Skip to main content

Request Sharing

Share captured webhook requests with teammates or external collaborators using secure, shareable links. No Hooklistener account is required to view a shared request.

From the dashboard

  1. Open a captured request
  2. Click Share
  3. Configure sharing options:
    • Expiration — how long the link stays active (in hours)
    • Password protection — optionally require a password to view
    • Include forwards — whether to include forward history and responses
  4. Click Create Share
  5. Copy the generated link

From the API

curl -X POST https://app.hooklistener.com/api/v1/debug-requests/<request-id>/share \
  -H "Authorization: Bearer hklst_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "share": {
      "expires_in_hours": 24,
      "password": "optional-password",
      "include_forwards": true
    }
  }'

Viewing a shared request

Shared requests are accessible at:

https://app.hooklistener.com/r/<token>

The viewer sees the full request details including method, URL, headers, body, and query parameters. If include_forwards was enabled, forward history is also visible.

Password-protected shares

If the share is password-protected, the viewer must authenticate first:

curl -X POST https://app.hooklistener.com/api/v1/shared/r/<token>/authenticate \
  -H "Content-Type: application/json" \
  -d '{"password": "the-password"}'

Managing shares

List shares for a request

curl https://app.hooklistener.com/api/v1/debug-requests/<request-id>/shares \
  -H "Authorization: Bearer hklst_your_api_key"

Revoke a share

curl -X DELETE https://app.hooklistener.com/api/v1/shared/r/<token> \
  -H "Authorization: Bearer hklst_your_api_key"

Share properties

PropertyDescription
TokenUnique identifier for the share link
Expires atWhen the link becomes inactive
Password protectedWhether a password is required
Include forwardsWhether forward history is visible
View countNumber of times the share has been accessed
Created byThe user who created the share

Security

  • Share tokens are cryptographically random and unguessable
  • Expired shares return a 404 response
  • Access is logged with viewer IP and user agent for audit purposes
  • Shares can be revoked at any time by the creating organization