The Hookdeck CLI
The Hookdeck CLI supports the following functionality:
- Forward webhook events to a local web server
- Quickly replay and inspect data of events forwarded to your local web server
- Use in combination with the Hookdeck Console as a free alternative to ngrok
- Use with the Hookdeck Event Gateway to support your local development workflows and to manage Hookdeck projects in CI/CD for testing
- Manage connections (sources, destinations, and rules) directly from the CLI
Why use the CLI
With the CLI, you can develop, test, and troubleshoot your integration with Hookdeck – all without interfering with your production setup. It functions as a free replacement for ngrok and other tunnel solutions when working with event-driven application events such as webhooks.
Getting started with the CLI
npm install hookdeck-cli -gyarn global add hookdeck-clibrew install hookdeck/hookdeck/hookdeck-
scoop bucket add hookdeck https://github.com/hookdeck/scoop-hookdeck-cli.git -
scoop install hookdeck
-
Download the latest release's tar.gz file.
-
tar -xvf hookdeck_X.X.X_linux_x86_64.tar.gz -
./hookdeck
-
Run the
hookdeckcommand in your shell to ensure the CLI is installed.Optionally, log in using
hookdeck login. Otherwise, a temporary guest account is created for you when running commands.Start a session to forward your webhooks to a local HTTP server using:
hookdeck listen <port> <source-name?> <connection-query?> [--path? /path] [--output? mode]Where:
<port>defines the localhost port to listen on. Webhooks will be forwarded tohttp://localhost:$PORT/$DESTINATION_PATH.<source-name>defines a specific source to listen on, if any. By default, the CLI will start listening on all eligible connections for that source.<connection-query>defines which connection to listen for on the specified source. Valid inputs are the name of the connection, or the path of the associated destination.[--path]optionally specifies the path ($DESTINATION_PATH) events will be forwarded to.[--output]optionally controls output verbosity:interactive(default with keyboard shortcuts),compact(simple logs), orquiet(fatal errors only).
Interactive mode (default) uses a full-screen TUI with an alternative screen buffer, preserving your terminal history when you exit. The interface includes a collapsible connection header, scrollable event list (up to 1000 events), status bar with shortcuts, and detailed event inspection. You can navigate events with arrow keys, retry requests, open events in the dashboard, and view full request/response data. Use --output compact for simple logging or --output quiet for minimal output.
Events sent to your CLI are available on your CLI Events page, where they can be viewed, filtered, or bookmarked for future use. You can also retry CLI events to replay them locally.
Installation
Hookdeck CLI is available for macOS, Windows, Linux, and Docker.
NPM & Yarn
Install Hookdeck CLI on any platform using NPM or Yarn
macOS
Install Hookdeck CLI on macOS using Homebrew
Windows
Install Hookdeck CLI on Windows using the Scoop package manager
Linux
Install Hookdeck CLI on Linux without a package manager by downloading the latest release's tar.gz file:
Docker
Install Hookdeck CLI on Docker by pulling the hookdeck/hookdeck-cli image:
Global Flags
Hookdeck CLI supports a number of global flags that can be appended to any command.
Color
Enable or disable color output.
| Setting | Description |
|---|---|
| on | Enable color output |
| off | Disable color output |
| auto | Use the default output color based on global settings |
Config
Set the file path for the CLI's configuration file.
Default path: $HOME/.config/hookdeck/config.toml
Device Name
Run the command on behalf of another device.
Help
Get documentation for a given command, including any supported flags and arguments.
Log Level
Set the level of detail for log messages.
Default level: info
| Level | Description |
|---|---|
| debug | Useful for development purposes |
| info | Shows standard logs |
| warn | Shows any warnings detected |
| error | Shows everything, including errors |
Project Name
Define a project name for the CLI's current configuration. Enables multiple configurations across Hookdeck accounts, stored within one configuration file.
Any command can be run in the context of a project.
Default project: default
Version
Print the version of Hookdeck CLI. This flag should be run without any other flags or arguments set.
Listen
Forward events for a source to your local server.
This command will create a new Hookdeck Source if it doesn't exist.
By default the Hookdeck Destination will be named "{source}-cli", and the Destination CLI path will be "/". To set the CLI path, use the "--path" flag.
Usage:
hookdeck listen [port or forwarding URL] [source] [connection] [flags]
Arguments:
| Argument | Type | Description |
|---|---|---|
port or forwarding URL | string | Required. Port (e.g. 3000) or full URL (e.g. http://localhost:3000) to forward events to. The forward URL will be http://localhost:$PORT/$DESTINATION_PATH or http://domain/$DESTINATION_PATH. Only one of port or domain is required. |
source | string | Optional. The name of a source to listen to, a comma-separated list of source names, or '*' (with quotes) to listen to all. If empty, the CLI prompts you to choose. |
connection | string | Optional. Filter connections by connection name or path. |
Flags:
| Flag | Type | Description |
|---|---|---|
--filter-body | string | Filter events by request body using Hookdeck filter syntax (JSON) |
--filter-headers | string | Filter events by request headers using Hookdeck filter syntax (JSON) |
--filter-path | string | Filter events by request path using Hookdeck filter syntax (JSON) |
--filter-query | string | Filter events by query parameters using Hookdeck filter syntax (JSON) |
--max-connections | int | Maximum concurrent connections to local endpoint (default: 50, increase for high-volume testing) (default "50") |
--no-healthcheck | bool | Disable periodic health checks of the local server |
--output | string | Output mode: interactive (full UI), compact (simple logs), quiet (errors and warnings only) (default "interactive") |
--path | string | Sets the path to which events are forwarded e.g., /webhooks or /api/stripe |
Interactive Mode
The default interactive mode uses a full-screen TUI (Terminal User Interface) with an alternative screen buffer, preserving your terminal history when you exit. The interface includes:
- Connection Header: Shows sources, webhook URLs, and connection routing
- Auto-collapses when the first event arrives to save space
- Toggle with
ito expand/collapse connection details
- Event List: Scrollable history of all received events (up to 1000 events)
- Auto-scrolls to show latest events as they arrive
- Manual navigation pauses auto-scrolling
- Status Bar: Shows event details and available keyboard shortcuts
- Event Details View: Full request/response inspection with headers and body
Interactive Keyboard Shortcuts
While in interactive mode, you can use the following keyboard shortcuts:
↑/↓ork/j- Navigate between events (select different events)i- Toggle connection header (expand/collapse connection details)r- Retry the selected evento- Open the selected event in the Hookdeck dashboardd- Show detailed request/response information for the selected event (pressdorESCto close)- When details view is open:
↑/↓scroll through content,PgUp/PgDownfor page navigation
- When details view is open:
qorCtrl+C- Quit the application (terminal state is restored)
The selected event is indicated by a > character at the beginning of the line. All actions work on the currently selected event, not just the latest one. Shortcuts are displayed in the status bar at the bottom of the screen.
Listen Flags
--path
An optional flag that allows you to specify localhost path ($DESTINATION_PATH) events will be forwarded to.
--output
Controls how events are displayed. Useful for reducing resource usage in high-throughput scenarios or when running in the background.
interactive(default) - Full-screen TUI with alternative screen buffer, event history, navigation, and keyboard shortcuts. Terminal history is preserved and restored when you exit.compact- Simple one-line logs for all events without interactive features. Events are appended to your terminal history.quiet- Only displays fatal connection errors (network failures, timeouts), not HTTP errors
All modes display connection information at startup and a connection status message.
Filter Flags
Filter flags allow you to filter events by request body, headers, query parameters, and path. Only events matching the filter will be forwarded to your local server. Filters follow Hookdeck's filter syntax. Filters only apply to the events for that specific session and are not reflected on the connection.
--filter-body
Filter events by request body.
--filter-headers
Filter events by request headers.
--filter-query
Filter events by query parameters. Query parameters are parsed as JSON and the filter will be applied to the parsed query parameters.
--filter-path
Filter events by request path.
Project
If you are part of multiple projects, switch between them using project management commands. Projects were previously known as "Workspaces" in the Hookdeck dashboard; the CLI has been updated to use the project terminology.
Usage:
hookdeck project [command]
Global options:
| Flag | Type | Description |
|---|---|---|
--color | string | turn on/off color output (on, off, auto) |
--config | string | config file (default is $HOME/.config/hookdeck/config.toml) |
--device-name | string | device name |
--insecure | bool | Allow invalid TLS certificates |
--log-level | string | log level (debug, info, warn, error) (default "info") |
-p, --profile | string | profile name (default "default") |
hookdeck project list
List and filter projects by organization and project name substrings
Usage:
hookdeck project list [<organization_substring>] [<project_substring>]
hookdeck project use
Set the active project for future commands
Usage:
hookdeck project use [<organization_name> [<project_name>]] [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--local | bool | Save project to current directory (.hookdeck/config.toml) |
Connection
Manage connections between sources and destinations.
A connection links a source to a destination and defines how webhooks are routed. You can create connections with inline source and destination creation, or reference existing resources.
[BETA] This feature is in beta. Please share bugs and feedback via: https://github.com/hookdeck/hookdeck-cli/issues
Usage:
hookdeck gateway connection [command]
Global options:
| Flag | Type | Description |
|---|---|---|
--color | string | turn on/off color output (on, off, auto) |
--config | string | config file (default is $HOME/.config/hookdeck/config.toml) |
--device-name | string | device name |
--insecure | bool | Allow invalid TLS certificates |
--log-level | string | log level (debug, info, warn, error) (default "info") |
-p, --profile | string | profile name (default "default") |
hookdeck gateway connection list
List all connections or filter by source/destination.
Usage:
hookdeck gateway connection list [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--destination-id | string | Filter by destination ID |
--disabled | bool | Include disabled connections |
--limit | int | Limit number of results (default "100") |
--name | string | Filter by connection name |
--output | string | Output format (json) |
--source-id | string | Filter by source ID |
hookdeck gateway connection get
Get detailed information about a specific connection.
You can specify either a connection ID or name.
Usage:
hookdeck gateway connection get <connection-id-or-name> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--include-destination-auth | bool | Include destination authentication credentials in the response |
--include-source-auth | bool | Include source authentication credentials in the response |
--output | string | Output format (json) |
hookdeck gateway connection create
Create a connection between a source and destination.
You can either reference existing resources by ID or create them inline.
Usage:
hookdeck gateway connection create [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--description | string | Connection description |
--destination-api-key | string | API key for destination authentication |
--destination-api-key-header | string | Key/header name for API key authentication |
--destination-api-key-to | string | Where to send API key: 'header' or 'query' (default "header") |
--destination-auth-method | string | Authentication method for HTTP destinations (hookdeck, bearer, basic, api_key, custom_signature, oauth2_client_credentials, oauth2_authorization_code, aws, gcp) |
--destination-aws-access-key-id | string | AWS access key ID |
--destination-aws-region | string | AWS region |
--destination-aws-secret-access-key | string | AWS secret access key |
--destination-aws-service | string | AWS service name |
--destination-basic-auth-pass | string | Password for destination Basic authentication |
--destination-basic-auth-user | string | Username for destination Basic authentication |
--destination-bearer-token | string | Bearer token for destination authentication |
--destination-cli-path | string | CLI path for CLI destinations (default: /) (default "/") |
--destination-custom-signature-key | string | Key/header name for custom signature |
--destination-custom-signature-secret | string | Signing secret for custom signature |
--destination-description | string | Destination description |
--destination-gcp-scope | string | GCP scope for service account authentication |
--destination-gcp-service-account-key | string | GCP service account key JSON for destination authentication |
--destination-http-method | string | HTTP method for HTTP destinations (GET, POST, PUT, PATCH, DELETE) |
--destination-id | string | Use existing destination by ID |
--destination-name | string | Destination name for inline creation |
--destination-oauth2-auth-server | string | OAuth2 authorization server URL |
--destination-oauth2-auth-type | string | OAuth2 Client Credentials authentication type: 'basic', 'bearer', or 'x-www-form-urlencoded' (default "basic") |
--destination-oauth2-client-id | string | OAuth2 client ID |
--destination-oauth2-client-secret | string | OAuth2 client secret |
--destination-oauth2-refresh-token | string | OAuth2 refresh token (required for Authorization Code flow) |
--destination-oauth2-scopes | string | OAuth2 scopes (comma-separated) |
--destination-path-forwarding-disabled | string | Disable path forwarding for HTTP destinations (true/false) |
--destination-rate-limit | int | Rate limit for destination (requests per period) (default "0") |
--destination-rate-limit-period | string | Rate limit period (second, minute, hour, concurrent) |
--destination-type | string | Destination type (CLI, HTTP, MOCK) |
--destination-url | string | URL for HTTP destinations |
--name | string | Connection name (required) |
--output | string | Output format (json) |
--rule-deduplicate-exclude-fields | string | Comma-separated list of fields to exclude for deduplication |
--rule-deduplicate-include-fields | string | Comma-separated list of fields to include for deduplication |
--rule-deduplicate-window | int | Time window in seconds for deduplication (default "0") |
--rule-delay | int | Delay in milliseconds (default "0") |
--rule-filter-body | string | JQ expression to filter on request body |
--rule-filter-headers | string | JQ expression to filter on request headers |
--rule-filter-path | string | JQ expression to filter on request path |
--rule-filter-query | string | JQ expression to filter on request query parameters |
--rule-retry-count | int | Number of retry attempts (default "0") |
--rule-retry-interval | int | Interval between retries in milliseconds (default "0") |
--rule-retry-response-status-codes | string | Comma-separated HTTP status codes to retry on |
--rule-retry-strategy | string | Retry strategy (linear, exponential) |
--rule-transform-code | string | Transformation code (if creating inline) |
--rule-transform-env | string | JSON string representing environment variables for transformation |
--rule-transform-name | string | Name or ID of the transformation to apply |
--rules | string | JSON string representing the entire rules array |
--rules-file | string | Path to a JSON file containing the rules array |
--source-allowed-http-methods | string | Comma-separated list of allowed HTTP methods (GET, POST, PUT, PATCH, DELETE) |
--source-api-key | string | API key for source authentication |
--source-basic-auth-pass | string | Password for Basic authentication |
--source-basic-auth-user | string | Username for Basic authentication |
--source-config | string | JSON string for source authentication config |
--source-config-file | string | Path to a JSON file for source authentication config |
--source-custom-response-body | string | Custom response body (max 1000 chars) |
--source-custom-response-content-type | string | Custom response content type (json, text, xml) |
--source-description | string | Source description |
--source-hmac-algo | string | HMAC algorithm (SHA256, etc.) |
--source-hmac-secret | string | HMAC secret for signature verification |
--source-id | string | Use existing source by ID |
--source-name | string | Source name for inline creation |
--source-type | string | Source type (WEBHOOK, STRIPE, etc.) |
--source-webhook-secret | string | Webhook secret for source verification (e.g., Stripe) |
hookdeck gateway connection upsert
Create a new connection or update an existing one by name (idempotent).
This command is idempotent - it can be safely run multiple times with the same arguments.
When the connection doesn't exist:
- Creates a new connection with the provided properties
- Requires source and destination to be specified
When the connection exists:
- Updates the connection with the provided properties
- Only updates properties that are explicitly provided
- Preserves existing properties that aren't specified
Use --dry-run to preview changes without applying them.
Usage:
hookdeck gateway connection upsert <name> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--description | string | Connection description |
--destination-api-key | string | API key for destination authentication |
--destination-api-key-header | string | Key/header name for API key authentication |
--destination-api-key-to | string | Where to send API key: 'header' or 'query' (default "header") |
--destination-auth-method | string | Authentication method for HTTP destinations (hookdeck, bearer, basic, api_key, custom_signature, oauth2_client_credentials, oauth2_authorization_code, aws, gcp) |
--destination-aws-access-key-id | string | AWS access key ID |
--destination-aws-region | string | AWS region |
--destination-aws-secret-access-key | string | AWS secret access key |
--destination-aws-service | string | AWS service name |
--destination-basic-auth-pass | string | Password for destination Basic authentication |
--destination-basic-auth-user | string | Username for destination Basic authentication |
--destination-bearer-token | string | Bearer token for destination authentication |
--destination-cli-path | string | CLI path for CLI destinations (default: /) (default "/") |
--destination-custom-signature-key | string | Key/header name for custom signature |
--destination-custom-signature-secret | string | Signing secret for custom signature |
--destination-description | string | Destination description |
--destination-gcp-scope | string | GCP scope for service account authentication |
--destination-gcp-service-account-key | string | GCP service account key JSON for destination authentication |
--destination-http-method | string | HTTP method for HTTP destinations (GET, POST, PUT, PATCH, DELETE) |
--destination-id | string | Use existing destination by ID |
--destination-name | string | Destination name for inline creation |
--destination-oauth2-auth-server | string | OAuth2 authorization server URL |
--destination-oauth2-auth-type | string | OAuth2 Client Credentials authentication type: 'basic', 'bearer', or 'x-www-form-urlencoded' (default "basic") |
--destination-oauth2-client-id | string | OAuth2 client ID |
--destination-oauth2-client-secret | string | OAuth2 client secret |
--destination-oauth2-refresh-token | string | OAuth2 refresh token (required for Authorization Code flow) |
--destination-oauth2-scopes | string | OAuth2 scopes (comma-separated) |
--destination-path-forwarding-disabled | string | Disable path forwarding for HTTP destinations (true/false) |
--destination-rate-limit | int | Rate limit for destination (requests per period) (default "0") |
--destination-rate-limit-period | string | Rate limit period (second, minute, hour, concurrent) |
--destination-type | string | Destination type (CLI, HTTP, MOCK) |
--destination-url | string | URL for HTTP destinations |
--dry-run | bool | Preview changes without applying them |
--output | string | Output format (json) |
--rule-deduplicate-exclude-fields | string | Comma-separated list of fields to exclude for deduplication |
--rule-deduplicate-include-fields | string | Comma-separated list of fields to include for deduplication |
--rule-deduplicate-window | int | Time window in seconds for deduplication (default "0") |
--rule-delay | int | Delay in milliseconds (default "0") |
--rule-filter-body | string | JQ expression to filter on request body |
--rule-filter-headers | string | JQ expression to filter on request headers |
--rule-filter-path | string | JQ expression to filter on request path |
--rule-filter-query | string | JQ expression to filter on request query parameters |
--rule-retry-count | int | Number of retry attempts (default "0") |
--rule-retry-interval | int | Interval between retries in milliseconds (default "0") |
--rule-retry-response-status-codes | string | Comma-separated HTTP status codes to retry on |
--rule-retry-strategy | string | Retry strategy (linear, exponential) |
--rule-transform-code | string | Transformation code (if creating inline) |
--rule-transform-env | string | JSON string representing environment variables for transformation |
--rule-transform-name | string | Name or ID of the transformation to apply |
--rules | string | JSON string representing the entire rules array |
--rules-file | string | Path to a JSON file containing the rules array |
--source-allowed-http-methods | string | Comma-separated list of allowed HTTP methods (GET, POST, PUT, PATCH, DELETE) |
--source-api-key | string | API key for source authentication |
--source-basic-auth-pass | string | Password for Basic authentication |
--source-basic-auth-user | string | Username for Basic authentication |
--source-config | string | JSON string for source authentication config |
--source-config-file | string | Path to a JSON file for source authentication config |
--source-custom-response-body | string | Custom response body (max 1000 chars) |
--source-custom-response-content-type | string | Custom response content type (json, text, xml) |
--source-description | string | Source description |
--source-hmac-algo | string | HMAC algorithm (SHA256, etc.) |
--source-hmac-secret | string | HMAC secret for signature verification |
--source-id | string | Use existing source by ID |
--source-name | string | Source name for inline creation |
--source-type | string | Source type (WEBHOOK, STRIPE, etc.) |
--source-webhook-secret | string | Webhook secret for source verification (e.g., Stripe) |
Note: connection upsert --dry-run output
When you use --dry-run, the command prints a preview of the changes without applying them:
$ hookdeck connection upsert my-connection \
--destination-rate-limit 200 \
--destination-rate-limit-period hour \
--dry-run
Output:
=== DRY RUN MODE ===
Operation: UPDATE
Connection: my-connection (ID: web_xxx)
Changes to be applied:
• Source: src_xxx → src_xxx (by ID)
• Destination: my-api → my-api (inline creation)
Properties preserved (not specified in command):
=== DRY RUN COMPLETE ===
No changes were made. Remove --dry-run to apply these changes.
hookdeck gateway connection delete
Delete a connection.
Usage:
hookdeck gateway connection delete <connection-id> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--force | bool | Force delete without confirmation |
hookdeck gateway connection enable
Enable a disabled connection.
Usage:
hookdeck gateway connection enable <connection-id>
hookdeck gateway connection disable
Disable an active connection. It will stop receiving new events until re-enabled.
Usage:
hookdeck gateway connection disable <connection-id>
hookdeck gateway connection pause
Pause a connection temporarily.
The connection will queue incoming events until unpaused.
Usage:
hookdeck gateway connection pause <connection-id>
hookdeck gateway connection unpause
Resume a paused connection.
The connection will start processing queued events.
Usage:
hookdeck gateway connection unpause <connection-id>
Source
Manage webhook and event sources.
Sources receive incoming webhooks and events. Create sources with a type (e.g. WEBHOOK, STRIPE) and optional authentication config, then connect them to destinations via connections.
[BETA] This feature is in beta. Please share bugs and feedback via: https://github.com/hookdeck/hookdeck-cli/issues
Usage:
hookdeck gateway source [command]
Global options:
| Flag | Type | Description |
|---|---|---|
--color | string | turn on/off color output (on, off, auto) |
--config | string | config file (default is $HOME/.config/hookdeck/config.toml) |
--device-name | string | device name |
--insecure | bool | Allow invalid TLS certificates |
--log-level | string | log level (debug, info, warn, error) (default "info") |
-p, --profile | string | profile name (default "default") |
--source-name / --source-type flags.hookdeck gateway source list
List all sources or filter by name or type.
Usage:
hookdeck gateway source list [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--disabled | bool | Include disabled sources |
--limit | int | Limit number of results (default "100") |
--name | string | Filter by source name |
--output | string | Output format (json) |
--type | string | Filter by source type (e.g. WEBHOOK, STRIPE) |
hookdeck gateway source create
Create a new source.
Requires --name and --type. Use --config or --config-file for authentication (e.g. webhook_secret, api_key).
Usage:
hookdeck gateway source create [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--allowed-http-methods | string | Comma-separated allowed HTTP methods (GET, POST, PUT, PATCH, DELETE) |
--api-key | string | API key for source authentication |
--basic-auth-pass | string | Password for Basic authentication |
--basic-auth-user | string | Username for Basic authentication |
--config-file | string | Path to JSON file for source config (overrides individual flags if set) |
--custom-response-body | string | Custom response body (max 1000 chars) |
--custom-response-content-type | string | Custom response content type (json, text, xml) |
--description | string | Source description |
--hmac-algo | string | HMAC algorithm (SHA256, etc.) |
--hmac-secret | string | HMAC secret for signature verification |
--name | string | Source name (required) |
--output | string | Output format (json) |
--type | string | Source type (e.g. WEBHOOK, STRIPE) (required) |
--webhook-secret | string | Webhook secret for source verification (e.g., Stripe) |
hookdeck gateway source get
Get detailed information about a specific source.
You can specify either a source ID or name.
Usage:
hookdeck gateway source get <source-id-or-name> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--include-auth | bool | Include source authentication credentials in the response |
--output | string | Output format (json) |
hookdeck gateway source update
Update an existing source by its ID.
Usage:
hookdeck gateway source update <source-id> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--allowed-http-methods | string | Comma-separated allowed HTTP methods (GET, POST, PUT, PATCH, DELETE) |
--api-key | string | API key for source authentication |
--basic-auth-pass | string | Password for Basic authentication |
--basic-auth-user | string | Username for Basic authentication |
--config-file | string | Path to JSON file for source config (overrides individual flags if set) |
--custom-response-body | string | Custom response body (max 1000 chars) |
--custom-response-content-type | string | Custom response content type (json, text, xml) |
--description | string | New source description |
--hmac-algo | string | HMAC algorithm (SHA256, etc.) |
--hmac-secret | string | HMAC secret for signature verification |
--name | string | New source name |
--output | string | Output format (json) |
--type | string | Source type (e.g. WEBHOOK, STRIPE) |
--webhook-secret | string | Webhook secret for source verification (e.g., Stripe) |
hookdeck gateway source delete
Delete a source.
Usage:
hookdeck gateway source delete <source-id> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--force | bool | Force delete without confirmation |
hookdeck gateway source upsert
Create a new source or update an existing one by name (idempotent).
Usage:
hookdeck gateway source upsert <name> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--allowed-http-methods | string | Comma-separated allowed HTTP methods (GET, POST, PUT, PATCH, DELETE) |
--api-key | string | API key for source authentication |
--basic-auth-pass | string | Password for Basic authentication |
--basic-auth-user | string | Username for Basic authentication |
--config-file | string | Path to JSON file for source config (overrides individual flags if set) |
--custom-response-body | string | Custom response body (max 1000 chars) |
--custom-response-content-type | string | Custom response content type (json, text, xml) |
--description | string | Source description |
--dry-run | bool | Preview changes without applying |
--hmac-algo | string | HMAC algorithm (SHA256, etc.) |
--hmac-secret | string | HMAC secret for signature verification |
--output | string | Output format (json) |
--type | string | Source type (e.g. WEBHOOK, STRIPE) |
--webhook-secret | string | Webhook secret for source verification (e.g., Stripe) |
Note: source upsert --dry-run output
When you use --dry-run, the command prints a preview of the changes without applying them:
$ hookdeck gateway source upsert my-webhook --type WEBHOOK --description "Updated" --dry-run
Output:
=== DRY RUN MODE ===
Operation: UPDATE
Source: my-webhook (ID: src_xxx)
Changes to be applied:
• Type: WEBHOOK
• Description: "Updated"
=== DRY RUN COMPLETE ===
No changes were made. Remove --dry-run to apply these changes.
hookdeck gateway source enable
Enable a disabled source.
Usage:
hookdeck gateway source enable <source-id>
hookdeck gateway source disable
Disable an active source. It will stop receiving new events until re-enabled.
Usage:
hookdeck gateway source disable <source-id>
hookdeck gateway source count
Count sources matching optional filters.
Usage:
hookdeck gateway source count [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--disabled | bool | Count disabled sources only (when set with other filters) |
--name | string | Filter by source name |
--type | string | Filter by source type |
Destination
Manage webhook and event destinations.
Destinations define where Hookdeck forwards events. Create destinations with a type (HTTP, CLI, MOCK_API), optional URL and authentication, then connect them to sources via connections.
[BETA] This feature is in beta. Please share bugs and feedback via: https://github.com/hookdeck/hookdeck-cli/issues
Usage:
hookdeck gateway destination [command]
Global options:
| Flag | Type | Description |
|---|---|---|
--color | string | turn on/off color output (on, off, auto) |
--config | string | config file (default is $HOME/.config/hookdeck/config.toml) |
--device-name | string | device name |
--insecure | bool | Allow invalid TLS certificates |
--log-level | string | log level (debug, info, warn, error) (default "info") |
-p, --profile | string | profile name (default "default") |
--destination-name / --destination-type flags. For local development, use the CLI destination type with listen.hookdeck gateway destination list
List all destinations or filter by name or type.
Usage:
hookdeck gateway destination list [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--disabled | bool | Include disabled destinations |
--limit | int | Limit number of results (default "100") |
--name | string | Filter by destination name |
--output | string | Output format (json) |
--type | string | Filter by destination type (HTTP, CLI, MOCK_API) |
hookdeck gateway destination create
Create a new destination.
Requires --name and --type. For HTTP destinations, --url is required. Use --config or --config-file for auth and rate limiting.
Usage:
hookdeck gateway destination create [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--api-key | string | API key for destination auth |
--api-key-header | string | Header/key name for API key |
--api-key-to | string | Where to send API key (header or query) (default "header") |
--auth-method | string | Auth method (hookdeck, bearer, basic, api_key, custom_signature) |
--basic-auth-pass | string | Password for Basic auth |
--basic-auth-user | string | Username for Basic auth |
--bearer-token | string | Bearer token for destination auth |
--cli-path | string | Path for CLI destinations (default "/") |
--config-file | string | Path to JSON file for destination config (overrides individual flags if set) |
--custom-signature-key | string | Key/header name for custom signature |
--custom-signature-secret | string | Signing secret for custom signature |
--description | string | Destination description |
--http-method | string | HTTP method for HTTP destinations (GET, POST, PUT, PATCH, DELETE) |
--name | string | Destination name (required) |
--output | string | Output format (json) |
--rate-limit | int | Rate limit (requests per period) (default "0") |
--rate-limit-period | string | Rate limit period (second, minute, hour, concurrent) |
--type | string | Destination type (HTTP, CLI, MOCK_API) (required) |
--url | string | URL for HTTP destinations (required for type HTTP) |
hookdeck gateway destination get
Get detailed information about a specific destination.
You can specify either a destination ID or name.
Usage:
hookdeck gateway destination get <destination-id-or-name> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--include-auth | bool | Include authentication credentials in the response |
--output | string | Output format (json) |
hookdeck gateway destination update
Update an existing destination by its ID.
Usage:
hookdeck gateway destination update <destination-id> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--api-key | string | API key for destination auth |
--api-key-header | string | Header/key name for API key |
--api-key-to | string | Where to send API key (header or query) (default "header") |
--auth-method | string | Auth method (hookdeck, bearer, basic, api_key, custom_signature) |
--basic-auth-pass | string | Password for Basic auth |
--basic-auth-user | string | Username for Basic auth |
--bearer-token | string | Bearer token for destination auth |
--cli-path | string | Path for CLI destinations |
--config-file | string | Path to JSON file for destination config (overrides individual flags if set) |
--custom-signature-key | string | Key/header name for custom signature |
--custom-signature-secret | string | Signing secret for custom signature |
--description | string | New destination description |
--http-method | string | HTTP method for HTTP destinations |
--name | string | New destination name |
--output | string | Output format (json) |
--rate-limit | int | Rate limit (requests per period) (default "0") |
--rate-limit-period | string | Rate limit period (second, minute, hour, concurrent) |
--type | string | Destination type (HTTP, CLI, MOCK_API) |
--url | string | URL for HTTP destinations |
hookdeck gateway destination delete
Delete a destination.
Usage:
hookdeck gateway destination delete <destination-id> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--force | bool | Force delete without confirmation |
hookdeck gateway destination upsert
Create a new destination or update an existing one by name (idempotent).
Usage:
hookdeck gateway destination upsert <name> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--api-key | string | API key for destination auth |
--api-key-header | string | Header/key name for API key |
--api-key-to | string | Where to send API key (header or query) (default "header") |
--auth-method | string | Auth method (hookdeck, bearer, basic, api_key, custom_signature) |
--basic-auth-pass | string | Password for Basic auth |
--basic-auth-user | string | Username for Basic auth |
--bearer-token | string | Bearer token for destination auth |
--cli-path | string | Path for CLI destinations |
--config-file | string | Path to JSON file for destination config (overrides individual flags if set) |
--custom-signature-key | string | Key/header name for custom signature |
--custom-signature-secret | string | Signing secret for custom signature |
--description | string | Destination description |
--dry-run | bool | Preview changes without applying |
--http-method | string | HTTP method for HTTP destinations |
--output | string | Output format (json) |
--rate-limit | int | Rate limit (requests per period) (default "0") |
--rate-limit-period | string | Rate limit period (second, minute, hour, concurrent) |
--type | string | Destination type (HTTP, CLI, MOCK_API) |
--url | string | URL for HTTP destinations |
Note: destination upsert --dry-run output
When you use --dry-run, the command prints a preview of the changes without applying them:
$ hookdeck gateway destination upsert my-api --type HTTP --url https://api.example.com --description "Updated" --dry-run
Output:
=== DRY RUN MODE ===
Operation: UPDATE
Destination: my-api (ID: dst_xxx)
Changes to be applied:
• Type: HTTP
• URL: https://api.example.com
• Description: "Updated"
=== DRY RUN COMPLETE ===
No changes were made. Remove --dry-run to apply these changes.
hookdeck gateway destination count
Count destinations matching optional filters.
Usage:
hookdeck gateway destination count [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--disabled | bool | Count disabled destinations only (when set with other filters) |
--name | string | Filter by destination name |
--type | string | Filter by destination type (HTTP, CLI, MOCK_API) |
hookdeck gateway destination enable
Enable a disabled destination.
Usage:
hookdeck gateway destination enable <destination-id>
hookdeck gateway destination disable
Disable an active destination. It will stop receiving new events until re-enabled.
Usage:
hookdeck gateway destination disable <destination-id>
Transformation
Manage JavaScript transformations for request/response processing.
Transformations run custom code to modify event payloads. Create with --name and --code (or --code-file), then attach to connections via rules. Use 'transformation run' to test code locally.
[BETA] This feature is in beta. Please share bugs and feedback via: https://github.com/hookdeck/hookdeck-cli/issues
Usage:
hookdeck gateway transformation [command]
Global options:
| Flag | Type | Description |
|---|---|---|
--color | string | turn on/off color output (on, off, auto) |
--config | string | config file (default is $HOME/.config/hookdeck/config.toml) |
--device-name | string | device name |
--insecure | bool | Allow invalid TLS certificates |
--log-level | string | log level (debug, info, warn, error) (default "info") |
-p, --profile | string | profile name (default "default") |
hookdeck gateway transformation list
List all transformations or filter by name or id.
Usage:
hookdeck gateway transformation list [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--dir | string | Sort direction (asc, desc) |
--id | string | Filter by transformation ID(s) |
--limit | int | Limit number of results (default "100") |
--name | string | Filter by transformation name |
--next | string | Pagination cursor for next page |
--order-by | string | Sort key (name, created_at, updated_at) |
--output | string | Output format (json) |
--prev | string | Pagination cursor for previous page |
hookdeck gateway transformation create
Create a new transformation.
Requires --name and --code (or --code-file). Use --env for key-value environment variables.
Usage:
hookdeck gateway transformation create [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--code | string | JavaScript code string (required if --code-file not set) |
--code-file | string | Path to JavaScript file (required if --code not set) |
--env | string | Environment variables as KEY=value,KEY2=value2 |
--name | string | Transformation name (required) |
--output | string | Output format (json) |
hookdeck gateway transformation get
Get detailed information about a specific transformation.
You can specify either a transformation ID or name.
Usage:
hookdeck gateway transformation get <transformation-id-or-name> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--output | string | Output format (json) |
hookdeck gateway transformation update
Update an existing transformation by its ID.
Usage:
hookdeck gateway transformation update <transformation-id-or-name> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--code | string | New JavaScript code string |
--code-file | string | Path to JavaScript file |
--env | string | Environment variables as KEY=value,KEY2=value2 |
--name | string | New transformation name |
--output | string | Output format (json) |
hookdeck gateway transformation delete
Delete a transformation.
Usage:
hookdeck gateway transformation delete <transformation-id-or-name> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--force | bool | Force delete without confirmation |
hookdeck gateway transformation upsert
Create a new transformation or update an existing one by name (idempotent).
Usage:
hookdeck gateway transformation upsert <name> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--code | string | JavaScript code string |
--code-file | string | Path to JavaScript file |
--dry-run | bool | Preview changes without applying |
--env | string | Environment variables as KEY=value,KEY2=value2 |
--output | string | Output format (json) |
Note: transformation upsert --dry-run output
When you use --dry-run, the command prints a preview of the changes without applying them:
$ hookdeck gateway transformation upsert my-transform --code "addHandler(\"transform\", (r, c) => { return r; });" --dry-run
Output:
=== DRY RUN MODE ===
Operation: UPDATE
Transformation: my-transform (ID: trs_xxx)
Changes to be applied:
• Code: (modified)
=== DRY RUN COMPLETE ===
No changes were made. Remove --dry-run to apply these changes.
hookdeck gateway transformation run
Test run transformation code against a sample request.
Provide either inline --code/--code-file or --id to use an existing transformation. The --request or --request-file must be JSON with at least "headers" (can be {}). Optional: body, path, query.
Usage:
hookdeck gateway transformation run [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--code | string | JavaScript code string to run |
--code-file | string | Path to JavaScript file |
--connection-id | string | Connection ID for execution context |
--env | string | Environment variables as KEY=value,KEY2=value2 |
--id | string | Use existing transformation by ID |
--output | string | Output format (json) |
--request | string | Request JSON (must include headers, e.g. {"headers":{}}) |
--request-file | string | Path to request JSON file |
Testing transformations locally with run
You can write your transformation JavaScript in a file and test it locally before creating the transformation or attaching it to a connection. This speeds up development: iterate on your code, run it against sample requests, and only deploy when it works.
Workflow:
- Create a JavaScript file (e.g.
transform.js) with your transformation code:
// transform.js
addHandler("transform", (request, context) => {
request.body.enriched = true;
request.body.timestamp = new Date().toISOString();
return request;
});
request.body and request.headers are already objects (parsed by Hookdeck). You work with them directly—no JSON.parse or JSON.stringify needed.
- Create a sample request file (e.g.
sample.json) with the payload you want to test:
{"headers":{"content-type":"application/json"},"body":{"event":"payment.success"}}
- Run the transformation locally with
--code-fileand--request-file:
$ hookdeck gateway transformation run --code-file ./transform.js --request-file ./sample.json
Output:
{
"headers": {"content-type":"application/json"},
"body": {"event":"payment.success","enriched":true,"timestamp":"2024-01-15T12:00:00.000Z"}
}
You can also pass the request inline with --request '{"headers":{}}'. Use --id to test an existing transformation instead of --code-file.
hookdeck gateway transformation count
Count transformations matching optional filters.
Usage:
hookdeck gateway transformation count [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--name | string | Filter by transformation name |
--output | string | Output format (json) |
hookdeck gateway transformation executions list
List executions for a transformation.
Usage:
hookdeck gateway transformation executions list <transformation-id-or-name> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--connection-id | string | Filter by connection ID |
--created-at | string | Filter by created_at (ISO date or operator) |
--dir | string | Sort direction (asc, desc) |
--issue-id | string | Filter by issue ID |
--limit | int | Limit number of results (default "100") |
--next | string | Pagination cursor for next page |
--order-by | string | Sort key (created_at) |
--output | string | Output format (json) |
--prev | string | Pagination cursor for previous page |
hookdeck gateway transformation executions get
Get a single execution by transformation ID and execution ID.
Usage:
hookdeck gateway transformation executions get <transformation-id-or-name> <execution-id> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--output | string | Output format (json) |
Request
List, get, and retry requests (raw inbound webhooks). View events or ignored events for a request.
[BETA] This feature is in beta. Please share bugs and feedback via: https://github.com/hookdeck/hookdeck-cli/issues
Usage:
hookdeck gateway request [command]
Global options:
| Flag | Type | Description |
|---|---|---|
--color | string | turn on/off color output (on, off, auto) |
--config | string | config file (default is $HOME/.config/hookdeck/config.toml) |
--device-name | string | device name |
--insecure | bool | Allow invalid TLS certificates |
--log-level | string | log level (debug, info, warn, error) (default "info") |
-p, --profile | string | profile name (default "default") |
For an overview of requests and the event lifecycle, see Requests and Events & Attempts.
Event lifecycle: A request is the raw inbound webhook received by a source. Each request can produce one or more events (when routed through connections) and each event has attempts (delivery tries). Use request events to see which events a request produced.
hookdeck gateway request list
List requests (raw inbound webhooks). Filter by source ID.
Usage:
hookdeck gateway request list [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--body | string | Filter by body (JSON string) |
--created-after | string | Filter requests created after (ISO date-time) |
--created-before | string | Filter requests created before (ISO date-time) |
--dir | string | Sort direction (asc, desc) |
--headers | string | Filter by headers (JSON string) |
--id | string | Filter by request ID(s) (comma-separated) |
--ingested-at-after | string | Filter by ingested_at after (ISO date-time) |
--ingested-at-before | string | Filter by ingested_at before (ISO date-time) |
--limit | int | Limit number of results (default "100") |
--next | string | Pagination cursor for next page |
--order-by | string | Sort key (e.g. created_at) |
--output | string | Output format (json) |
--parsed-query | string | Filter by parsed query (JSON string) |
--path | string | Filter by path |
--prev | string | Pagination cursor for previous page |
--rejection-cause | string | Filter by rejection cause |
--source-id | string | Filter by source ID |
--status | string | Filter by status |
--verified | string | Filter by verified (true/false) |
hookdeck gateway request get
Get detailed information about a request by ID.
Usage:
hookdeck gateway request get <request-id> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--output | string | Output format (json) |
hookdeck gateway request retry
Retry a request by ID. By default retries on all connections. Use --connection-ids to retry only for specific connections.
Usage:
hookdeck gateway request retry <request-id> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--connection-ids | string | Comma-separated connection IDs to retry (omit to retry all) |
hookdeck gateway request events
List events (deliveries) created from a request.
Usage:
hookdeck gateway request events <request-id> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--limit | int | Limit number of results (default "100") |
--next | string | Pagination cursor for next page |
--output | string | Output format (json) |
--prev | string | Pagination cursor for previous page |
hookdeck gateway request ignored-events
List ignored events for a request (e.g. filtered out or deduplicated).
Usage:
hookdeck gateway request ignored-events <request-id> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--limit | int | Limit number of results (default "100") |
--next | string | Pagination cursor for next page |
--output | string | Output format (json) |
--prev | string | Pagination cursor for previous page |
hookdeck gateway request raw-body
Output the raw request body of a request by ID.
Usage:
hookdeck gateway request raw-body <request-id>
Event
List, get, retry, cancel, or mute events (processed webhook deliveries). Filter by connection ID (--connection-id), status, source, or destination.
[BETA] This feature is in beta. Please share bugs and feedback via: https://github.com/hookdeck/hookdeck-cli/issues
Usage:
hookdeck gateway event [command]
Global options:
| Flag | Type | Description |
|---|---|---|
--color | string | turn on/off color output (on, off, auto) |
--config | string | config file (default is $HOME/.config/hookdeck/config.toml) |
--device-name | string | device name |
--insecure | bool | Allow invalid TLS certificates |
--log-level | string | log level (debug, info, warn, error) (default "info") |
-p, --profile | string | profile name (default "default") |
For an overview of events and the event lifecycle, see Events & Attempts.
Event lifecycle: A request (raw inbound webhook) becomes one or more events (processed, routed deliveries) when associated with connections. Each event has one or more attempts (single delivery tries). Use request list to find raw webhooks, event list to find processed events, and attempt list --event-id to inspect delivery tries.
hookdeck gateway event list
List events (processed webhook deliveries). Filter by connection ID, source, destination, or status.
Usage:
hookdeck gateway event list [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--attempts | string | Filter by number of attempts (integer or operators) |
--body | string | Filter by body (JSON string) |
--cli-id | string | Filter by CLI ID |
--connection-id | string | Filter by connection ID |
--created-after | string | Filter events created after (ISO date-time) |
--created-before | string | Filter events created before (ISO date-time) |
--destination-id | string | Filter by destination ID |
--dir | string | Sort direction (asc, desc) |
--error-code | string | Filter by error code |
--headers | string | Filter by headers (JSON string) |
--id | string | Filter by event ID(s) (comma-separated) |
--issue-id | string | Filter by issue ID |
--last-attempt-at-after | string | Filter by last_attempt_at after (ISO date-time) |
--last-attempt-at-before | string | Filter by last_attempt_at before (ISO date-time) |
--limit | int | Limit number of results (default "100") |
--next | string | Pagination cursor for next page |
--order-by | string | Sort key (e.g. created_at) |
--output | string | Output format (json) |
--parsed-query | string | Filter by parsed query (JSON string) |
--path | string | Filter by path |
--prev | string | Pagination cursor for previous page |
--response-status | string | Filter by HTTP response status (e.g. 200, 500) |
--source-id | string | Filter by source ID |
--status | string | Filter by status (SCHEDULED, QUEUED, HOLD, SUCCESSFUL, FAILED, CANCELLED) |
--successful-at-after | string | Filter by successful_at after (ISO date-time) |
--successful-at-before | string | Filter by successful_at before (ISO date-time) |
hookdeck gateway event get
Get detailed information about an event by ID.
Usage:
hookdeck gateway event get <event-id> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--output | string | Output format (json) |
hookdeck gateway event retry
Retry delivery for an event by ID.
Usage:
hookdeck gateway event retry <event-id>
hookdeck gateway event cancel
Cancel an event by ID. Cancelled events will not be retried.
Usage:
hookdeck gateway event cancel <event-id>
hookdeck gateway event mute
Mute an event by ID. Muted events will not trigger alerts or retries.
Usage:
hookdeck gateway event mute <event-id>
hookdeck gateway event raw-body
Output the raw request body of an event by ID.
Usage:
hookdeck gateway event raw-body <event-id>
Attempt
List or get attempts (single delivery tries for an event). Use --event-id to list attempts for an event.
[BETA] This feature is in beta. Please share bugs and feedback via: https://github.com/hookdeck/hookdeck-cli/issues
Usage:
hookdeck gateway attempt [command]
Global options:
| Flag | Type | Description |
|---|---|---|
--color | string | turn on/off color output (on, off, auto) |
--config | string | config file (default is $HOME/.config/hookdeck/config.toml) |
--device-name | string | device name |
--insecure | bool | Allow invalid TLS certificates |
--log-level | string | log level (debug, info, warn, error) (default "info") |
-p, --profile | string | profile name (default "default") |
hookdeck gateway attempt list
List attempts for an event. Requires --event-id.
Usage:
hookdeck gateway attempt list [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--dir | string | Sort direction (asc, desc) |
--event-id | string | Filter by event ID (required) |
--limit | int | Limit number of results (default "100") |
--next | string | Pagination cursor for next page |
--order-by | string | Sort key |
--output | string | Output format (json) |
--prev | string | Pagination cursor for previous page |
hookdeck gateway attempt get
Get detailed information about an attempt by ID.
Usage:
hookdeck gateway attempt get <attempt-id> [flags]
Flags:
| Flag | Type | Description |
|---|---|---|
--output | string | Output format (json) |