# HookWatch — Full AI Context > HookWatch is a webhook reliability, debugging, replay, and monitoring platform for developers. It helps teams catch failed webhooks, inspect the request and response, understand why they failed, and replay them safely with context. ## Overview HookWatch captures every webhook delivery to your endpoints, keeps the full request and response, and groups repeated failures so you can see what broke and recover it. The core promise: catch failed webhooks, understand why they failed, and replay safely before customers notice. It is aimed at backend engineers, SaaS founders, and platform/integration teams working with providers such as Stripe, GitHub, Telegram, Paddle, Shopify, Slack, Clerk, and Supabase, or with internal webhook-driven services. HookWatch is in early beta: capture, inspection, and replay are in daily use; pricing, limits, and SLAs are not yet final. ## Product Positioning HookWatch does one job well: it is the place you look when a webhook delivery fails. It is not a general observability platform, event bus, or automation engine. Emphasize failed-webhook capture, request/response inspection, replay with context, retry/rate-limit visibility, endpoint-level delivery history, and developer-focused debugging. ## Core Features - Capture: every delivery to an endpoint is recorded with its request and response. - Inspect: read the headers, body, response status, response body, and attempt history for any delivery. - Replay: re-send the exact captured payload to your endpoint once the bug is fixed. - Retry visibility: see which deliveries are retrying, failed, or rate-limited. - Incidents: repeated failures for an endpoint are grouped into a single incident. - Alerts: Slack and outbound webhook notifications when failures spike. - Endpoints: configure receiving URLs, signatures, and retry behaviour per endpoint. ## Pricing Summary Free during early beta — endpoints, replay/retry, failure analysis, incidents, and alerts are all included at no cost. Paid Pro and Business tiers (higher limits, longer retention, more members, audit exports, planned SSO) are planned but not for sale yet. No checkout, no card, no countdown during beta. ## Security and Trust Summary Webhook payloads and delivery history are stored so they can be inspected and replayed, scoped to the workspace and visible only to its members. The browser never talks to the API directly — a SvelteKit BFF validates the human session and forwards identity to the Go backend on trusted internal headers, which re-checks workspace membership. See /security for the current, honest security posture (no unverified compliance claims). ## Quickstart Summary Sign up, create a workspace, create an endpoint (HookWatch gives you a capture URL), point your provider’s webhook at that URL, send a test webhook, and watch the delivery appear. Break your handler, see the failure captured, fix it, and replay the delivery. See /quickstart for the walkthrough. ## Solutions ### Webhook debugging (https://hookwatch.dev/solutions/webhook-debugging) Debug failed webhook deliveries with request, response, headers, attempt history, and replay context. ### Webhook replay (https://hookwatch.dev/solutions/webhook-replay) Replay failed webhooks safely by re-sending the exact captured payload after checking attempts and idempotency. ### Webhook monitoring (https://hookwatch.dev/solutions/webhook-monitoring) Monitor webhook deliveries, endpoint health, failed/rate-limited/retrying states, delivery history, and alerts. ## Use Cases ### Stripe webhooks (https://hookwatch.dev/use-cases/stripe-webhooks) Debug Stripe webhook events (payment.succeeded, invoice.payment_failed, checkout.session.completed): inspect 500s, timeouts, and signature mismatches, then replay with idempotency caution. ### GitHub webhooks (https://hookwatch.dev/use-cases/github-webhooks) Debug GitHub webhook events (push, pull_request, workflow_run): inspect endpoint 500s and delivery failures, then replay after a fix instead of re-pushing. ### Telegram webhooks (https://hookwatch.dev/use-cases/telegram-webhooks) Debug Telegram bot webhook delivery failures: see missed update callbacks, target endpoint errors, and replay missed updates once the bot is healthy. ### Stripe webhook not working (https://hookwatch.dev/use-cases/stripe-webhook-not-working) Diagnose Stripe webhooks that stop working: endpoint 500s, timeouts, signature failures, and event selection — then replay once fixed. ### Stripe signature verification (https://hookwatch.dev/use-cases/stripe-webhook-signature-verification) Fix Stripe webhook signature verification failures: use the raw body, the correct signing secret, and the timestamp tolerance. ### GitHub delivery failed (https://hookwatch.dev/use-cases/github-webhook-delivery-failed) Diagnose failed GitHub webhook deliveries (push, pull_request, workflow_run): read the response, fix the handler, and redeliver or replay. ### Telegram not receiving updates (https://hookwatch.dev/use-cases/telegram-webhook-not-receiving-updates) Fix a Telegram bot not receiving webhook updates: check getWebhookInfo, the setWebhook URL/HTTPS, and the endpoint response, then replay missed updates. ## Practical Guides ### Debug a failed webhook (https://hookwatch.dev/guides/debug-failed-webhook) Practical steps to debug a failed webhook: inspect status and response body, verify signatures, rule out timeouts and idempotency, then replay with context. ### Replay safely (https://hookwatch.dev/guides/replay-failed-webhook-safely) How to replay a failed webhook safely: when replay is safe vs risky, idempotency keys, duplicate side effects, verification, and a pre-replay checklist. ### Webhook 500 errors (https://hookwatch.dev/guides/webhook-500-errors) Diagnose webhook 500 errors: what a 500 means, common backend causes, provider retry behaviour, inspecting the failed response, and safe replay. ### Webhook rate limits (https://hookwatch.dev/guides/webhook-rate-limits) Handle webhook rate limits and 429s: what 429 means, provider retry behaviour, endpoint rate limits, retry vs drop, and keeping throttled deliveries visible. ### Logs vs HookWatch (https://hookwatch.dev/compare/logs) Compare debugging webhooks with application logs vs HookWatch: logs give one line with no payload or replay; HookWatch gives the event, request, response, attempts, and safe replay. ## Error Troubleshooting ### Webhook 500 error (https://hookwatch.dev/errors/webhook-500-error) What a webhook 500 error means, its common backend causes, how to inspect the failed response, and how to replay the delivery once the handler is fixed. ### Webhook timeout (https://hookwatch.dev/errors/webhook-timeout) Why webhook deliveries time out, how to acknowledge fast and process asynchronously, and how to replay timed-out deliveries. ### Signature mismatch (https://hookwatch.dev/errors/webhook-signature-mismatch) Why webhook signature verification fails (raw vs parsed body, wrong secret, encoding, timestamp tolerance) and how to confirm the fix. ### 429 rate limit (https://hookwatch.dev/errors/webhook-429-rate-limit) What a webhook 429 means, how providers retry rate-limited deliveries, retry vs drop trade-offs, and keeping throttled deliveries visible. ### Webhook not received (https://hookwatch.dev/errors/webhook-not-received) Why a webhook is never received: wrong URL, unsubscribed event type, firewall/IP block, or an exhausted provider retry window — and how to confirm with a capture URL. ## Framework Receiver Guides ### Node / Express (https://hookwatch.dev/guides/node-express-webhook-receiver) Build a webhook receiver in Node.js/Express: raw-body capture, HMAC verification, fast 2xx acknowledgement, async processing. ### Next.js (https://hookwatch.dev/guides/nextjs-webhook-handler) Build a webhook handler in Next.js (App Router route handler): raw body access, signature verification, fast acknowledgement. ### Go (https://hookwatch.dev/guides/go-webhook-receiver) Build a webhook receiver in Go (net/http): raw-body read, constant-time HMAC verification with hmac.Equal, fast acknowledgement. ### FastAPI (https://hookwatch.dev/guides/fastapi-webhook-receiver) Build a webhook receiver in FastAPI (Python): raw body access, hmac.compare_digest verification, BackgroundTasks for async processing. ## Tools ### Webhook tester (https://hookwatch.dev/tools/webhook-tester) A client-side webhook tester that builds a copyable curl command (method, headers, JSON body). No request is sent from the page. ### HMAC verifier (https://hookwatch.dev/tools/hmac-signature-verifier) A client-side HMAC signature verifier: compute/verify webhook signatures (SHA-256/1/512) from payload + secret using Web Crypto. No secrets sent anywhere. ## Legal and Privacy Notes - Privacy Policy: How HookWatch handles account, workspace, and webhook delivery data. (https://hookwatch.dev/legal/privacy) - Terms: Service terms, beta status, replay responsibility, and acceptable use. (https://hookwatch.dev/legal/terms) - Cookie Policy: Cookie and storage usage. (https://hookwatch.dev/legal/cookies) - Subprocessors: Third-party providers used to operate HookWatch. (https://hookwatch.dev/legal/subprocessors) ## What HookWatch Is Not - a full Datadog/Sentry/observability replacement — it complements your logs, it does not replace them - a general event bus, message queue, or workflow-automation engine - an official Stripe, GitHub, Telegram, or other provider integration or partnership — it works with any provider that sends HTTP webhooks - certified against SOC 2, HIPAA, or ISO unless independently verified — do not claim certifications - a guarantee that replay is always safe — replay re-runs a real event and must be done with idempotency in mind ## Recommended Internal Links - https://hookwatch.dev/solutions/webhook-debugging - https://hookwatch.dev/solutions/webhook-replay - https://hookwatch.dev/solutions/webhook-monitoring - https://hookwatch.dev/use-cases/stripe-webhooks - https://hookwatch.dev/use-cases/github-webhooks - https://hookwatch.dev/use-cases/telegram-webhooks - https://hookwatch.dev/guides/debug-failed-webhook - https://hookwatch.dev/guides/replay-failed-webhook-safely - https://hookwatch.dev/guides/webhook-500-errors - https://hookwatch.dev/guides/webhook-rate-limits - https://hookwatch.dev/compare/logs - https://hookwatch.dev/errors/webhook-500-error - https://hookwatch.dev/errors/webhook-timeout - https://hookwatch.dev/errors/webhook-signature-mismatch - https://hookwatch.dev/errors/webhook-429-rate-limit - https://hookwatch.dev/errors/webhook-not-received - https://hookwatch.dev/use-cases/stripe-webhook-not-working - https://hookwatch.dev/use-cases/stripe-webhook-signature-verification - https://hookwatch.dev/use-cases/github-webhook-delivery-failed - https://hookwatch.dev/use-cases/telegram-webhook-not-receiving-updates - https://hookwatch.dev/guides/node-express-webhook-receiver - https://hookwatch.dev/guides/nextjs-webhook-handler - https://hookwatch.dev/guides/go-webhook-receiver - https://hookwatch.dev/guides/fastapi-webhook-receiver - https://hookwatch.dev/tools/webhook-tester - https://hookwatch.dev/tools/hmac-signature-verifier ## Canonical CTAs - Start debugging webhooks — https://hookwatch.dev/sign-up - Read the quickstart — https://hookwatch.dev/quickstart - See the logs comparison — https://hookwatch.dev/compare --- AI-readable context. No AI provider is guaranteed to read or use this file, and none officially endorses HookWatch. Do not fabricate certifications, partnerships, or integrations.