API Documentation
Manage your HookFlow endpoints, view webhook logs, and configure forwarding programmatically.
Authentication
All API requests require authentication via an API key. Generate one from Settings.
Include your API key in the Authorization header:
curl -H "Authorization: Bearer hf_sk_your_key_here" \
https://hookflow.in/api/v1/endpointsKeep your API key secret. Do not expose it in client-side code or public repositories. If compromised, revoke it immediately from Settings.
Endpoints API
/api/v1/endpointsList all endpointscurl -H "Authorization: Bearer hf_sk_..." \
https://hookflow.in/api/v1/endpoints/api/v1/endpointsCreate a new endpointcurl -X POST -H "Authorization: Bearer hf_sk_..." \
-H "Content-Type: application/json" \
-d '{"name": "Stripe Webhooks", "description": "Production", "forward_url": "https://example.com/webhooks"}' \
https://hookflow.in/api/v1/endpointsforward_url is optional. When set, incoming webhooks are automatically forwarded to this URL.
/api/v1/endpoints/:idGet endpoint detailscurl -H "Authorization: Bearer hf_sk_..." \
https://hookflow.in/api/v1/endpoints/abc123def456/api/v1/endpoints/:idUpdate endpointcurl -X PATCH -H "Authorization: Bearer hf_sk_..." \
-H "Content-Type: application/json" \
-d '{"forward_url": "https://new-url.com/hook", "is_active": true}' \
https://hookflow.in/api/v1/endpoints/abc123def456/api/v1/endpoints/:idDelete endpointcurl -X DELETE -H "Authorization: Bearer hf_sk_..." \
https://hookflow.in/api/v1/endpoints/abc123def456Requests API
/api/v1/requestsList webhook requestsQuery params: endpoint_id, limit (default 50), offset (default 0)
curl -H "Authorization: Bearer hf_sk_..." \
"https://hookflow.in/api/v1/requests?endpoint_id=abc123def456&limit=10"/api/v1/requests/:idDelete a webhook requestcurl -X DELETE -H "Authorization: Bearer hf_sk_..." \
https://hookflow.in/api/v1/requests/request-uuid-here/api/v1/requests/:id/replayReplay a stored webhook requestcurl -X POST -H "Authorization: Bearer hf_sk_..." \
https://hookflow.in/api/v1/requests/request-uuid-here/replayWebhook Forwarding
Set a forward_url on any endpoint to automatically forward incoming webhooks to your server. HookFlow logs the request first, then forwards it with the same method, headers, and body.
How it works
- A webhook arrives at
/api/webhook/{endpoint_id} - HookFlow logs the full request (headers, body, metadata)
- If
forward_urlis set, the request is forwarded with:
- Same HTTP method and body
- Original headers (minus hop-by-hop headers)
x-hookflow-forwarded: trueheader addedx-hookflow-endpoint: {id}header added- 10-second timeout
Forwarding is best-effort — failures are logged but the webhook is still stored and a 200 is returned to the sender.
# Set forward_url when creating an endpoint
curl -X POST -H "Authorization: Bearer hf_sk_..." \
-H "Content-Type: application/json" \
-d '{"name": "My Hook", "forward_url": "https://myapi.com/webhooks"}' \
https://hookflow.in/api/v1/endpoints
# Or update an existing endpoint
curl -X PATCH -H "Authorization: Bearer hf_sk_..." \
-H "Content-Type: application/json" \
-d '{"forward_url": "https://myapi.com/webhooks"}' \
https://hookflow.in/api/v1/endpoints/abc123def456
# Remove forwarding
curl -X PATCH -H "Authorization: Bearer hf_sk_..." \
-H "Content-Type: application/json" \
-d '{"forward_url": null}' \
https://hookflow.in/api/v1/endpoints/abc123def456Sending Webhooks
Send webhooks to your HookFlow endpoint URL. No authentication is required — the endpoint URL acts as the identifier. All HTTP methods are supported.
# POST a JSON payload
curl -X POST https://hookflow.in/api/webhook/abc123def456 \
-H "Content-Type: application/json" \
-d '{"event": "payment.success", "amount": 49.99}'
# GET request with query params
curl "https://hookflow.in/api/webhook/abc123def456?status=active&page=1"
# PUT with custom headers
curl -X PUT https://hookflow.in/api/webhook/abc123def456 \
-H "Content-Type: application/json" \
-H "X-Custom-Header: my-value" \
-d '{"update": true}'Response includes X-HookFlow-Endpoint and X-HookFlow-Timestamp headers for correlation.