OAuth 2.0 Integration
Connect via standard OAuth 2.0 with PKCE support. Compatible with Auth0, Okta, and GitHub Enterprise. Access tokens refresh automatically every 3600 seconds.
Authentication & Security
Instant webhook debugging without tunnels
Authentication Methods
Hookly supports multiple secure authentication flows to integrate seamlessly with your CI/CD pipeline, internal services, and third-party platforms.
API Key Management
Generate scoped keys for read-only, write, or admin access. Keys are hashed using bcrypt (cost factor 12) and can be rotated directly from the dashboard without service interruption.
Channel Passwords
Protect individual webhook endpoints with per-channel passwords. Enforce Basic Auth or Bearer token validation before payload delivery to your staging environment.
Security Best Practices
Follow these guidelines to maintain zero-trust compliance and prevent unauthorized payload interception.
Enforce Request Throttling
Set channel limits to 120 requests per minute. Hookly automatically returns HTTP 429 with retry-after headers when thresholds are exceeded.
Verify Signatures
Use HMAC-SHA256 headers to verify payload integrity. Hookly appends X-Hookly-Signature to every POST request for client-side validation.
Monitor Access Events
All authentication attempts, key rotations, and channel modifications are logged with ISO 8601 timestamps and retained for 90 days.