Core Concepts

How HookPipe captures, stores, and delivers your webhooks.

Stripe / GitHub / Any Service
↓ POST https://hookpipe.dev/<token>
📥 Capture Engine
↓ stored in D1 ↓ broadcast via WebSocket
🗄 D1 Database
📡 WebSocket Clients
📤 Delivery Queue
↓ forward to targets
Your App / Staging Server / Webhook Debugger

01 Endpoints

An endpoint is a unique, persistent URL that captures any HTTP request sent to it. Each endpoint has a 12-character alphanumeric token embedded in its URL.

Endpoint URL format:

https://hookpipe.dev/xK9mP2qRvNwT

Accepts all methods:

GET POST PUT PATCH DELETE HEAD OPTIONS

• Each user can have up to 3 endpoints (free) or 50 (pro) or 500 (team)

• Endpoints are tied to your account — only you can view captured requests

• Captured data is retained for 24h (free), 30 days (pro/team)

• Free tier: rate-limited to 100 requests/day per endpoint

02 Capture Engine

When a request arrives at your endpoint, HookPipe captures everything — method, path, headers, query parameters, body (up to 1MB), source IP — and stores it immediately in D1.

Captured request object:

{
  "id": "a1b2c3d4-...",
  "request_id": "req_7f8e9d0a-...",
  "endpoint_id": "...",
  "method": "POST",
  "path": "/",
  "headers": { "content-type": "application/json", "x-stripe-signature": "..." },
  "body": "{\"type\":\"payment_intent.succeeded\"}",
  "query_params": {},
  "source_ip": "34.x.x.0",
  "timestamp": 1704067200000
}

After storing, the request is immediately broadcast to any connected WebSocket clients (via Durable Objects) and enqueued for delivery to registered targets.

03 Replay

Any captured request can be replayed — re-sent to any public HTTPS endpoint. HookPipe reconstructs the original request including method, headers, and body. 

POST /api/endpoints/:id/requests/:reqId/replay
{ "targetUrl": "https://myapp.com/webhooks" }
⚠️ Security: replay blocks private IPs (10.x, 172.16-31.x, 192.168.x, 169.254.x, localhost) to prevent SSRF attacks.

The replay response includes the target's HTTP status, headers, and body — useful for debugging why your app rejected a webhook.

04 Delivery Engine

The delivery engine automatically forwards captured webhooks to registered targets. It runs on a scheduled cron every hour, processing a queue of pending deliveries.

🎯

Targets

Register delivery URLs per endpoint

🔄

Retry Logic

Automatic retries with exponential backoff

💀

Dead Letter Queue

Failed deliveries stored for inspection

Delivery target configuration:

POST /api/endpoints/:id/targets
{
  "url": "https://myapp.com/webhooks/stripe",
  "secret": "whsec_...",   // Optional HMAC signing secret
  "headers": {}             // Optional extra headers
}

05 Real-Time Streaming

Connect to your endpoint's WebSocket stream to receive webhooks in real-time as they arrive. Powered by Cloudflare Durable Objects with the hibernation API — no idle charges. 

// WebSocket endpoint
wss://hookpipe.dev/api/endpoints/:id/stream

// Message format
{
  "type": "request",
  "data": { ...CapturedRequest }
}

// Send pings to keep alive
{ "type": "ping" }