ReHook Documentation

ReHook is a powerful webhook middleware that routes, transforms, and monitors webhook traffic from a single endpoint.

🎯

Auto-Detection

Automatically detect webhook schema and event types

🔄

Fan-Out

Send one webhook to multiple destinations

⚡

Transforms

Modify payloads with JavaScript

🔁

Retries

Exponential backoff and dead-letter queues

Quick Start

Get up and running in 5 minutes:

Create a Project

Navigate to your dashboard and create a new project to organize your webhooks.

Create a Source

A source provides a unique webhook URL. Point your integrations to this URL.

https://your-rehook.com/api/v1/ingest/abc123

Add Destinations

Configure where your webhook events should be forwarded. Each destination has its own URL, authentication, and settings.

Enable Forwarding

Toggle forwarding ON and your webhooks will start flowing!

Core Concepts

📥 Sources

A source is an inbound webhook endpoint. Each source gets a unique URL that accepts webhook requests from external services like Stripe, GitHub, or Shopify.

📤 Destinations

A destination is where events are forwarded to. Configure the target URL, authentication method, custom headers, rate limits, and retry policies.

🔄 Transforms

Transforms allow you to modify the webhook payload using JavaScript before forwarding. Filter events, reshape data, or add custom fields.

🎯 Triggers

Triggers define when events should be forwarded based on conditions like event type, payload content, or custom JavaScript expressions.

Sources Configuration

Setting	Description	Default
`name`	Display name for the source	Required
`slug`	URL-friendly identifier	Auto-generated
`enabled`	Whether the source accepts events	`true`
`forwarding_enabled`	Whether events are forwarded to destinations	`false`

Destinations Configuration

Setting	Description	Default
`url`	Target URL for forwarding	Required
`auth_policy_id`	Authentication policy to use	`null`
`rate_limit`	Max requests per second (Hz)	`null` (unlimited)
`timeout_ms`	Request timeout in milliseconds	`30000`
`retry_count`	Max retry attempts	`3`
`custom_headers`	Additional headers to send	`{}`

Transforms

Transforms use JavaScript to modify the payload. The function receives the event and must return the modified payload or null to skip.

// Example: Filter and reshape Stripe events
function transform(event) {
  // Skip non-payment events
  if (!event.type.startsWith('payment')) {
    return null;
  }
  
  // Reshape the payload
  return {
    type: event.type,
    amount: event.data.object.amount,
    currency: event.data.object.currency,
    customer: event.data.object.customer,
    timestamp: new Date().toISOString()
  };
}

Available Variables

Variable	Description
`event`	The original webhook payload
`headers`	Request headers object
`source`	Source metadata

Triggers

Triggers control which events are forwarded to a destination.

Trigger Types

Type	Description	Example
`event_type`	Match specific event types	`payment.succeeded`
`field_match`	Match payload field values	`data.status = "active"`
`javascript`	Custom JS expression	`event.amount > 100`

API Authentication

All API requests require authentication using an API key.

# Include in request header
Authorization: Bearer rh_sk_xxxxxxxxxxxx

# Or as query parameter
?api_key=rh_sk_xxxxxxxxxxxx

API Key Scopes

Scope	Permissions
`events:read`	View events and deliveries
`events:write`	Create events, replay, resend
`sources:read`	View sources and destinations
`sources:write`	Create and modify sources
`admin`	Full access to all resources

Events API

GET/api/v1/events

List all events with optional filters

GET/api/v1/events/:id

Get event details with delivery history

POST/api/v1/events/:id/replay

Replay an event to all destinations

POST/api/v1/events/:id/retry-failed

Retry only failed deliveries for an event

Deliveries API

GET/api/v1/deliveries/:id

Get delivery details and response

POST/api/v1/deliveries/:id/resend

Resend a specific delivery

Sources API

GET/api/v1/sources

List all sources

POST/api/v1/sources

Create a new source

PUT/api/v1/sources/:id

Update a source

DELETE/api/v1/sources/:id

Delete a source

Rate Limiting

ReHook uses a token bucket algorithm for rate limiting per destination.

How it works: If a destination has a rate limit of 10 requests/second, ReHook will queue and deliver events at that rate, using exponential backoff when the destination is overloaded.

Configuration

rate_limit: Requests per second (e.g., 10 = 10 req/s)
Backoff: 1s → 2s → 4s → 8s → ... up to 60s
Circuit Breaker: Opens after 10 consecutive failures, 1 min cooldown

Retries & Dead Letter Queue

Retry Strategy

Failed deliveries are automatically retried with exponential backoff:

Attempt 1: Immediate
Attempt 2: After 1 second
Attempt 3: After 2 seconds
Attempt 4: After 4 seconds
... up to max_retries (default: 3)

Dead Letter Queue (DLQ)

Events that fail all retry attempts are moved to the DLQ. From the DLQ you can:

Inspect the failure reason and response
Replay the event to all destinations
Retry only failed deliveries
Resolve (acknowledge) the error

Event Status Flow

Status	Description
`pending`	Waiting to be processed
`processing`	Currently being delivered
`retrying`	Delivery failed, retrying
`delivered`	All destinations succeeded
`partial`	Some destinations succeeded, some failed
`failed`	All destinations failed
`dlq`	Moved to Dead Letter Queue

Security

Authentication Methods

Type	Description	Use Case
`hmac`	HMAC signature verification	Stripe, GitHub webhooks
`bearer`	Bearer token in Authorization header	OAuth APIs
`api_key`	API key in header or query	Simple APIs
`basic`	HTTP Basic Authentication	Legacy systems

Best Practices

Rotate API keys regularly
Use scoped keys with minimal permissions
Enable HMAC verification for incoming webhooks
Use HTTPS for all destination URLs

Error Handling

Common Error Codes

Code	Description	Solution
`DESTINATION_TIMEOUT`	Request exceeded timeout	Increase timeout_ms or optimize destination
`RATE_LIMITED`	Destination rate limit exceeded	Automatic retry with backoff
`CONNECTION_REFUSED`	Cannot connect to destination	Check destination URL and firewall
`AUTH_FAILED`	Authentication rejected	Verify auth policy configuration
`TRANSFORM_ERROR`	JavaScript transform failed	Check transform syntax
`MAX_RETRIES_EXCEEDED`	All retry attempts failed	Check DLQ and fix destination

Tip: Enable notifications in Settings to receive alerts when deliveries fail or events are moved to the DLQ.