Frequently Asked Questions

Instant webhook debugging without tunnels

Everything you need to know about Hookly’s free tier limits, payload encryption, framework compatibility, and developer support channels.

Usage & Billing

Limits & Rate Controls

How many webhook requests are included in the free tier?

The free plan includes 5,000 incoming requests per month with a 14-day payload retention window. Exceeding this limit automatically pauses new captures until the next billing cycle or an upgrade to the Pro tier ($12/mo), which offers 50,000 requests and indefinite raw JSON storage.

Does Hookly throttle high-frequency event streams?

We enforce a soft rate limit of 60 requests per second per endpoint to protect our edge nodes. Bursts up to 100 rps are tolerated for 5 seconds. If you run CI/CD pipelines or load tests, enable the `X-Hookly-Bypass: true` header in your test environment to skip throttling.

Infrastructure & Security

Data Protection & Compliance

Are webhook payloads encrypted at rest?

Yes. All captured payloads are encrypted using AES-256-GCM before writing to our PostgreSQL clusters. TLS 1.3 is enforced for every incoming and outgoing connection. We undergo annual SOC 2 Type II audits and maintain full GDPR and CCPA compliance.

Can I delete my webhook history permanently?

Absolutely. Use the “Purge All” button in your dashboard settings, or send a `DELETE /api/v1/captures` request with your API key. Deletion triggers an immediate cascade wipe across our primary and replica databases, with zero data recovery possible after 60 seconds.

Integrations & SDKs

Compatibility & Routing

Do I need to install a local tunnel agent?

No. Hookly uses an edge-routing architecture that assigns you a persistent `*.hookly.dev` subdomain. Simply point your third-party service or internal API to that URL. We support standard HTTP/1.1 and HTTP/2 without requiring ngrok, localtunnel, or custom firewall rules.

Which programming languages are officially supported?

We maintain first-party SDKs for Node.js (`@hookly/client`), Python (`hookly-py`), PHP, and Go. All SDKs support automatic signature verification using HMAC-SHA256, retry logic with exponential backoff, and structured logging compatible with Winston and Datadog.

Help & Escalation

Developer Support

How quickly do engineering tickets get resolved?

Free-tier users receive community and email support with a 24-hour SLA. Pro and Enterprise plans include priority Discord access and dedicated Slack channels with a 4-hour response guarantee during business hours (UTC-5 to UTC+3). Critical infrastructure outages trigger immediate PagerDuty escalation.

Still troubleshooting a specific integration or need custom webhook routing?

Contact Engineering

View API Reference