An endpoint is a named webhook receiver with a unique public URL that captures every HTTP request sent to it.
Anatomy of an endpoint
| Field | Type | Description |
|---|---|---|
id | UUID | Internal identifier — used in API routes |
slug | string | Short public ID in the webhook URL |
name | string | Human-readable label (1–100 chars) |
description | string | Optional notes |
forward_url | string | Optional HTTPS URL for auto-forwarding |
paused | boolean | When true, rejects incoming requests with 423 |
organization_id | UUID | Owning organization |
The public webhook URL is always:
https://hookdeploy.dev/h/{slug}The ingestion Worker at hookdeploy.dev/h/* handles all HTTP methods. Only this route pattern is active — other paths on hookdeploy.dev are served by the marketing site or return 404.
Slugs
Slugs are generated automatically when you create an endpoint. Properties:
- Unique globally — no two endpoints share a slug, ever
- Immutable — you can’t rename a slug; delete and recreate if needed
- URL-safe — lowercase alphanumeric, typically 6 characters
- Not secret — treat slugs like public URLs, not API keys. Anyone who knows the slug can send requests to your endpoint
If you need to rotate a compromised URL, delete the old endpoint and create a new one with a fresh slug.
Pausing
Set paused: true to stop accepting webhooks without deleting history.
Ingestion behavior when paused:
HTTP/1.1 423 Locked
Content-Type: application/json
{"error":"endpoint paused"}Paused endpoints still count toward your plan’s endpoint limit. Unpause anytime from the dashboard or via PATCH /v1/endpoints/:id.
curl -s -X PATCH "https://api.hookdeploy.dev/v1/endpoints/ENDPOINT_ID" \
-H "Authorization: Bearer hd_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"paused": true}'Forward URL
The optional forward_url enables auto-forwarding. When set, every captured webhook is proxied to that URL after storage. See Forwarding for behavior details.
Rules:
- Must start with
https://(HTTP is rejected) - Can be updated anytime via dashboard or API
- Set to
nullto disable forwarding without deleting the endpoint
curl -s -X PATCH "https://api.hookdeploy.dev/v1/endpoints/ENDPOINT_ID" \
-H "Authorization: Bearer hd_live_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"forward_url": "https://staging.example.com/webhooks"}'Permissions
| Action | Required permission |
|---|---|
| View endpoints | endpoints.view |
| Create | endpoints.create |
| Edit (name, forward URL, pause) | endpoints.edit |
| Delete | endpoints.delete |
Developers can create and edit endpoints. Only admins and super admins can delete them. See Roles & permissions for the full matrix.
Deleting an endpoint
Deletion is permanent and cascades:
- All captured requests for the endpoint are deleted
- The slug is released (but never reused for a different endpoint’s URL in practice — a new endpoint gets a new slug)
- The public URL immediately returns
404
curl -s -X DELETE "https://api.hookdeploy.dev/v1/endpoints/ENDPOINT_ID" \
-H "Authorization: Bearer hd_live_YOUR_KEY"Returns 204 No Content.
Next steps
- Requests — What gets captured per request
- Forwarding — How auto-forwarding works
- Endpoints API — Full API reference