API Reference

Base URL: https://hookpipe.dev

Authentication: Most endpoints require a Bearer token or API key:
Authorization: Bearer <jwt_or_api_key>

Authentication

POST /api/auth/signup Create account

Request

{ "email": "you@example.com", "password": "min-8-chars" }

Response 201

{
  "token": "eyJhbGciOiJIUzI1NiJ9...",
  "user": { "id": "...", "email": "...", "tier": "free" }
}

POST /api/auth/login Get JWT token

{ "email": "you@example.com", "password": "..." }

Response 200

{ "token": "eyJhbGciOiJIUzI1NiJ9...", "user": {...} }

POST /api/auth/keys Create API key · Auth required

Response 201

{ "api_key": "hpk_..." }

GET /api/auth/me Get current user · Auth required

{ "id": "...", "email": "...", "tier": "free", "created_at": 1704067200000 }

Endpoints

POST /api/endpoints Create endpoint · Auth required

Request body (optional)

{ "name": "stripe-webhooks" }

Response 201

{
  "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "token": "xK9mP2qRvNwT",
  "url": "https://hookpipe.dev/xK9mP2qRvNwT",
  "name": "stripe-webhooks",
  "created_at": 1704067200000,
  "retention_hours": 24,
  "tier": "free"
}

GET /api/endpoints List endpoints · Auth required

Param	Description
limit	Max results (default 50, max 200)
offset	Pagination offset

DELETE /api/endpoints/:id Delete endpoint · Auth + ownership required

{ "deleted": true }

Captured Requests

GET /api/endpoints/:id/requests List captured webhooks · Auth required

Param	Description
limit	Max results (default 50, max 200)
offset	Pagination offset
method	Filter by HTTP method (e.g. POST)

Response 200

{
  "requests": [
    {
      "id": "...",
      "request_id": "req_...",
      "endpoint_id": "...",
      "method": "POST",
      "path": "/",
      "headers": { "content-type": "application/json" },
      "body": "{\"type\":\"payment_intent.succeeded\"}",
      "query_params": {},
      "source_ip": "34.x.x.0",
      "timestamp": 1704067200000
    }
  ],
  "total": 42,
  "limit": 50,
  "offset": 0
}

POST /api/endpoints/:id/requests/:reqId/replay

{ "targetUrl": "https://myapp.com/webhooks" }

Response 200

{
  "replayed": true,
  "original_request_id": "req_...",
  "target_url": "https://myapp.com/webhooks",
  "response": { "status": 200, "headers": {...}, "body": "ok" }
}

WS /api/endpoints/:id/stream WebSocket upgrade

// Connect with auth header
const ws = new WebSocket('wss://hookpipe.dev/api/endpoints/:id/stream');
// Include Authorization: Bearer <key> in upgrade headers

// Incoming messages
{ "type": "request", "data": { ...CapturedRequest } }

// Send pings
{ "type": "ping" }

Delivery Targets

POST /api/endpoints/:id/targets Add delivery target · Auth required

{
  "url": "https://myapp.com/webhooks",
  "secret": "whsec_optional-signing-secret",
  "headers": { "X-Custom-Header": "value" }
}

GET /api/endpoints/:id/deliveries List delivery attempts · Auth required

GET /api/endpoints/:id/dlq Dead letter queue · Auth required

Returns deliveries that failed all retry attempts.

Webhook Capture

ANY /:token Capture any webhook · No auth needed

Send any HTTP request to your webhook URL. All methods, headers, and body are captured.

Response 200

{ "ok": true, "request_id": "req_..." }

Rate limit headers returned: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset

Free tier: 100 requests/day per endpoint. Returns 429 when exceeded.

Body cap: 1MB. Larger payloads stored as [BODY TOO LARGE — TRUNCATED]