Introduction

Hawk is a modern webhook engine built for reliability, security, and developer experience. It acts as the infrastructure layer between your services, ensuring that events are delivered successfully even when your targets are temporarily down.

To interact with the Hawk API, you'll need an API Key. You can generate and manage your keys in theDashboard.

A Webhook in Hawk represents a destination URL where events will be sent. When creating a webhook, you specify:

• 1

  Endpoint URL

  The public URL of your server that will receive POST requests.

• 2

  Subscribed Events

  Select exactly which event types this endpoint should receive (e.g., user.created).

• 3

  Secret Key

  Hawk generates a unique secret for each webhook to sign payloads.

Trigger events by sending a POST request to our event ingest endpoint. Hawk will instantly identify all webhooks subscribed to that event type and queue them for delivery.

curl -X POST https://api.hawk.dev/events \
  -H "Authorization: Bearer <YOUR_API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "order.completed",
    "payload": {
      "id": "ord_123",
      "amount": 49.99
    }
  }'

To ensure that a webhook was actually sent by Hawk, you should verify theX-Hawk-Signature header. This signature is a HMAC-SHA256 hash of the request body using your Webhook Secret.

const crypto = require('crypto');

const signature = req.headers['x-hawk-signature'];
const hmac = crypto.createHmac('sha256', process.env.HAWK_SECRET);
const digest = hmac.update(JSON.stringify(req.body)).digest('hex');

if (signature === digest) {
    console.log("Verified!");
}

Hawk uses a high-performance Redis-backed queue system (BullMQ) to manage deliveries. If your endpoint is down or returns an error, we don't just give up.