Web app · Webhook router
Webhook plumbing you configure once instead of rebuilding every project.
- Webhooks
- Infrastructure
- Multi-tenant
- HMAC
- verified inbound, with replay protection
- Immutable
- versioned route snapshots you can replay
- Multi-tenant
- workspaces with role-scoped keys
The problem
Every integration project rebuilds the same webhook plumbing: signature verification, retries, fan-out, transformation, inspection. It's undifferentiated work that still manages to be security-critical — the worst combination.
The approach
Hooker gives each source one stable inbound URL and handles the rest: verify, transform, route, retry. Routes are deterministic and versioned, destinations get their own retry behavior, and the whole thing is multi-tenant so one deployment serves many workspaces.
What it does
- Gives each source one stable inbound URL with HMAC/secret verification, a replay window, and scoped idempotency.
- Deterministic rule-based routes fan out to multiple destinations, versioned as immutable snapshots you can replay.
- Templated Discord embeds and HTTP bodies, per-destination retry/backoff that honors rate limits, and an SSRF host allowlist.
- Multi-tenant workspaces with role-scoped keys, an audit log, plan limits, and optional Stripe billing.
Stack & links
- Node.js
- Express 5
- React 19
- Vite
- SQLite / Postgres
- Stripe
Private build — ask us for a walkthrough.
Want a system like this for your business?
No discovery-call theater. Send us the problem, and we'll send back how we'd attack it.