Docs

Build against the Webhook Platform API.

Sign in once to reveal your API key, then create endpoints, publish events, inspect deliveries, and retry failures from the same application.

Start with Google Back to Landing

Base path

/api/v1

Authentication

Bearer API key from Settings

Pagination

limit defaults to 20, max 100

Rate limits

100 requests per minute per API key. Excess requests return 429.

Idempotency

Send Idempotency-Key on POST to safely retry. Scoped per endpoint, 24h TTL.

Integration checklist

Everything a new integration needs before the first event is sent.

Authorization header

Authorization: Bearer whk_your_current_api_key

Required message shape

event_type + payload

Add endpoint_ids only when you need to target a subset of endpoints directly.

Operational flow

Create endpoints, publish messages, inspect deliveries, then retry FAILED attempts when an upstream outage is resolved.

Quick Start

From dashboard account to first delivery

The platform already provisions an application for each signed-in user. Your job is to obtain the key, register at least one endpoint, and start sending named events.

1. Sign in

Use Google sign-in once to provision your account and default application in the dashboard.

2. Reveal your API key

Open Settings, reveal the current key when needed, or regenerate it if you need to rotate credentials.

3. Register endpoints

Create one or more destination URLs and decide which event names each endpoint should receive.

4. Send and monitor

Publish events to /api/v1/messages, then inspect messages and deliveries or retry failed attempts.

REST API

Current surface area

All routes below are scoped to the current application through the Bearer API key. Messages and deliveries support offset-based pagination, with limit defaulting to 20 and capped at 100.

Method	Path	Purpose
POST	/api/v1/endpoints	Create a webhook endpoint for the current application.
GET	/api/v1/endpoints	List all registered endpoints for the current application.
GET	/api/v1/endpoints/:id	Fetch a single endpoint by id.
PATCH	/api/v1/endpoints/:id	Update endpoint URL, events, description, metadata, or active state.
DELETE	/api/v1/endpoints/:id	Delete an endpoint.
POST	/api/v1/endpoints/:id/test	Send a test event to one endpoint.
POST	/api/v1/messages	Publish a message to all matching endpoints or a targeted subset.
GET	/api/v1/messages	List messages. Supports event_type, limit, and offset filters.
GET	/api/v1/messages/:id	Fetch one message and include its deliveries.
GET	/api/v1/deliveries	List deliveries. Supports status, endpoint_id, limit, and offset filters.
POST	/api/v1/deliveries/:id/retry	Retry a failed delivery. Only FAILED deliveries can be retried.

POST /messages body

Required shape for publishing an event.

event_typestring

Logical event name such as order.created or invoice.paid.

payloadobject

JSON payload delivered to subscribers.

endpoint_idsstring[]

Optional. When provided, the message is sent only to those endpoint ids.

POST /endpoints body

Fields supported when creating an endpoint.

urlstring

Destination URL. It must be a valid, publicly reachable webhook URL.

eventsstring[]

Optional. Event names this endpoint subscribes to. Defaults to ['*'].

descriptionstring

Optional human-readable label for the endpoint.

metadataobject

Optional JSON object for your own endpoint metadata.

PATCH /endpoints/:id body

Fields supported when updating an endpoint.

urlstring

Optional replacement destination URL.

eventsstring[]

Optional replacement event subscription list.

descriptionstring

Optional replacement description.

metadataobject

Optional replacement metadata object.

activeboolean

Optional flag for disabling or re-enabling an endpoint.

Filters and pagination

Query parameters supported by list endpoints.

Messages

Use event_type, limit, and offset with GET /api/v1/messages.

Deliveries

Use status, endpoint_id, limit, and offset with GET /api/v1/deliveries.

Defaults

limit defaults to 20, offset defaults to 0, and limit is capped at 100.

Operational notes

Things worth knowing before you automate against the API.

The API key is revealed on demand from Settings and should be sent as Authorization: Bearer ...

Delivery statuses exposed in the dashboard are PENDING, SENDING, SENT, and FAILED.

POST /api/v1/deliveries/:id/retry is valid only for FAILED deliveries. POST /api/v1/endpoints/:id/test lets you validate a single endpoint without sending a production event.

cURL examples

Minimal requests to get started

1. Export environment variables

bash

export BASE_URL="https://your-webhook-platform.example.com"
export WEBHOOK_API_KEY="whk_your_current_api_key"

2. Create an endpoint

bash

curl -X POST "$BASE_URL/api/v1/endpoints" \
  -H "Authorization: Bearer $WEBHOOK_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://example.com/webhooks/orders",
    "events": ["order.created", "order.cancelled"],
    "description": "Orders service",
    "metadata": { "env": "production" }
  }'

3. Publish a message

bash

curl -X POST "$BASE_URL/api/v1/messages" \
  -H "Authorization: Bearer $WEBHOOK_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "event_type": "order.created",
    "payload": {
      "id": "ord_123",
      "customer_id": "cus_456",
      "total": 4900
    },
    "endpoint_ids": ["endpoint_uuid_if_you_need_targeting"]
  }'

4. Inspect and retry deliveries

bash

curl "$BASE_URL/api/v1/deliveries?status=FAILED&limit=20" \
  -H "Authorization: Bearer $WEBHOOK_API_KEY"

curl -X POST "$BASE_URL/api/v1/deliveries/delivery_uuid/retry" \
  -H "Authorization: Bearer $WEBHOOK_API_KEY"

NestJS SDK

Use the published client package

The current package name is @nestarc/webhook-client and the version in this repo is 0.1.0. The client posts to /api/v1/messages with the same Bearer API key you use from cURL, ships a dedicated User-Agent header, and exposes structured error classes for timeout and API failures.

Install

Add the package to a NestJS service that needs to emit outbound events.

bash

npm install @nestarc/[email protected]

The module supports both forRoot and forRootAsync. The send call accepts eventType, payload, and optional endpointIds. Register WebhookClientModule before using @WebhookEmit so the interceptor can resolve its client dependency.

Example module and service

import { Injectable, Module } from '@nestjs/common';
import {
  WebhookClientModule,
  WebhookClientService,
} from '@nestarc/webhook-client';

@Module({
  imports: [
    WebhookClientModule.forRoot({
      baseUrl: process.env.WEBHOOK_BASE_URL!,
      apiKey: process.env.WEBHOOK_API_KEY!,
    }),
  ],
})
export class AppModule {}

@Injectable()
export class OrderEventsService {
  constructor(private readonly webhookClient: WebhookClientService) {}

  async emitOrderCreated(order: { id: string; total: number }) {
    const result = await this.webhookClient.send({
      eventType: 'order.created',
      payload: order,
    });

    return result.id;
  }
}

Decorator mode for controller responses

import { Controller, Post } from '@nestjs/common';
import { WebhookEmit } from '@nestarc/webhook-client';

@Controller('orders')
export class OrdersController {
  @Post()
  @WebhookEmit('order.created', {
    when: (response) => Boolean((response as { id?: string }).id),
    await: true,
  })
  create() {
    return { id: 'ord_123', total: 4900 };
  }
}

Use await: true in serverless environments when you want the webhook send attempt to finish before the HTTP response returns. By default, null and undefined responses are skipped.

Open-source docs

Generate a key, register an endpoint, and send the first event.

The dashboard owns credential reveal and rotation. The API and SDK use the same application key once you have it.

Start with Google Back to Landing

Build against the Webhook Platform API.

From dashboard account to first delivery

Current surface area

Minimal requests to get started

Use the published client package

Related nestarc package documentation

Generate a key, register an endpoint, and send the first event.