Sources

About 499 wordsAbout 2 min

A source is an inbound webhook endpoint. Each source gets a unique path_token (prefixed src_) that forms the ingest URL: POST /ingest/{path_token}.

Create source

POST /v1/sources

Authentication: Bearer

Request body

Field	Type	Required	Description
`name`	string	Yes	Human-readable label (e.g. `"Stripe Events"`)
`auth_mode`	string	No	Signature verification mode. One of: `"none"` (default), `"shared_secret"`
`provider`	string	No	Built-in provider preset ID (see Provider Presets)
`verification_config`	object	No	Provider-specific verification config (see below)

`verification_config` for `shared_secret`

{
	"header": "Stripe-Signature",
	"secret": "whsec_your_stripe_signing_secret"
}

Provider Presets

Use the provider field to auto-configure signature verification for popular webhook senders.

GET /v1/provider-presets

Authentication: None

When you specify a provider, GetHook automatically sets the correct auth_mode and verification_config.header. You only need to supply the secret.

Supported providers

`provider`	Name	Signature Header
`stripe`	Stripe	`Stripe-Signature`
`shopify`	Shopify	`X-Shopify-Hmac-Sha256`
`github`	GitHub	`X-Hub-Signature-256`
`twilio`	Twilio	`X-Twilio-Signature`
`slack`	Slack	`X-Slack-Signature`
`linear`	Linear	`Linear-Signature`
`paddle`	Paddle	`Paddle-Signature`
`hubspot`	HubSpot	`X-HubSpot-Signature-v3`
`sendgrid`	SendGrid	`X-Twilio-Email-Event-Webhook-Signature`
`woocommerce`	WooCommerce	`X-WC-Webhook-Signature`

curl example — Stripe preset

curl -s -X POST http://localhost:8080/v1/sources \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Stripe Events",
    "provider": "stripe",
    "verification_config": {
      "header": "Stripe-Signature",
      "secret": "whsec_abc123"
    }
  }' | jq .

Response `201 Created`

{
	"data": {
		"id": "s1s2s3s4-e5f6-7890-abcd-ef1234567890",
		"account_id": "a1a2a3a4-...",
		"name": "Stripe Events",
		"path_token": "src_a1b2c3d4e5f6",
		"ingest_url": "http://localhost:8080/ingest/src_a1b2c3d4e5f6",
		"status": "active",
		"auth_mode": "none",
		"verification_config": null,
		"created_at": "2024-01-15T10:00:00Z"
	}
}

Errors

Status	Error	Cause
`400`	`name is required`	Missing `name` field
`401`	Unauthorized	Invalid Bearer token

curl example

# Basic source (no signature verification)
curl -s -X POST http://localhost:8080/v1/sources \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name": "Stripe Events"}' | jq .

# Source with shared-secret verification
curl -s -X POST http://localhost:8080/v1/sources \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Stripe Events",
    "auth_mode": "shared_secret",
    "verification_config": {
      "header": "Stripe-Signature",
      "secret": "whsec_abc123"
    }
  }' | jq .

List sources

GET /v1/sources

Authentication: Bearer

Response `200 OK`

{
	"data": [
		{
			"id": "s1s2s3s4-...",
			"account_id": "a1a2a3a4-...",
			"name": "Stripe Events",
			"path_token": "src_a1b2c3d4e5f6",
			"ingest_url": "http://localhost:8080/ingest/src_a1b2c3d4e5f6",
			"status": "active",
			"auth_mode": "none",
			"created_at": "2024-01-15T10:00:00Z"
		}
	]
}

curl example

curl -s http://localhost:8080/v1/sources \
  -H "Authorization: Bearer $API_KEY" | jq .

Get source

GET /v1/sources/{id}

Authentication: Bearer

Path parameters

Parameter	Type	Description
`id`	UUID	The source ID

Response `200 OK`

Same shape as a single item in the list response.

Errors

Status	Cause
`400`	`{id}` is not a valid UUID
`404`	Source not found or belongs to a different account

curl example

curl -s http://localhost:8080/v1/sources/s1s2s3s4-... \
  -H "Authorization: Bearer $API_KEY" | jq .

Using the ingest URL

Point your webhook provider to the source's ingest_url. For example, in Stripe's dashboard:

https://api.gethook.to/ingest/src_a1b2c3d4e5f6

For local testing with a public tunnel (e.g. ngrok):

ngrok http 8080
# Then use: https://<your-ngrok-id>.ngrok.io/ingest/src_a1b2c3d4e5f6