CatchHook|Docs
Back to AppStart Free Trial
Navigation
HomeGetting StartedEndpointsWebhook RequestsForwardingTunneling & CLIAlertsNotification ChannelsCustom DomainsOutbound WebhooksTeamsAPI ReferenceBilling & PlansAccount SettingsSecurity & Privacy

Outbound Webhooks

CatchHook can notify your systems in real time when events occur — webhooks received, forwarding failures, alerts triggered, and more. This enables you to integrate CatchHook into your own automation pipelines.

Requires Business plan.

Setting up an outbound webhook

  1. Go to Account Settings → Outbound Webhooks.
  2. Enter your endpoint URL and select which event types to subscribe to.
  3. Click Add Webhook.

CatchHook generates a signing secret for you automatically.

Event types

Event Description
webhook.received A webhook was received at one of your endpoints
forwarding.failed An auto-forwarding attempt returned a non-2xx status
forwarding.succeeded An auto-forwarding attempt succeeded
alert.triggered An alert condition was met
tunnel.disconnected A tunnel connection was lost

Payload format

Every delivery is a POST request with a JSON body:

{
  "event": "webhook.received",
  "timestamp": "2026-05-01T12:00:00Z",
  "data": {
    "endpoint_id": "ep_abc123",
    "request_id": "wr_def456",
    "method": "POST",
    "path": "/hooks/stripe",
    "content_type": "application/json"
  }
}

Signature verification

Every delivery includes an HMAC-SHA256 signature in the X-CatchHook-Signature header:

X-CatchHook-Signature: t=1714585200,v1=5257a869e7ecebeda32affa62cdca3fa51...

To verify:

  1. Extract the t (timestamp) and v1 (signature) values.
  2. Construct the signed payload: {timestamp}.{request_body}.
  3. Compute HMAC-SHA256(your_secret, signed_payload).
  4. Compare your computed signature with the v1 value.

Example (Ruby):

timestamp, signature = header.split(",").map { |p| p.split("=", 2).last }
expected = OpenSSL::HMAC.hexdigest("SHA256", secret, "#{timestamp}.#{body}")
Rack::Utils.secure_compare(expected, signature)

Delivery behavior

  • Timeout: 30 seconds per delivery attempt.
  • Retries: Up to 3 attempts with exponential backoff.
  • Failure threshold: After 10 consecutive failures, the webhook is automatically disabled.

Delivery log

View recent deliveries for each webhook in Outbound Webhooks → Deliveries. The log shows:

  • Event type
  • HTTP response status
  • Response time
  • Success/failure status
  • Timestamp

Managing webhooks

  • Enable/Disable — toggle delivery without deleting the webhook.
  • Remove — permanently delete the webhook and its delivery history.

Use cases

  • Forward events to Slack/Discord — receive formatted notifications when webhooks arrive.
  • Trigger CI/CD pipelines — kick off deployments when specific webhooks are received.
  • Feed monitoring systems — send forwarding failures to PagerDuty or Datadog.
  • Build custom dashboards — stream events to your own analytics service.