HTTP / Webhook

Deliver events to any HTTP endpoint with custom headers, auth, timeouts, and optional outbound HMAC signing.

The http provider posts events to any HTTP endpoint. This is the most common destination type — use it for your own APIs, Slack, Discord, PagerDuty, Zapier, Linear, Datadog, or anything that accepts an HTTP webhook.

When to use this: you control (or subscribe to) an HTTPS endpoint that can accept JSON POSTs. If you need AMQP, Kafka, Pub/Sub, or cloud queues, use one of the dedicated providers.

All destinations share the same retry, circuit breaker, and DLQ behavior. See Delivery Pipeline for details.

Configuration

http destinations use the top-level url, method, headers, and timeout columns on the destination row — there's no nested config object required.

url string required

The destination URL. HTTPS in production.

method string default: POST

HTTP method. POST, PUT, or PATCH.

headers object

Key-value map of custom headers merged into every request. Use this for auth tokens, content types, and provider-specific headers.

timeout number default: 30

Request timeout in seconds. Requests exceeding this are aborted and retried per the destination's retry policy.

Outbound HMAC signing is configured separately on the destination's signing_config object, not inside the HTTP config. See Outbound Signing.

Authentication

HTTP destinations don't have a dedicated auth field — you set credentials via the headers map.

json
{
  "headers": {
    "Authorization": "Bearer sk_live_xxx"
  }
}

Base64-encode user:pass and set the header manually:

json
{
  "headers": {
    "Authorization": "Basic dXNlcjpwYXNz"
  }
}

json
{
  "headers": {
    "X-API-Key": "your_api_key"
  }
}

Delivery Headers

hookstream adds these headers to every HTTP delivery on top of your headers map:

X-hookstream-Event-Id — the originating event ID
X-hookstream-Delivery-Attempt — the attempt number (1, 2, 3...)
X-hookstream-Timestamp — ISO 8601 delivery timestamp

If a JSONata transform is configured on the connection, the transformed body is sent instead of the raw event.

Example

bash
curl -X POST https://hookstream.io/v1/destinations \
  -H "X-API-Key: $HOOKSTREAM_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "My API",
    "type": "http",
    "url": "https://api.example.com/webhook",
    "method": "POST",
    "headers": {
      "Authorization": "Bearer sk_live_xxx",
      "X-Custom-Header": "value"
    },
    "timeout": 30
  }'

Enable outbound signing so your receiver can verify that requests actually came from hookstream — it's a one-line config change and gets you replay protection.

Destination Templates

hookstream ships with prefilled templates for common services. Pass template: "<name>" when creating a destination:

Slack — incoming webhook URL, Content-Type: application/json
Discord — webhook URL with the /slack suffix for Slack-compatible payloads
PagerDuty — Events API v2 with routing key
Datadog — HTTP intake with DD-API-KEY header
Zapier — webhook trigger URL
Linear — webhook URL with API key header

Next Steps

Destinations

How destinations, retries, and circuit breakers fit together.

Learn More

Outbound Signing

Sign outbound requests so your receiver can verify them.

Learn More

Destinations API

Full API reference for creating and managing destinations.

Learn More

AWS SQS

Push to queues instead of HTTP endpoints.

Learn More

Was this page helpful?

Previous Billing & Plans

Next AWS SQS