works in 30 Minutes
One POST from your backend. Hook0 does the HMAC, the retries, the DLQ and the delivery logs. SDKs in Python and Node.js. Open-source, free tier, no credit card.
100 events/day free. No credit card. Open-source.
Send your first event in 30 seconds
One endpoint, one payload. No SDK required, no webhook concepts to learn first.
POST https://api.hook0.com/api/v1/event
Authorization: Bearer <APPLICATION_AUTH_TOKEN>
Content-Type: application/json
{
"application_id": "c0ea6ffa-1972-4435-b434-ec9e93d38f42",
"event_type": "invoice.paid",
"event_id": "evt_Wqb1k73rXprtTm7Qdlr38G",
"payload": {
"invoice_id": "in_8X9aBcDeFgHiJk",
"status": "paid",
"amount_eur": 4990
},
"labels": { "tenant": "acme", "env": "prod" }
}
Python
hook0 = Hook0("AUTH_TOKEN")
hook0.message.create(
"app_id",
MessageIn(
event_type="invoice.paid",
event_id="evt_123",
payload={"status": "paid"}
)
)
Node.js
const hook0 = Hook0("AUTH_TOKEN");
await hook0.message.create("app_id", {
event_type: "invoice.paid",
event_id: "evt_123",
payload: { status: "paid" }
});
What the webhook API does for you
HMAC-SHA256 signing
Payloads carry a signature and a timestamp. Subscribers verify both. Replay attacks fail the timestamp check.
Two-phase retries
Fast retries within the first few minutes for flaky endpoints. Slow retries over hours and days for real outages. DLQ when the budget runs out.
Idempotent event IDs
Pass your own event_id. Hook0 deduplicates on it, so the API call is safe to retry without firing twice downstream.
Delivery logs and replay
Headers, body, response code, latency. Stored per attempt. Replay any event by ID, from the dashboard or the API.
Open-source SDKs
Python and Node.js. Generated from the OpenAPI spec, so the client and the API stay in sync.
Free tier, no gates
100 events per day, no credit card. Paid plans scale volume. Every feature on this page is in the free tier.
Webhook API questions
What is the Hook0 webhook API?
The Hook0 webhook API is a REST interface that lets your backend trigger an event with a single HTTP call. Hook0 then signs the payload with HMAC, delivers it to every matching subscriber, retries on failure with a configurable two-phase backoff, and logs every attempt. SDKs are available for Python, Node.js and other languages.
How do I authenticate with the webhook API?
Authentication uses a Bearer token (application authentication token) passed in the Authorization header. Tokens are scoped to an application and can be rotated from the dashboard at any time.
Does the webhook API include retries and HMAC signatures?
Yes. Every event triggered via the webhook API is automatically signed with HMAC (so subscribers can verify it) and retried using a two-phase backoff strategy on delivery failure. Dead letter queues capture events that exhaust their retry budget.
What SDKs are available for the Hook0 webhook API?
Official SDKs include Python and Node.js, with community libraries available for more languages. The REST API is fully documented in the API reference, so any HTTP client works.
Is the webhook API rate-limited?
Yes. Rate limits scale with the plan: the free tier allows 100 events per day, paid tiers raise both the daily volume and the burst rate. Self-hosted deployments are not rate-limited by Hook0.
You have better things to build
Stop building webhook infrastructure. Start shipping features. Get started in minutes.