Changelog

Device codes are now strictly single-use, can only be claimed by the account that authorized them, and issued tokens are encrypted at rest. Polling returns clear errors for expired or invalid codes instead of failing silently.

Endpoint statistics now load asynchronously, so request history and detail views render immediately while stats fill in.

AI assistants can now manage your whole workspace via MCP: build and edit automation action chains, manage schedules, secrets, the Datastore, and uptime monitors, replay and delete captured requests, and block on wait_for_request for agent-driven end-to-end webhook tests.

New MCP tools create email inboxes, read received emails, and wait_for_email to test complete email flows end to end. diagnose_request explains what happened to a captured request using its response, automation runs, and forwarding attempts, and compare_requests runs AI comparison from your editor.

Build an ordered chain of actions that runs on every captured webhook: extract JSON, assign variables, branch on conditions, modify the response, store data, call external APIs, or run sandboxed JavaScript. Sync steps can rewrite the endpoint response; async steps run in the background after capture.

Run recurring HTTP jobs on cron expressions with custom methods, headers, and bodies. Define success by expected status codes and response keywords, and review a 7-day execution history with per-run status, duration, and output.

A persistent key-value store for your organization: namespaced keys, JSON values, and optional TTL. Read and write it from automations via template variables, the REST API, and MCP tools to keep state between webhooks.

Write JavaScript that runs after each captured webhook and returns up to 10 outbound HTTP actions. Scripts execute in an isolated sandbox with automatic retries, and failures never affect the response sent to the webhook source.

Select 2-5 captured requests and get an AI-generated analysis: shared patterns, key differences, anomalies, timing analysis, payload evolution, header issues, and suggested debugging actions.

Each captured request now shows exactly which automation steps ran, in which phase, with per-step status and output — so you can debug what your automation did for any given webhook.

Connect Claude Code, Cursor, or any MCP client through a browser sign-in with organization selection — no more creating and pasting API keys. Implements standard discovery, dynamic client registration, and PKCE.

CLI logins now receive a 1-hour access token paired with a 30-day refresh token, replacing long-lived session tokens. New endpoints support silent token refresh and revocation.

API responses now include x-ratelimit-limit and x-ratelimit-remaining headers, and exceeding your plan limit returns HTTP 429 with a retry-after header.

See exactly what Hooklistener responded to each captured webhook: status code, headers, body, and whether it came from your default response or a matched response rule. The request list gained a color-coded status column.

Inspect HTTP traffic flowing through your CLI tunnels in real time from the dashboard — method, path, status, and duration for every request, with full request and response detail views.

Request history now loads continuously as you scroll, new requests are marked unread until viewed, and the first incoming request opens automatically so you see your webhook contents immediately.

Real-time WebSocket endpoints can now be deleted directly from the endpoint list, with plan limits recalculated immediately.

Connect a Telegram chat to any debug endpoint and get an instant message for every incoming webhook — method, path, timestamp, and a body preview — with a test button to verify the connection.

Automatically forward a copy of every incoming webhook to one or more destinations with custom headers and automatic retries — no manual per-request forwarding needed.

Audit logs are now included in all Team plans (previously Enterprise only), recording member changes, API key activity, endpoint changes, and billing events.

New endpoints show a step-by-step setup flow with a one-click test request and a live listening indicator. The CLI page gained a guided three-step setup with in-page device code verification and click-to-copy commands.

Email confirmation links now sign you in immediately, and you can resend the confirmation email from both signup and login.

Connect Claude Code, Cursor, Windsurf, or Codex CLI to Hooklistener via the Model Context Protocol (MCP). 8 tools available across endpoints, captured requests, and uptime monitors — debug webhooks without leaving your editor.

Compare two webhook requests side by side to quickly spot differences in headers, body, and metadata.

Replay captured webhook requests with modified body and headers to test different scenarios without re-triggering the original source.

Select multiple requests at once for bulk actions, with real-time streaming updates.

Configure rulesets to control how incoming webhook requests are processed and forwarded to your endpoints.

Delete captured webhook requests directly from the UI to keep your workspace clean and manage sensitive data.

All Hooklistener servers and data are now located in Europe, improving compliance with GDPR and data sovereignty requirements.

Monitor your endpoint availability with configurable uptime checks and share a public status page with your team or customers.

API keys are now available across all plans. Manage them directly from your organization settings for programmatic access to Hooklistener.

Export captured webhook requests to CSV format for offline analysis and reporting.

Debug WebSocket connections alongside traditional HTTP webhooks with real-time message inspection.

Tunnel live webhook payloads to your local machine with persistent subdomains (slug.hook.events). Works behind firewalls with real-time WebSocket connections.

Forward incoming emails to HTTP endpoints. Route messages from your @hookinbox.com inboxes to any URL as structured webhook payloads.

Track all actions across your organization with detailed audit logs. See who did what and when, with full activity history. Available on the Enterprise plan.

Monitor your webhook endpoints with configurable notifications. Get alerted when endpoints go down or start returning errors.

Configure custom HTTP response codes and bodies for your debug endpoints to simulate different server behaviors.

Capture requests on dynamic URL paths and inspect the full payload for each subpath.

Released the Hooklistener CLI for forwarding live webhook payloads to your local machine. Supports device-code authentication and works behind firewalls.

Create unique @hookinbox.com email addresses that capture incoming messages as webhook events. Supports text, HTML, and attachment inspection.

Share your debug endpoint with teammates via a password-protected URL to collaborate on webhook inspection.

Automatically forward captured webhook requests to another endpoint. Inspect payloads while simultaneously testing how your application handles them.

Pause and resume real-time request streaming to your debug view.

Receive real-time notifications in Slack or Discord when webhook events arrive or issues are detected with your endpoints.

Configure notification preferences per organization, including email digests and channel integrations.

Store and manage secret variables for use in webhook processing, keeping sensitive data secure and separate from your configurations.

Programmatic access to Hooklistener via API keys for automation and integration with your development workflow.

Create and manage organizations, invite team members with role-based access, and control billing per organization.

Subscription management with plan upgrades, downgrades, and usage tracking integrated directly into the app.

Launch of Hooklistener with core features: webhook debugging endpoints, real-time payload inspection via WebSocket, request filtering, and API key authentication.