Command Reference
Complete command reference for the webhooks.cc CLI, including authentication, endpoint management, tunneling, replay, and updates.
Updated Mar 2026
All available commands for the whk CLI.
Run whk with no arguments to launch the interactive TUI, or use the subcommands below for scriptable, plain-text output.
whk (interactive)
Launch the interactive TUI. Provides a menu-driven interface for all CLI features with real-time request streaming, color-coded methods, and a request detail viewer.
whk| Flag | Description |
|---|---|
--nogui | Disable the TUI and print help instead (also: WHK_NOGUI=1) |
auth login
Log in to webhooks.cc. Opens your browser to verify a device code. Credentials are stored at ~/.config/whk/token.json.
whk auth loginauth logout
Remove stored credentials from your machine.
whk auth logoutauth status
Show current authentication status and email.
whk auth statuscreate
Create a new endpoint. An optional name can be provided; the slug is auto-generated.
whk create [name]| Flag | Description |
|---|---|
--signing-provider | Provider for automatic signature verification (e.g., stripe, github) |
--signing-secret | Signing secret (encrypted server-side, never stored locally) |
whk create my-stripe --signing-provider stripe --signing-secret whsec_...list
List all your endpoints with their slugs, names, and URLs.
whk listdelete
Delete an endpoint. Prompts for confirmation unless --force is set.
whk delete <slug>| Flag | Description |
|---|---|
--force, -f | Skip the confirmation prompt |
tunnel
Forward webhooks to a local port. Creates a new endpoint unless --endpoint is set.
whk tunnel <port>| Flag | Description |
|---|---|
--endpoint | Use an existing endpoint instead of creating one |
--ephemeral, -e | Delete the endpoint when the tunnel exits |
--header, -H | Add a custom header to forwarded requests (repeatable, format: Key:Value) |
When signature verification is configured on the endpoint, tunnel injects verification headers into forwarded requests:
X-Signature-Verified: trueorfalseX-Signature-Provider: stripe(the provider name)X-Signature-Error: ...(when verification fails)
Your local server can use these headers to skip its own verification during development.
Warning: These headers are injected by the local tunnel client and are not authenticated. Never trust them in production — any HTTP client can send arbitrary
X-Signature-*headers. Always perform your own signature verification in production environments.
listen
Stream incoming requests for an endpoint to the terminal without forwarding them.
whk listen <slug>When signature verification is configured, listen shows verification status inline:
14:32:01 POST /webhook ✓ stripe 423 B
14:32:05 POST /webhook ✗ stripe 423 B
replay
Replay a captured request to a target URL.
whk replay <request-id>| Flag | Description |
|---|---|
--to | Target URL for replay (default: http://localhost:8080) |
update
Update whk to the latest version.
whk update--version
Print the CLI version.
whk --version