Documentation

Get started with HookBug

Everything you need to set up webhook capture, forwarding, and monitoring.

On this page

QuickstartReceiving webhooksForwarding & destinationsReplaying eventsAlerts & notificationsSecurity

Quickstart

1. Create a source

Sign in to your dashboard and create a new source. Give it a name like "Stripe Production" and enter the forwarding URL where you want webhooks delivered (e.g., https://yourapp.com/api/webhooks/stripe).

2. Copy your endpoint URL

Each source gets a unique endpoint URL like:

https://hookbug.com/api/in/hk_9xk2m7p4

3. Update your provider

Go to your webhook provider (Stripe, GitHub, Shopify, etc.) and replace your current webhook URL with the HookBug endpoint. That's it — every webhook will now flow through HookBug before reaching your app.

Receiving webhooks

How it works

When a provider sends a webhook to your HookBug endpoint, we immediately respond with 200 OK (so the provider doesn't retry), store the full request (method, headers, body, IP, timestamp), and forward it to all active destinations.

Supported methods

HookBug accepts any HTTP method — POST, GET, PUT, PATCH, DELETE. All are captured and forwarded identically.

Headers we add

When forwarding to your endpoint, we add these headers:

x-hookbug-event-id: evt_abc123
x-hookbug-source: Stripe Production
user-agent: HookBug/1.0

Forwarding & destinations

Multiple destinations

Each source can forward to multiple URLs. Use this to send the same webhook to production, staging, and your local dev environment simultaneously.

Timeout & retries

We give your endpoint 30 seconds to respond. If it returns a 4xx or 5xx status, or times out, we automatically retry up to 3 times with exponential backoff (5s, 30s, 2min).

Replaying events

One-click replay

Any event in your log can be replayed with a single click. We resend the exact same payload (headers + body) to all active destinations. Replay headers include x-hookbug-replay: true so your app can distinguish replays if needed.

When to replay

Replay is useful after fixing a bug in your webhook handler, recovering from downtime, or testing changes against real payloads.

Alerts & notifications

Channels

HookBug supports three notification channels: Email (all plans), Discord webhooks (Pro+), and SMS via Twilio (Team). Configure alerts per source or globally for all sources.

Trigger conditions

Choose when to be notified: on delivery failure only (recommended), on every successful delivery, or both. Failure alerts include the destination URL, HTTP status code, and event ID.

Security

Data in transit

All connections use TLS 1.3. Webhook payloads are encrypted in transit between the provider, HookBug, and your endpoint.

Data at rest

Stored webhook payloads are encrypted at rest. Data is automatically purged after your plan's retention period (24h, 30d, or 90d).

No credential access

HookBug never requires your API keys, OAuth tokens, or any credentials for your webhook providers. We only capture what providers send to the endpoint URL.

Need help?

Can't find what you're looking for? Reach out and we'll help you get set up.

Contact support