Receiving webhook events

Any destination that handles webhooks from Hookdeck must accept HTTP POST requests. If your workspace does not have the static IP add-on enabled, requests may arrive from any arbitrary IP.

When routing a webhook to a destination, Hookdeck preserves the original request's headers, body, query string, and path. Exceptions to this rule are listed below.

Headers

In addition to the request's original headers, Hookdeck appends the following additional headers:

Header	Description
`X-Hookdeck-EventID`	Hookdeck event id
`X-Hookdeck-Source-Alias`	Alias of the source that received the webhook
`X-Hookdeck-Attempt-Count`	Event attempt count
`X-Hookdeck-Event-URL`	URL of event on the Hookdeck dashboard
`X-Hookdeck-Signature`	Hookdeck HMAC signature (sha256, base64 encoded)
`X-Hookdeck-Verified`	Boolean representing whether Hookdeck verified the original request

Query string

Hookdeck will never alter the query string of the original request unless a query string is specified in the destination URL.

For example, if Hookdeck receives a request with query string ?key1=value1, and the destination URL is set to example.com/webhooks?key2=value2, the destination will receive query string ?key2=value2.

Path

By default, Hookdeck preserves any path appended to the Hookdeck URL when routing a webhook to its destination.

For example, if a provider is set up to send webhooks to https://events.hookdeck.com/e/src_abcxyz/path/to/forward and your destination URL is https://www.example.com/webhooks, then your destination will receive the request at https://www.example.com/webhooks/path/to/forward.

To prevent this behavior, disable path forwarding on the destination.