Create a source
Create a new webhook source. Optionally apply a template for pre-configured verification.
POST
/sources
Create a new webhook source. Optionally apply a template for pre-configured verification.
Authentication
API Key (header: X-API-Key) API Key (cookie: better-auth.session_token)
Request Body required
Request body
application/jsonorg_id
string
Organization ID (defaults to auth context)
env_id
string
Environment ID (defaults to auth context)
name
string
REQUIRED
Source name
slug
string
REQUIRED
URL-safe slug
description
string
Source description
template
string
Template slug (e.g. stripe, github)
type
string
Source type
Enum:
http, websocketsource_config
object
Provider-specific config
verification_enabled
boolean
Enable signature verification
verification_type
string
Verification algorithm
verification_secret
string
Verification secret
verification_header
string
Header containing signature
dedup_enabled
boolean
Enable deduplication
dedup_strategy
string
Dedup strategy
dedup_field
string
Dedup field path
dedup_window_seconds
number
Dedup window in seconds
ip_allowlist
string[]
Allowed IP CIDRs
Array of:
ip_denylist
string[]
Denied IP CIDRs
Array of:
Responses
201
Created source
application/jsonsource
object | null
REQUIRED
id
string
REQUIRED
org_id
string
REQUIRED
env_id
string
REQUIRED
slug
string
REQUIRED
name
string
REQUIRED
description
string | null
REQUIRED
template
string | null
REQUIRED
verification_enabled
integer
REQUIRED
verification_type
string | null
REQUIRED
verification_secret
string | null
REQUIRED
verification_header
string | null
REQUIRED
verification_config
string | null
REQUIRED
dedup_enabled
integer
REQUIRED
dedup_strategy
string | null
REQUIRED
dedup_field
string | null
REQUIRED
dedup_window_seconds
integer
REQUIRED
ip_allowlist
string | null
REQUIRED
ip_denylist
string | null
REQUIRED
status
string
REQUIRED
event_count
integer
REQUIRED
last_event_at
string | null
REQUIRED
created_at
string
REQUIRED
updated_at
string
REQUIRED
is_ephemeral
integer
REQUIRED
expires_at
string | null
REQUIRED
request_limit
integer | null
REQUIRED
type
string
REQUIRED
source_config
string | null
REQUIRED
schema_validation_enabled
integer
REQUIRED
json_schema
string | null
REQUIRED
schema_action
string | null
REQUIRED
400
Validation error
401
Unauthorized
403
Plan limit reached
curl -X POST 'https://hookstream.io/v1/sources' \
-H 'Authorization: Bearer YOUR_API_TOKEN' \
-H 'Content-Type: application/json' \
-d '{
"org_id": "string",
"env_id": "string",
"name": "string",
"slug": "my-source",
"description": "string",
"template": "string",
"type": "http",
"source_config": {},
"verification_enabled": true,
"verification_type": "string",
"verification_secret": "string",
"verification_header": "string",
"dedup_enabled": true,
"dedup_strategy": "string",
"dedup_field": "string",
"dedup_window_seconds": 0,
"ip_allowlist": [
"string"
],
"ip_denylist": [
"string"
]
}'const response = await fetch('https://hookstream.io/v1/sources', {
method: 'POST',
headers: {
"Authorization": "Bearer YOUR_API_TOKEN",
"Content-Type": "application/json"
},
body: JSON.stringify({
"org_id": "string",
"env_id": "string",
"name": "string",
"slug": "my-source",
"description": "string",
"template": "string",
"type": "http",
"source_config": {},
"verification_enabled": true,
"verification_type": "string",
"verification_secret": "string",
"verification_header": "string",
"dedup_enabled": true,
"dedup_strategy": "string",
"dedup_field": "string",
"dedup_window_seconds": 0,
"ip_allowlist": [
"string"
],
"ip_denylist": [
"string"
]
})
});
const data = await response.json();
console.log(data);import requests
headers = {
'Authorization': 'Bearer YOUR_API_TOKEN'
}
response = requests.post('https://hookstream.io/v1/sources', headers=headers, json={
"org_id": "string",
"env_id": "string",
"name": "string",
"slug": "my-source",
"description": "string",
"template": "string",
"type": "http",
"source_config": {},
"verification_enabled": true,
"verification_type": "string",
"verification_secret": "string",
"verification_header": "string",
"dedup_enabled": true,
"dedup_strategy": "string",
"dedup_field": "string",
"dedup_window_seconds": 0,
"ip_allowlist": [
"string"
],
"ip_denylist": [
"string"
]
})
print(response.json())package main
import (
"fmt"
"io"
"net/http"
"strings"
)
func main() {
body := strings.NewReader(`{
"org_id": "string",
"env_id": "string",
"name": "string",
"slug": "my-source",
"description": "string",
"template": "string",
"type": "http",
"source_config": {},
"verification_enabled": true,
"verification_type": "string",
"verification_secret": "string",
"verification_header": "string",
"dedup_enabled": true,
"dedup_strategy": "string",
"dedup_field": "string",
"dedup_window_seconds": 0,
"ip_allowlist": [
"string"
],
"ip_denylist": [
"string"
]
}`)
req, _ := http.NewRequest("POST", "https://hookstream.io/v1/sources", body)
req.Header.Set("Authorization", "Bearer YOUR_API_TOKEN")
req.Header.Set("Content-Type", "application/json")
resp, _ := http.DefaultClient.Do(req)
defer resp.Body.Close()
result, _ := io.ReadAll(resp.Body)
fmt.Println(string(result))
}
201
Response
{
"source": {
"id": "<string>",
"org_id": "<string>",
"env_id": "<string>",
"slug": "<string>",
"name": "<string>",
"description": "<string>",
"template": "<string>",
"verification_enabled": 123,
"verification_type": "<string>",
"verification_secret": "<string>",
"verification_header": "<string>",
"verification_config": "<string>",
"dedup_enabled": 123,
"dedup_strategy": "<string>",
"dedup_field": "<string>",
"dedup_window_seconds": 123,
"ip_allowlist": "<string>",
"ip_denylist": "<string>",
"status": "<string>",
"event_count": 123,
"last_event_at": "<string>",
"created_at": "<string>",
"updated_at": "<string>",
"is_ephemeral": 123,
"expires_at": "<string>",
"request_limit": 123,
"type": "<string>",
"source_config": "<string>",
"schema_validation_enabled": 123,
"json_schema": "<string>",
"schema_action": "<string>"
}
}
POST
/sources