๐Ÿช HookSniff

June 23, 2026 ยท View on GitHub

CI License: MIT Rust Next.js React

The webhook infrastructure for developers.

HookSniff is an open-source webhook delivery platform built in Rust and Next.js. It handles sending, receiving, retrying, and monitoring webhooks โ€” so you can focus on building your product.

๐ŸŒ Live: hooksniff.vercel.app ยท ๐Ÿ“– Docs: hooksniff.vercel.app/docs


Why HookSniff?

Webhooks are the backbone of modern integrations, but building reliable webhook infrastructure is hard. HookSniff gives you:

  • Reliable delivery โ€” Automatic retries with exponential backoff and jitter. Failed deliveries go to a dead letter queue, never lost.
  • Standard Webhooks โ€” HMAC-SHA256 signatures with whsec_ secrets, fully compliant with the Standard Webhooks specification.
  • Smart routing โ€” Round-robin, failover, weighted, and random strategies with automatic fallback URLs.
  • FIFO ordering โ€” Guaranteed ordered delivery with sequence numbers for event-sourced systems.
  • Real-time visibility โ€” SSE streaming, WebSocket updates, and a full analytics dashboard.
  • Cortex AI โ€” ML-powered anomaly detection, auto-healing, drift detection, and predictive monitoring.
  • 11 SDKs โ€” Official clients for Node.js, Python, Go, Rust, Java, Kotlin, Ruby, PHP, C#, Elixir, and Swift. Each in its own repo under servetarslan02.

Features

Core Webhook Delivery

FeatureDescription
Automatic retriesExponential backoff with jitter, configurable per endpoint
Dead letter queueFailed deliveries preserved for debugging and replay
Batch operationsSend and replay webhooks in bulk
IdempotencyIdempotency-Key header with 24h TTL prevents duplicate processing
FIFO orderingSequence numbers guarantee ordered delivery
Per-endpoint throttlingToken bucket / sliding window to protect customer servers
Payload transformationFilter, map, and enrich webhook payloads per endpoint
Schema registryJSON schema validation with versioning
CloudEvents v1.0Standard event format support
Multiple delivery methodsHTTP, WebSocket, Email

Security

FeatureDescription
HMAC-SHA256 signaturesStandard Webhooks compliant (whsec_ secrets)
SSRF protectionBlocks private IPs, metadata endpoints, DNS validation
Rate limitingSliding window algorithm, per-plan limits
API key authhr_live_* / hr_test_* keys, Argon2id hashed
JWT + 2FADashboard auth with TOTP two-factor authentication
SSO/SAMLEnterprise single sign-on
OAuthGoogle and GitHub social login
GDPRData export and account deletion endpoints

Monitoring & Observability

FeatureDescription
Real-time streamSSE (GET /v1/stream/deliveries) + WebSocket
AnalyticsDelivery trends, success rates, latency percentiles (24h/7d/30d)
AlertsConfigurable alert rules with notification channels
Endpoint healthPer-endpoint success rate, p95/p99 latency, failure streaks
OpenTelemetryDistributed tracing with Grafana Cloud
Prometheus metricsGET /metrics endpoint
Cortex AIAnomaly detection, auto-healing, drift detection, predictive monitoring

Platform

FeatureDescription
Dashboard40+ pages: analytics, endpoint management, team collaboration (Next.js 16)
Admin panelUser management, revenue dashboard, system health
TeamsTeam CRUD, invitations, roles (admin/editor/viewer)
BillingPolar.sh (global) + iyzico (Turkey) multi-provider support
Inbound proxyReceive webhooks from Stripe, GitHub, Shopify
Embeddable portalCustomer-facing portal widget
CLICommand-line tool for endpoint and webhook management
11 SDKsNode, Python, Go, Rust, Java, Kotlin, Ruby, PHP, C#, Elixir, Swift โ€” all repos

Tech Stack

ComponentTechnologyHosting
APIRust (Axum 0.8, sqlx 0.8)
WorkerRust (Tokio)
DatabasePostgreSQL 16
Cache / QueueRedis
DashboardNext.js 16, React, TypeScript, Tailwind
CDN/DNSCloudflare
MonitoringGrafana + OpenTelemetry
StorageCloudflare R2S3-compatible
EmailResend + Gmail API
BillingPolar.sh + iyzico

Quick Start

Local Development

# Clone
git clone https://github.com/servetarslan02/HookSniff.git
cd HookSniff

# Copy environment config
cp .env.example .env

# Start everything (PostgreSQL + API + Worker + Dashboard)
make local

API runs on http://localhost:3000 Dashboard runs on http://localhost:3001

Production Deployment (Free Tier)

See docs/DEPLOYMENT.md for a complete guide to deploying HookSniff on Google Cloud Run.

API Usage

# Register
curl -X POST https://hooksniff-api-499907444852.europe-west1.run.app/v1/auth/register \
  -H "Content-Type: application/json" \
  -d '{"email": "you@example.com", "password": "your-password"}'

# Create endpoint
curl -X POST https://hooksniff-api-499907444852.europe-west1.run.app/v1/endpoints \
  -H "Authorization: Bearer hr_live_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"url": "https://your-app.com/webhook"}'

# Send webhook
curl -X POST https://hooksniff-api-499907444852.europe-west1.run.app/v1/webhooks \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"endpoint_id": "YOUR_ENDPOINT_ID", "event": "order.created", "data": {"order_id": "12345"}}'

Project Structure

HookSniff/
โ”œโ”€โ”€ api/               # Rust Axum API server
โ”‚   โ”œโ”€โ”€ src/
โ”‚   โ”‚   โ”œโ”€โ”€ routes/    # API endpoints (auth, webhooks, billing, etc.)
โ”‚   โ”‚   โ”œโ”€โ”€ billing/   # Polar.sh, iyzico, Stripe integrations
โ”‚   โ”‚   โ”œโ”€โ”€ fifo/      # FIFO ordered delivery
โ”‚   โ”‚   โ”œโ”€โ”€ throttle/  # Per-endpoint throttling
โ”‚   โ”‚   โ”œโ”€โ”€ ws/        # WebSocket handler
โ”‚   โ”‚   โ””โ”€โ”€ ...
โ”‚   โ””โ”€โ”€ migrations/    # PostgreSQL migration scripts
โ”œโ”€โ”€ worker/            # Background worker (retry + delivery)
โ”œโ”€โ”€ dashboard/         # Next.js 16 dashboard + landing page
โ”œโ”€โ”€ sdks/              # SDK source (Node.js in-repo, others in separate repos)
โ”œโ”€โ”€ cli/               # CLI tool
โ”œโ”€โ”€ portal/            # Embeddable portal widget
โ”œโ”€โ”€ docs/              # API documentation (OpenAPI)
โ”œโ”€โ”€ monitoring/        # Grafana + OpenTelemetry config
โ”œโ”€โ”€ tests/             # Integration + load tests (k6)
โ”œโ”€โ”€ docker-compose.yml
โ””โ”€โ”€ Makefile

API Endpoints

MethodPathDescription
POST/v1/auth/registerCreate account
POST/v1/auth/loginGet JWT token (supports 2FA)
POST/v1/auth/2fa/enableEnable two-factor auth
GET/v1/auth/verify-emailVerify email address
POST/v1/auth/forgot-passwordRequest password reset
GET/v1/auth/exportExport user data (GDPR)
DELETE/v1/auth/accountDelete account (GDPR)
GET/POST/v1/endpointsList / Create endpoints
GET/PUT/DELETE/v1/endpoints/:idGet / Update / Delete endpoint
POST/v1/endpoints/:id/rotate-secretRotate signing secret
POST/v1/webhooksSend webhook
POST/v1/webhooks/batchSend batch webhooks
GET/v1/webhooksList deliveries
GET/v1/webhooks/:idGet delivery
POST/v1/webhooks/:id/replayReplay webhook
GET/v1/stream/deliveriesSSE real-time stream
GET/v1/analytics/deliveriesDelivery trend data
GET/v1/analytics/success-rateSuccess rate metrics
GET/v1/searchSearch deliveries
GET/POST/v1/api-keysList / Create API keys
POST/v1/billing/upgradeUpgrade plan
POST/v1/billing/portalOpen customer portal
GET/v1/outbound-ipsList outbound IPs
GET/v1/docsSwagger UI
GET/healthHealth check
GET/metricsPrometheus metrics

Pricing

PlanPriceWebhooks/dayEndpointsPayloadRetentionRate/min
Developer$0300Unlimited256 KB14 days100
Startup$29/mo30,000Unlimited1 MB30 days500
Pro$49/mo100,000Unlimited5 MB180 days1,000
EnterpriseCustomUnlimitedUnlimited10 MB365 days5,000

Hosting cost: $0/month on free-tier services.

SDKs

LanguagePackageVersionRepositoryStatus
Node.jshooksniff-nodev0.4.10hooksniff-nodeโœ… Available
Pythonhooksniff-pythonv0.4.4hooksniff-pythonโœ… Available
Gohooksniff-gov1.4.0hooksniff-goโœ… Available
Kotlinhooksniff-kotlinv0.5.0hooksniff-kotlinโœ… Available
Rusthooksniffโ€”hooksniff-rust๐Ÿ”„ Planned
Javacom.hooksniffโ€”hooksniff-java๐Ÿ”„ Planned
Rubyhooksniffโ€”hooksniff-ruby๐Ÿ”„ Planned
PHPhooksniff/hooksniffโ€”hooksniff-php๐Ÿ”„ Planned
C#HookSniffโ€”hooksniff-csharp๐Ÿ”„ Planned
Elixirhooksniffโ€”hooksniff-elixir๐Ÿ”„ Planned
SwiftHookSniffโ€”hooksniff-swift๐Ÿ”„ Planned

All SDKs are MIT licensed. See docs/sdk-coverage.md for detailed status.

Testing

# Run unit tests
cargo test

# Run integration tests
cargo test --test integration

# Run load tests
k6 run tests/load/k6_load_test.js

SDK Examples

Node.js

import { HookSniff } from 'hooksniff-sdk';

const hs = new HookSniff('hr_live_YOUR_KEY');

// Create application
const app = await hs.application.create({ name: 'My App' });

// Create endpoint
const ep = await hs.endpoint.create({
  url: 'https://your-app.com/webhook',
  application_id: app.id,
  description: 'Order notifications',
});

// Send webhook
await hs.webhook.send({
  endpoint_id: ep.id,
  event: 'order.created',
  data: { order_id: '12345', amount: 99.99 },
});

Python

from hooksniff import HookSniff

hs = HookSniff('hr_live_YOUR_KEY')

# Create application
app = hs.application.create(name='My App')

# Create endpoint
ep = hs.endpoint.create(
    url='https://your-app.com/webhook',
    application_id=app['id'],
    description='Order notifications'
)

# Send webhook
hs.webhook.send(
    endpoint_id=ep['id'],
    event='order.created',
    data={'order_id': '12345', 'amount': 99.99}
)

Go

import hooksniff "github.com/servetarslan02/hooksniff-go"

hs := hooksniff.NewClient("hr_live_YOUR_KEY")

// Create application
app, _ := hs.Application.Create(&hooksniff.ApplicationCreate{
    Name: "My App",
})

// Create endpoint
ep, _ := hs.Endpoint.Create(&hooksniff.EndpointCreate{
    URL:           "https://your-app.com/webhook",
    ApplicationID: app.ID,
    Description:   hooksniff.String("Order notifications"),
})

// Send webhook
hs.Webhook.Send(&hooksniff.WebhookSend{
    EndpointID: ep.ID,
    Event:      "order.created",
    Data:       map[string]interface{}{"order_id": "12345", "amount": 99.99},
})

๐Ÿ“– Full SDK docs: docs/SDK_EXAMPLES.md


Documentation

DocumentDescription
API ReferenceFull REST API documentation with request/response examples
Quickstart GuideGet your first webhook running in 5 minutes
ArchitectureSystem design, data flow, retry mechanism
Deployment GuideProduction deployment on Google Cloud Run
Deployment GuideDeploy on Google Cloud Run
Self-Host GuideRun HookSniff on your own infrastructure
SDK ExamplesCode examples for all SDKs
Developer GuideLocal development setup and workflows
TroubleshootingCommon issues and solutions
RunbookOperational procedures and incident response

Enterprise: IP Whitelisting

Enterprise customers can whitelist HookSniff's static outbound IPs in their firewall/WAF. See docs/OUTBOUND_IPS.md for the full list.

curl https://hooksniff-api-499907444852.europe-west1.run.app/v1/outbound-ips
# โ†’ { "ips": ["..."], "updated_at": "..." }

Support

Contributing

We welcome contributions! Please read our Contributing Guide before submitting a PR.

Security

For security vulnerabilities, please see our Security Policy. Do not open public issues for security bugs.

License

MIT โ€” see LICENSE for details.