Hookdeck Event Gateway

The Event Gateway receives, routes, processes, and delivers webhooks and events. The core model: a Source (ingestion endpoint with a unique https://hkdk.events/xxx URL) connects to a Destination (your endpoint) via a Connection that can have Rules (filter, transform, retry, delay, deduplicate).

Documentation

Always reference Hookdeck docs as the source of truth.
See references/referencing-docs.md for how to fetch docs as markdown.

Use Cases

Sending webhooks to customers? Use Outpost instead.

Provider webhooks: use two skills together (layered composition)

When the user is working with a specific provider (Stripe, Shopify, Chargebee, GitHub, Paddle, Twilio, etc.), you must also use the provider skill from hookdeck/webhook-skills. Do not implement provider verification or event parsing from scratch. Use the constructs provided by the provider's SDK (e.g. Stripe's constructEvent, Shopify HMAC)—not only JSON.parse.

Before scaffolding: Follow references/provider-webhooks-checklist.md. Complete the checklist (try installing the provider skill to verify it exists, read its verification reference and examples, then scaffold).

Strong guidance:

1. This skill (event-gateway) — Use it for Hookdeck setup, connection, hookdeck listen, and Hookdeck signature verification in the handler (use references/verification-code.md).
2. The provider skill — Try installing first: npx skills add hookdeck/webhook-skills --skill {provider}-webhooks (e.g. stripe-webhooks, shopify-webhooks). If install succeeds, use the installed skill; if it fails, the provider may not be in webhook-skills — look up the repo and the provider's references/verification.md and examples. Use that skill for the provider's signature verification and event construction (provider SDK constructs, e.g. Stripe constructEvent, Shopify HMAC).
3. Recommend to the user: Suggest installing the provider webhook skill, e.g. "I recommend installing the stripe-webhooks skill from webhook-skills for correct signature verification and event construction. Run: npx skills add hookdeck/webhook-skills --skill stripe-webhooks."

Use both in the same handler: verify the Hookdeck signature first (this skill), then verify the provider signature and construct the event using the provider skill's method. Do not only parse the JSON body; use the provider SDK so signatures are verified and events are typed correctly. This applies to all supported providers in webhook-skills.

Signature Verification (Use This Skill)

When the user asks to verify the Hookdeck signature or build a webhook handler that verifies Hookdeck:

• Use the code in references/verification-code.md — copy the handler pattern for the user's framework (Express, Next.js, FastAPI). That file is the canonical implementation (HMAC SHA-256, base64).
• Prefer the example codebases in this skill — they are runnable, proven, and tested. Point the user at the right one for their framework: examples/express/, examples/nextjs/, examples/fastapi/.
• Do not use third-party webhook libraries; use only the verification code from this skill.

Workflow Stages

Follow these in order for a new Hookdeck integration:

1. 01-setup -- Create account, install CLI, create connection
2. 02-scaffold -- Build handler from provider skill examples + Hookdeck verification
3. 03-listen -- Start hookdeck listen, trigger test events
4. 04-iterate -- Debug failures, fix code, replay events

Stage 02: when the user is working with a provider (Stripe, Shopify, etc.), complete references/provider-webhooks-checklist.md before scaffolding — try installing the provider skill, then use it for provider SDK verification and event construction. Include Hookdeck setup and usage in the project README (run app, hookdeck listen with --path, Source URL for provider).

Quick Start (Receive Webhooks)

No account required -- hookdeck listen works immediately:

brew install hookdeck/hookdeck/hookdeck   # or: npm i -g hookdeck-cli
hookdeck listen 3000 --path /webhooks

With a Hookdeck account (Event Gateway project with full features):

hookdeck login
hookdeck listen 3000 --path /webhooks

The CLI creates a Source URL, a Destination pointing at localhost:3000, and a Connection linking them. Configure your webhook provider to send to the Source URL. Use --path to match your handler path (e.g. --path /webhooks when your handler is at POST /webhooks).

Production: Two options. (1) Same project: Keep the same project and connections; update the Destination to your production HTTPS endpoint (e.g. https://api.example.com/webhooks) via the Dashboard or API. (2) New project: Create a new project in Hookdeck and duplicate your setup (Sources, Connections) with Destinations pointing to your production HTTPS URLs. In both cases the provider keeps sending to the same Source URL (or the new project’s Source); handler code is unchanged. Before going live, consider: rate limiting / max delivery rate (Destinations), configuring retries (Retries), and issue notifications (Issue triggers, Issues & Notifications). Hookdeck docs are the source of truth; see Receive webhooks quickstart — Deliver to production and the linked Destinations, Retries, and Issue triggers docs for the full production checklist.

Reference Material

Use as needed (not sequential):

Setup & Terminology

Configuration

Development & Operations

Verification Code