Sources overviewCreate a sourceEdit a sourceArchive & unarchive a sourceDelete a source

Sources overview

A source is any service that sends you webhooks.


How sources work

Each source is given a unique Hookdeck URL that can be pasted into the webhook URL field of the sender platform. Once your provider is sending webhooks to a Hookdeck URL, events are ingested and routed according to your connection rules.

You can customize the Source URL to use your own custom domain name. See Custom Domain for more information.


Hookdeck aims to be compatible with every API provider. To accomplish this, we remain platform-agnostic and ingest any inbound requests (up to 10 MiB) with one of the following content-types:

  • text/plain
  • text/xml
  • application/json
  • application/x-www-form-urlencoded
  • application/xml
  • application/*+json
  • application/jwt
  • application/x-ndjson
  • multipart/form-data

If you encounter a problem integrating a specific API provider, send us a message.

Custom methods

Some providers send webhooks in non-POST methods, e.g. PUT, PATCH, DELETE or even GET. GET requests are not accepted by default, but you can enable them in the Source Configuration > Advanced Configuration section when creating or updating your sources.

HTTP Methods in advanced configuration section in Source form

You can also enable them explicitly by using a x-hookdeck-allow-methods query string parameter in your Hookdeck source URL.


Custom responses

Some API vendors modify their behavior based on the response they receive from a webhook. For these providers, Hookdeck supports setting custom responses to satisfy their requirements.

Customize Response in Source form

You can also use query string parameter x-hookdeck-response to explicitly customize the response. Append one of the following query parameters to the Hookdeck-provided source URL to achieve the desired response.

ResponseQuery parameter exampleBehavior
Empty?x-hookdeck-response=null or ?x-hookdeck-responseHookdeck responds with an empty body
Text?x-hookdeck-response[text]=Hello+WorldHookdeck responds with the text Hello World
JSON?x-hookdeck-response[json]=%7B%22message%22%3A%22Hello%20World%22%7DHookdeck responds with the specified JSON
XML?x-hookdeck-response[xml]=<root><child></child></root>Hookdeck responds with the specified XML

Handshakes and validation

Some API providers require a validation step, known as a "handshake" or "challenge." While this is not standard across all providers, we do our best to implement validation for any platform that our users integrate with.

At this time, we've implemented handshake support for the following platforms:

  • Adobe Acrobat Sign
  • Adyen
  • Asana
  • AWS SNS (Subscription Confirmation)
  • Azure Graph (Notification URL Validation)
  • Facebook
  • Google Business Messages
  • helloflex.com
  • HelloSign
  • InFakt
  • Infusionsoft
  • Mailchimp
  • Microsoft SharePoint
  • monday.com
  • Nylas
  • Okta
  • OnFleet
  • Oura
  • Slack
  • Smartsheet
  • Strava (use STRAVA as verify_token)
  • Trello
  • Twitch
  • Twitter (must use our Twitter source verification)
  • Zoom (must use our Zoom source verification)
  • Wallester
  • WebSub generic integration
  • REST Hooks implementation

If your provider requires a handshake and is missing from this list, contact us and we will add support within 24 hours.