API Reference
Complete method reference for the TypeScript SDK. Endpoints, requests, streaming, matchers, and error handling with code examples.
Updated Mar 2026
Constructor
import { WebhooksCC } from "@webhooks-cc/sdk";
const client = new WebhooksCC({
apiKey: string, // Required. Your API key.
baseUrl?: string, // Optional. Override API base URL.
webhookUrl?: string, // Optional. Override webhook receiver URL.
timeout?: number, // Optional. Request timeout in ms (default: 30000).
retry?: RetryOptions, // Optional. Automatic retry configuration.
hooks?: ClientHooks, // Optional. Lifecycle hooks for observability.
});Endpoints
POST
/endpointsclient.endpoints.create
Create a new webhook endpoint. The slug is auto-generated.
create(options?: CreateEndpointOptions): Promise<Endpoint>| Param | Type | Required | Description |
|---|---|---|---|
name | string | no | Display name |
ephemeral | boolean | no | Auto-delete after TTL |
expiresIn | string | no | Custom expiry duration |
mockResponse | MockResponse | no | Mock response config |
notificationUrl | string | no | URL to POST a JSON summary on each request |
MockResponse fields:
| Field | Type | Required | Description |
|---|---|---|---|
status | number | yes | HTTP status code (100-599) |
body | string | no | Response body |
headers | Record<string, string> | no | Response headers |
delay | number | no | Response delay in ms (0-30000) |
GET
/endpointsclient.endpoints.list
List all endpoints for your account.
list(): Promise<Endpoint[]>GET
/endpoints/:slugclient.endpoints.get
Get a single endpoint by slug.
get(slug: string): Promise<Endpoint>PATCH
/endpoints/:slugclient.endpoints.update
Update an endpoint's name or mock response configuration.
update(slug: string, options: UpdateEndpointOptions): Promise<Endpoint>| Param | Type | Required | Description |
|---|---|---|---|
slug | string | yes | Endpoint slug |
name | string | no | New display name |
mockResponse | MockResponse | null | no | Mock response config (see fields above), or null to clear |
notificationUrl | string | null | no | Notification webhook URL, or null to clear |
DELETE
/endpoints/:slugclient.endpoints.delete
Delete an endpoint and all its captured requests.
delete(slug: string): Promise<void>POST
/w/:slugclient.endpoints.send
Send a test webhook to an endpoint. Sends directly to the receiver, does not go through the API.
send(slug: string, options?: SendOptions): Promise<Response>| Param | Type | Required | Description |
|---|---|---|---|
slug | string | yes | Endpoint slug |
method | string | no | HTTP method (default: "POST") |
headers | Record<string, string> | no | HTTP headers to include |
body | unknown | no | Request body (JSON-serialized) |
POST
/w/:slugclient.endpoints.sendTemplate
Send a provider template webhook with generated signature headers.
sendTemplate(slug: string, options: SendTemplateOptions): Promise<Response>| Param | Type | Required | Description |
|---|---|---|---|
slug | string | yes | Endpoint slug |
provider | TemplateProvider | yes | Provider template to generate |
template | string | no | Provider-specific template preset |
secret | string | yes | Shared secret for signature generation |
event | string | no | Provider event/topic override |
method | string | no | HTTP method override (defaults to POST) |
timestamp | number | no | Unix timestamp override for signature generation |
headers | Record<string, string> | no | Additional headers |
body | unknown | no | Template body override |
Direct Delivery
POST
(any URL)client.sendTo
Send a webhook directly to any URL with optional provider signing. Use for local integration testing — send properly signed webhooks to localhost handlers without routing through webhooks.cc.
sendTo(url: string, options?: SendToOptions): Promise<Response>| Param | Type | Required | Description |
|---|---|---|---|
url | string | yes | Target URL (http or https) |
provider | TemplateProvider | no | Provider template for signing |
secret | string | no | Secret for signature generation (required when provider is set) |
body | unknown | no | Request body (JSON-serialized if not a string) |
headers | Record<string, string> | no | Additional headers |
method | string | no | HTTP method (default: "POST") |
event | string | no | Event name |
timestamp | number | no | Unix timestamp override for deterministic signatures in tests |
POST
(build only)client.buildRequest
Build a signed webhook request without sending it. Returns the computed URL, method, headers, and body.
buildRequest(url: string, options?: SendToOptions): Promise<{url, method, headers, body?}>Requests
GET
/endpoints/:slug/requestsclient.requests.list
List captured requests for an endpoint.
list(endpointSlug: string, options?: ListRequestsOptions): Promise<Request[]>| Param | Type | Required | Description |
|---|---|---|---|
endpointSlug | string | yes | Endpoint slug |
limit | number | no | Max results (default: 50) |
since | number | no | Only return requests after this timestamp (ms) |
GET
/endpoints/:slug/requestsclient.requests.listPaginated
List captured requests with cursor-based pagination.
listPaginated(slug: string, options?: ListPaginatedRequestsOptions): Promise<PaginatedResult<Request>>| Param | Type | Required | Description |
|---|---|---|---|
slug | string | yes | Endpoint slug |
limit | number | no | Max results per page |
cursor | string | no | Cursor from previous page |
GET
/requests/:idclient.requests.get
Get a single captured request by ID.
get(requestId: string): Promise<Request>GET
/endpoints/:slug/requestsclient.requests.waitFor
Poll for incoming requests until one matches or timeout expires. Accepts human-readable duration strings.
waitFor(endpointSlug: string, options?: WaitForOptions): Promise<Request>| Param | Type | Required | Description |
|---|---|---|---|
endpointSlug | string | yes | Endpoint slug to monitor |
timeout | number | string | no | Max wait time — ms or "30s", "5m", "1h" (default: 30000) |
pollInterval | number | string | no | Interval between polls (default: 500) |
match | (request) => boolean | no | Filter function |
GET
/endpoints/:slug/requestsclient.requests.waitForAll
Wait for multiple matching requests to arrive.
waitForAll(slug: string, options: WaitForAllOptions): Promise<Request[]>| Param | Type | Required | Description |
|---|---|---|---|
slug | string | yes | Endpoint slug |
count | number | yes | Number of requests to collect |
timeout | number | string | no | Max wait time |
match | (request) => boolean | no | Filter function |
GET
/api/stream/:slugclient.requests.subscribe
Stream incoming requests via SSE as an async iterator.
subscribe(slug: string, options?: SubscribeOptions): AsyncIterable<Request>| Param | Type | Required | Description |
|---|---|---|---|
slug | string | yes | Endpoint slug |
signal | AbortSignal | no | Signal to cancel the subscription |
timeout | number | string | no | Max stream duration |
reconnect | boolean | no | Auto-reconnect on disconnect |
maxReconnectAttempts | number | no | Max reconnection attempts |
POST
/requests/:id/replayclient.requests.replay
Replay a captured request to a target URL. Sends the original method, headers, and body. Hop-by-hop headers are stripped.
replay(requestId: string, targetUrl: string): Promise<Response>| Param | Type | Required | Description |
|---|---|---|---|
requestId | string | yes | ID of the captured request |
targetUrl | string | yes | URL to send the replayed request to |
GET
/requests/searchclient.requests.search
Search captured webhook requests across endpoints with full-text search.
search(filters?: SearchFilters): Promise<SearchResult[]>| Param | Type | Required | Description |
|---|---|---|---|
slug | string | no | Filter by endpoint slug |
method | string | no | Filter by HTTP method |
q | string | no | Free-text search |
from | string | no | Start time (duration or timestamp) |
to | string | no | End time (duration or timestamp) |
limit | number | no | Max results (default: 50) |
offset | number | no | Pagination offset |
order | "asc" | "desc" | no | Sort order (default: "desc") |
GET
/requests/countclient.requests.count
Count captured webhook requests matching the given filters.
count(filters?: SearchFilters): Promise<number>DELETE
/endpoints/:slug/requestsclient.requests.clear
Delete captured requests for an endpoint without deleting the endpoint itself.
clear(slug: string, options?: ClearRequestsOptions): Promise<void>| Param | Type | Required | Description |
|---|---|---|---|
slug | string | yes | Endpoint slug |
before | string | no | Delete requests before this duration/timestamp |
GET
/endpoints/:slug/requests/exportclient.requests.export
Export captured requests as HAR 1.2 or cURL commands.
export(slug: string, options: ExportRequestsOptions): Promise<RequestsExport>| Param | Type | Required | Description |
|---|---|---|---|
slug | string | yes | Endpoint slug |
format | "har" | "curl" | yes | Export format |
limit | number | no | Max requests to export |
since | number | no | Only export requests after this timestamp |
Templates
GET
(local)client.templates.listProviders
List all supported webhook provider templates. No API call made.
listProviders(): TemplateProvider[]
// Returns: ["stripe", "github", "shopify", "twilio", "slack", "paddle", "linear", "sendgrid", "clerk", "discord", "vercel", "gitlab", "standard-webhooks"]GET
(local)client.templates.get
Get metadata for a specific provider template.
get(provider: TemplateProvider): TemplateProviderInfoUsage
GET
/usageclient.usage
Get current request quota and usage.
usage(): Promise<UsageInfo>
// Returns: { used, limit, remaining, plan, periodEnd }Flow Builder
POST
(chained)client.flow
Create a fluent workflow builder for common webhook capture, verify, and replay workflows.
const result = await client
.flow()
.createEndpoint({ name: "test" })
.send({ body: { event: "test" } })
.waitForCapture({ timeout: "10s" })
.verifySignature({ provider: "stripe", secret: "whsec_..." })
.replayTo("http://localhost:3000/webhooks")
.cleanup()
.run();Introspection
GET
(local)client.describe
Returns a static description of all SDK operations and their parameters. No API call is made. Useful for AI agents and tool discovery.
describe(): SDKDescriptionMatchers
Composable functions that return (request) => boolean. Use with waitFor or filter logic.
import {
matchMethod,
matchHeader,
matchPath,
matchQueryParam,
matchBodyPath,
matchBodySubset,
matchContentType,
matchJsonField,
matchAll,
matchAny,
} from "@webhooks-cc/sdk";
matchMethod("POST"); // match by HTTP method
matchHeader("x-github-event"); // match header presence
matchHeader("x-github-event", "push"); // match header value
matchPath("/webhooks/**"); // match path with glob wildcards
matchQueryParam("token"); // match query param presence
matchQueryParam("token", "abc"); // match query param value
matchBodyPath("data.object.id", "obj_123"); // match nested JSON path
matchBodySubset({ type: "checkout" }); // match deep partial subset
matchContentType("application/json"); // match content-type ignoring charset
matchJsonField("type", "checkout"); // match top-level JSON field
matchAll(matchMethod("POST"), matchHeader("stripe-signature"));
matchAny(matchMethod("GET"), matchMethod("POST"));Provider Detection
Each helper checks for a provider-specific header (case-insensitive).
import {
isStripeWebhook, // stripe-signature
isGitHubWebhook, // x-github-event
isShopifyWebhook, // x-shopify-hmac-sha256
isSlackWebhook, // x-slack-signature
isTwilioWebhook, // x-twilio-signature
isPaddleWebhook, // paddle-signature
isLinearWebhook, // linear-signature
isSendGridWebhook, // user-agent: SendGrid + JSON array body
isClerkWebhook, // webhook-id + webhook-timestamp + svix-id
isDiscordWebhook, // x-signature-ed25519 + x-signature-timestamp
isVercelWebhook, // x-vercel-signature
isGitLabWebhook, // x-gitlab-event or x-gitlab-token
isStandardWebhook, // webhook-id + webhook-timestamp + webhook-signature
} from "@webhooks-cc/sdk";Body Parsing
import { parseJsonBody, parseFormBody, parseBody, extractJsonField } from "@webhooks-cc/sdk";
// Parse JSON body safely (returns undefined on failure)
const json = parseJsonBody(request);
// Parse form-encoded body
const form = parseFormBody(request);
// Auto-detect and parse by content-type
const parsed = parseBody(request);
// Extract nested JSON field by dot notation
const email = extractJsonField<string>(request, "data.customer.email");Request Diffing
import { diffRequests } from "@webhooks-cc/sdk";
const diff = diffRequests(requestA, requestB);
console.log(diff.matches); // boolean
console.log(diff.differences); // { method?, path?, headers?, body? }Signature Verification
import {
verifySignature,
verifyStripeSignature,
verifyGitHubSignature,
verifyShopifySignature,
verifySlackSignature,
verifyTwilioSignature,
verifyPaddleSignature,
verifyLinearSignature,
verifyClerkSignature,
verifyDiscordSignature,
verifyVercelSignature,
verifyGitLabSignature,
verifyStandardWebhookSignature,
} from "@webhooks-cc/sdk";
// Universal verifier (dispatches by provider)
const result = await verifySignature(request, {
provider: "stripe",
secret: "whsec_...",
});
console.log(result.valid); // boolean
// Provider-specific verifiers
const valid = await verifyStripeSignature(body, signatureHeader, secret);
const valid = await verifyGitHubSignature(body, signatureHeader, secret);Duration Strings
timeout and pollInterval accept human-readable strings alongside milliseconds.
"500ms" → 500
"30s" → 30000
"5m" → 300000
"1h" → 3600000
500 → 500 // numbers passed through
Types
interface Endpoint {
id: string;
slug: string;
name?: string;
url?: string;
isEphemeral?: boolean;
expiresAt?: number;
createdAt: number;
}
interface Request {
id: string;
endpointId: string;
method: string;
path: string;
headers: Record<string, string>;
body?: string;
queryParams: Record<string, string>;
contentType?: string;
ip: string;
size: number;
receivedAt: number;
}
interface MockResponse {
status: number; // 100-599
body: string;
headers: Record<string, string>;
delay?: number; // Response delay in ms (0-30000)
}
interface UsageInfo {
used: number;
limit: number;
remaining: number;
plan: "free" | "pro";
periodEnd: number | null;
}
interface PaginatedResult<T> {
items: T[];
cursor?: string;
hasMore: boolean;
}
type TemplateProvider =
| "stripe"
| "github"
| "shopify"
| "twilio"
| "slack"
| "paddle"
| "linear"
| "sendgrid"
| "clerk"
| "discord"
| "vercel"
| "gitlab"
| "standard-webhooks";
type VerifyProvider = TemplateProvider;Error Classes
Errors include actionable recovery hints when the server message is generic.
import {
WebhooksCCError, // Base error (has statusCode)
UnauthorizedError, // 401 — includes link to get API key
NotFoundError, // 404 — suggests using endpoints.list()
RateLimitError, // 429 — includes retryAfter seconds
TimeoutError, // Request timeout
} from "@webhooks-cc/sdk";