Live — 2.4M webhooks verified this month Start Free →
WebhookWatch Platform
API Reference
Programmatic access to webhook logs, endpoint management, and event replay. Build automation around your webhook infrastructure.
Base URL
Endpoints
All API requests require a Bearer token in the Authorization header. Responses are JSON-encoded. Rate limit: 120 requests per minute per API key.
GET
/v1/endpoints
List all registered webhook endpoints. Returns endpoint ID, target URL, status, creation timestamp, and last received event time. Supports pagination via page and limit query parameters.
POST
/v1/endpoints
Create a new webhook endpoint. Body requires name (string), target_url (string, HTTPS), and optional secret for HMAC validation. Returns the unique endpoint UUID and generated public capture URL.
GET
/v1/endpoints/{id}/logs
Fetch delivery logs for a specific endpoint. Returns array of log entries with HTTP status, latency in milliseconds, payload preview, and headers. Filter by status_code, from, and to (ISO 8601 timestamps).
GET
/v1/endpoints/{id}/logs/{logId}
Retrieve a single log entry in full detail. Includes complete request body, all headers, raw response, retry count, and signature verification result. Returns 404 if log has expired beyond the retention window.
POST
/v1/endpoints/{id}/logs/{logId}/replay
Replay a captured webhook to its target URL. Optional body parameter delay_ms sets a delivery delay. Returns a replay job ID immediately; poll /v1/replays/{jobId} for completion status.
DELETE
/v1/endpoints/{id}
Permanently remove an endpoint and all associated logs. Irreversible. Returns { "deleted": true, "endpoint_id": "..." } on success. Logs scheduled for replay are cancelled automatically.
Request & Response Format
Parameters
Common parameters used across multiple endpoints. All timestamps follow ISO 8601 format in UTC.
req
Authentication
Authorization: Bearer <api_key> — required on every request. Generate keys in Dashboard → Settings → API Keys. Keys are scoped per team and support read-only or read-write access levels.
query
Pagination
page (integer, default 1) and limit (integer, default 50, max 200). Response includes X-Total-Count and Link headers for cursor navigation. Use cursor parameter for offset-free pagination on large datasets.
query
Time Range Filters
from and to accept ISO 8601 strings (e.g., 2024-11-15T08:30:00Z). Default window is the last 24 hours. Maximum lookback period is 90 days for Pro plans, 7 days for Free.
body
Endpoint Creation
name (string, 2–64 chars), target_url (string, must be HTTPS), secret (string, optional, used for HMAC-SHA256 signature generation), transform_rules (array, optional, JSONPath expressions for payload filtering).
query
Status Filtering
status_code accepts comma-separated values: 2xx, 3xx, 4xx, 5xx, or exact codes like 200,404,502. Combines with time range filters. Example: ?status_code=5xx&from=2024-12-01T00:00:00Z.
body
Replay Configuration
delay_ms (integer, 0–60000, default 0), headers_override (object, optional, merges with original headers), target_url (string, optional, overrides the endpoint's default target for one-time test deliveries).
Practical Usage
Examples
Copy-paste ready curl commands and JSON payloads for common workflows.
Create an endpoint
curl -X POST https://api.webhookwatch.nl/v1/endpoints \ -H "Authorization: Bearer ww_live_k8x2mP9vQr4nL1jH" \ -H "Content-Type: application/json" \ -d '{ "name": "Payment Service — Stripe", "target_url": "https://payments.example.com/webhooks/stripe", "secret": "whsec_a1b2c3d4e5f6g7h8i9j0" }'
List recent failure logs
curl -G "https://api.webhookwatch.nl/v1/endpoints/ep_7f3a9c1d/logs" \ -H "Authorization: Bearer ww_live_k8x2mP9vQr4nL1jH" \ --data-urlencode "status_code=5xx" \ --data-urlencode "from=2024-12-10T00:00:00Z" \ --data-urlencode "limit=25"
Replay a specific log entry
curl -X POST "https://api.webhookwatch.nl/v1/endpoints/ep_7f3a9c1d/logs/log_2b8e4f6a/replay" \ -H "Authorization: Bearer ww_live_k8x2mP9vQr4nL1jH" \ -H "Content-Type: application/json" \ -d '{ "delay_ms": 2000, "headers_override": { "X-Test-Run": "manual-replay-2024-12-15" } }'
Response — single log entry
{ "log_id": "log_2b8e4f6a", "endpoint_id": "ep_7f3a9c1d", "received_at": "2024-12-14T16:42:08Z", "method": "POST", "status_code": 502, "latency_ms": 1247, "retry_count": 3, "signature_valid": true, "request": { "headers": { "Content-Type": "application/json", "X-Stripe-Signature": "t=1734195728,v1=a8f3...", "User-Agent": "Stripe/1.0" }, "body": { "id": "evt_1OZqR2L3mN4pQ5rS", "type": "payment_intent.succeeded", "data": { "object": { "id": "pi_3OZqR2L3mN4pQ5rS6tU7vW", "amount": 4995, "currency": "eur", "status": "succeeded" } } } }, "response": { "status_code": 502, "body": "<html><body bgcolor=\"white\"><center><h1>502 Bad Gateway</h1>...</body></html>", "headers": { "Server": "nginx/1.24.0", "Date": "Wed, 14 Dec 2024 16:42:09 GMT" } } }