HomeProductEndpointsAccountPricingDocumentation
API docsv1

Webhook Interceptor API

Webhook capture, Pipe Studio (flows, versions, execute), endpoint management, privacy, share links, and tier limits.

Protected routes accept your browser session or an API key from Account: Authorization: Bearer <evp_…> or X-Api-Key.

Product

Pipe Studio & Event Pipe

A flow is a versioned handler attached to your webhook endpoint. You define triggers, ship TypeScript (and optional declarative pipe JSON), publish immutable versions, and run test executions against the live graph—mirroring what the dashboard does.

  • List and create flows per endpoint; each flow has a linear version history.
  • Publish bundles with validated `settings.pipe` (v3) and code artifacts; production webhooks invoke the enabled flow’s current version.
  • Execute simulates the published graph with a JSON payload—ideal before or after shipping.

Tier limits apply to flows per endpoint, execution timeout, code boxes per pipe, and HTTP steps—see Pricing. Programmatic access uses the same auth as the dashboard (session cookie or API key).

Start here

60-second quickstart

Three steps from zero to your first event visible in the inspector. Links use your current origin: http://localhost:3000.

All capture URLs and snippets on this page use example ID … (generated uniquely on each visit) so they do not collide with your real endpoints.

1

Create your endpoint

On the home page choose a unique ID (e.g. stripe-orders-prod) and create the endpoint. No server or card required.

2

Send a test webhook

POST JSON to the capture URL using example ID …. It is only for these docs; use your own ID in production.

3

Open the inspector

View headers, body, and timeline in real time. The demo link uses the same example ID ….

Generating a unique example ID…

POST/api/webhook/{id}

Capture webhook

Captures any incoming request for payload inspection.

Auth: Not required. Private endpoints require x-webhook-key.

Request

Generating a unique example ID…

Response

{ "success": true, "webhookId": "uuid" }
GET/api/webhook/{id}?_dashboard=1

Dashboard read

Returns endpoint history for UI/dashboard.

Auth: Session or API key for private endpoints (owner or approved collaborator).

Request

Generating a unique example ID…

Response

{ "endpoint": {...}, "events": [...] }
POST/api/webhook/register

Register endpoint (auth)

Registers a webhook ID for an authenticated user.

Auth: Session cookie or API key (Bearer / X-Api-Key). Respects tier limits and ownership.

Request

Generating a unique example ID…

Response

{ "success": true }
POST/api/webhook/register-guest

Register endpoint (guest)

Registers an endpoint for guest mode and issues a signed guest_id.

Auth: Not required. Free tier limits apply via signed cookie.

Request

Generating a unique example ID…

Response

{ "success": true }
GET/api/account

Account summary

Tier, policy, and usage summary (endpoints + monthly requests).

Auth: Optional. Session, API key, or unauthenticated guest/free context.

Request

Generating a unique example ID…

Response

{ "tier": "FREE", "policy": {...} }
GET/api/account/endpoints

List owned endpoints

Lists owner endpoints with privacy and metadata.

Auth: Session or API key.

Request

Generating a unique example ID…

Response

{ "endpoints": [...] }
DELETE/api/account/endpoints/{id}

docsApi.endpoints.delete-endpoint.title

docsApi.endpoints.delete-endpoint.description

Auth: docsApi.endpoints.delete-endpoint.auth

Request

Generating a unique example ID…

Response

{ "success": true }
PATCH/api/account/endpoints/{id}/privacy

Toggle privacy

Enables or disables a private endpoint and returns accessKey when applicable.

Auth: Session or API key. Private endpoints from STARTER tier.

Request

Generating a unique example ID…

Response

{ "success": true, "isPrivate": true, "accessKey": "hex" }
POST/api/account/endpoints/{id}/share

Create share link

Generates a share link for a private endpoint with expiry.

Auth: Session or API key. Owner only.

Request

Generating a unique example ID…

Response

{ "success": true }
DELETE/api/account/endpoints/{id}/access

List/revoke access

Lists collaborators with access and revokes by userId.

Auth: Session or API key. Owner only.

Request

Generating a unique example ID…

Response

{ "success": true }
GET/api/account/access-requests

Access requests inbox

Pending access requests for the owner’s endpoints.

Auth: Session or API key.

Request

Generating a unique example ID…

Response

{ "requests": [...] }
PATCH/api/account/access-requests/{requestId}

Approve/reject request

Approves or rejects an access request (approve | reject).

Auth: Session or API key. Endpoint owner only.

Request

Generating a unique example ID…

Response

{ "success": true }
POST/api/share/{token}/accept

Accept share token

Turns a share token into a pending access request.

Auth: Session or API key.

Request

Generating a unique example ID…

Response

{ "success": true }
GET/api/account/flows

List flows

Returns flows owned by the authenticated user, optionally filtered by endpointId.

Auth: Session or API key.

Request

Generating a unique example ID…

Response

{ "flows": [ { "id", "endpoint_id", "name", "status", "current_version_id" } ] }
POST/api/account/flows

Create flow

Creates a new flow on an endpoint you own; seeds an initial version when successful.

Auth: Session or API key. Tier must allow flow automation (see limits).

Request

Generating a unique example ID…

Response

{ "success": true, "flowId": "uuid", "version": 1 }
GET/api/account/flows/{flowId}

Get flow + versions

Returns the flow row and all versions (includes settings.pipe when stored).

Auth: Session or API key. Owner only.

Request

Generating a unique example ID…

Response

{ "flow": {...}, "versions": [ { "version", "settings", "build_status" } ] }
POST/api/account/flows/{flowId}/versions

Publish flow version

Creates a new version with bundleCode and settings (pipe definition validated server-side).

Auth: Session or API key. Owner only.

Request

Generating a unique example ID…

Response

{ "success": true, "version": { "version": 2 } }
POST/api/account/flows/{flowId}/execute

Execute flow (test)

Runs the current live version with a synthetic event body—same runtime as production, scoped to your account.

Auth: Session or API key. Owner only.

Request

Generating a unique example ID…

Response

{ "success": true, "result": { "status", "output", "logs", "durationMs" } }

Standard errors

StatusWhen it happensExample
400Invalid body or missing required field{ "error": "webhookId is required" }
401Unauthenticated user on protected routes{ "error": "Unauthorized" }
402Tier limit or feature not available{ "error": "Private endpoints are available from STARTER tier" }
403No permission on owner resource{ "error": "Forbidden" }
404Resource not found{ "error": "Endpoint not found" }
409Ownership conflict or webhook ID already taken{ "error": "This webhook ID is already owned by another user" }
410Share link expired{ "error": "Share link expired" }

Integration snippets

Uses the same example ID as the quickstart: ….

Generating a unique example ID…