Integrations

WebhookRelay integrates with popular webhook providers out of the box.

Supported Providers

First-Class Support

These providers have built-in signature verification and optimized handling:

Provider	Signature	Documentation
GitHub	HMAC-SHA256	Supported
Stripe	Stripe Signature	Supported
Slack	Slack Signature	Supported

Generic Webhooks

Any webhook provider can be integrated using:

Custom Webhooks - Generic HMAC or no verification
Basic Auth headers
API key headers

Quick Setup

1. Create a Source

bash

curl -X POST https://api.hookbase.app/api/organizations/{orgId}/sources \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "My Provider",
    "slug": "my-provider",
    "verificationConfig": {
      "type": "hmac",
      "secret": "your-secret",
      "algorithm": "sha256",
      "header": "X-Signature"
    }
  }'

2. Configure the Provider

Point your provider's webhook settings to:

https://api.hookbase.app/ingest/{orgSlug}/{sourceSlug}

3. Create Routes

Connect your source to destinations to start receiving webhooks.

Common Patterns

Multi-Environment Setup

Create separate sources for each environment:

/ingest/myorg/github-prod     → Production destinations
/ingest/myorg/github-staging  → Staging destinations
/ingest/myorg/github-dev      → Development/tunnels

Event-Based Routing

Use filters to route different event types:

GitHub Source → Filter: push events → CI/CD destination
GitHub Source → Filter: PR events → Code review destination
GitHub Source → Filter: issue events → Issue tracker destination

Payload Transformation

Transform webhooks for different destination formats:

Stripe Source → Transform: Slack format → Slack destination
Stripe Source → Transform: DB format → Database destination

Webhook Security

Always Enable Verification

Every integration should use signature verification to prevent:

Unauthorized webhook submissions
Replay attacks
Payload tampering

Secure Your Secrets

Store webhook secrets in environment variables
Rotate secrets periodically
Use different secrets for each environment

Monitor Failed Verifications

Check the dashboard for failed signature verifications, which may indicate:

Misconfigured secrets
Attack attempts
Provider changes

Provider-Specific Guides

Each provider guide includes:

Step-by-step setup instructions
Signature verification configuration
Common event types and payloads
Transform examples
Troubleshooting tips

Select a provider from the sidebar to get started.

Integrations ​

Supported Providers ​

First-Class Support ​

Generic Webhooks ​

Quick Setup ​

1. Create a Source ​

2. Configure the Provider ​

3. Create Routes ​

Common Patterns ​

Multi-Environment Setup ​

Event-Based Routing ​

Payload Transformation ​

Webhook Security ​

Always Enable Verification ​

Secure Your Secrets ​

Monitor Failed Verifications ​

Provider-Specific Guides ​