https://wbhk.my/<token>, and every request that URL receives is captured as an event you can inspect, verify, and replay. The URL never expires and never changes — set it once in your provider’s dashboard and forget it.
You’ll need an API key (whk_-prefixed) exported as WEBHOOK_API_KEY, or a logged-in wbhk CLI (wbhk login).
1. Create an endpoint
An endpoint is the thing that owns an ingest URL and collects its events. Creating one returns its ingest URL — and it stays available afterward: the dashboard always shows it on the endpoint’s detail page, and you can re-reveal it over the API.id (the endpoint id you’ll use everywhere else) and ingestUrl. The ingest token embeds a credential — keep it out of client-side code — and if one ever leaks, wbhk endpoints rotate <endpoint-id> mints a fresh URL and invalidates the old one immediately.
2. Point something at the URL
Set the ingest URL as the webhook destination in your provider’s dashboard — the 142 supported providers and anything else. The URL accepts every HTTP verb and answers provider verification handshakes automatically, so most providers validate it on the spot. No provider handy? Any HTTP client works. The ingest URL doesn’t care what sends to it:3. Confirm the captured event
List the endpoint’s events and you’ll see the one you just sent, newest first.id and read it in full — headers, verification state, and a pointer to the raw body — with wbhk events get <event-id>.
Your event’s verificationState is unattempted until you register the provider’s signing secret. That’s the next step: verify inbound signatures so webhook.co proves each event actually came from your provider. For the guided tour of every surface, see the quickstart.