Documentation

Your complete guide to using Pagerhooks

Overview

PagerHooks is a webhook event management platform that enables you to create, monitor, and manage webhook endpoints with real-time mobile notifications. When you create a hook in the app, a unique webhook URL is generated that can be used to receive events from external services like Stripe, OpenAI, Google APIs, and more.

Key Features

  • Real-time event tracking and metrics
  • Instant iOS push notifications
  • Multi-device delivery — get paged on every signed-in iOS device simultaneously
  • AES-256 encryption for data protection
  • Multiple authentication methods — HMAC (SHA-256/SHA-1), JWT, Bearer token, API Keys, and more
  • Message forwarding — automatically relay incoming events to any HTTPS endpoint
  • At-least-once delivery with automatic retries
  • Accepts JSON payloads up to 5 MB per event
  • Offline-first architecture with real-time sync
  • Full-text search across messages and hooks

Getting Started

Account Creation

  1. Download the PagerHooks app from the App Store
  2. Create an account using your email address
  3. Verify your email through the verification code sent
  4. Set up your password (minimum 8 characters)

Creating Your First Hook

  1. Navigate to the Hooks tab
  2. Tap Create Hook
  3. Select a brand/platform template or use a generic webhook
  4. Configure authentication (recommended)
  5. Optionally enable message forwarding to relay events to another endpoint
  6. Copy your generated webhook URL
  7. Add the URL to your external service's webhook settings

Webhook Management

Creating a Hook

When creating a hook, you'll need to provide the following information:

Field Required Description
Name Yes A descriptive label for your hook
Description Yes Details about the hook's purpose
Template/Brand Yes The platform sending webhooks (e.g., Stripe, GitHub)
URL No Optional source URL reference
Authentication No Enable credential-based protection (strongly recommended)
Secret/Credentials If auth enabled Authentication credentials based on method
Message Forwarding No Enable automatic relay of incoming events to another HTTPS URL
Forward URL If forwarding enabled Destination HTTPS URL for forwarded events

Security Warning: If you create or update a hook without authentication, the app will display a confirmation dialog warning you of the increased risk of receiving unsolicited events. You must explicitly confirm before proceeding.

Webhook URL Structure

When a hook is created, PagerHooks generates a unique webhook URL that you provide to external services:

https://messages.pagerhooks.com/notifications?id={hook_id}

The id parameter is your unique hook identifier. You can copy this URL directly from the app.

Managing Hooks

View Hook Details:

  • See the webhook URL (tap to copy)
  • View recent messages received by the hook
  • Check hook status (active/inactive)

Edit Hook Settings:

  • Update name, description, and URL
  • Change the brand/template
  • Modify authentication credentials
  • Toggle active/inactive status
  • Enable or disable message forwarding and update the forward URL

Delete a Hook:

  • Deleting a hook will also delete all associated messages
  • This action requires confirmation and cannot be undone

Authentication & Security

Supported Authentication Methods

PagerHooks supports multiple authentication methods to secure your webhook endpoints:

Method Description Use Case
Signing Secret HMAC-based signature verification Stripe, GitHub, Slack
Basic Auth Username/password credentials Custom integrations
API Key API key in request header Various APIs
Shared Secret Symmetric secret key Custom webhooks
Webhook ID ID-based authentication Simple integrations
Public Key Asymmetric key verification High-security integrations
JWT Signed JSON Web Token verification, including claims High-security or custom auth flows
Verify Token Token-based verification Facebook, Meta platforms

Protected URLs

When a webhook URL is protected (authentication enabled), every incoming webhook request must include valid credentials that PagerHooks validates on its infrastructure.

How Protected URLs Work:

  1. Credential Configuration: When creating a hook with authentication, you provide the secret/credentials used by the sending service
  2. Request Validation: When a webhook arrives, PagerHooks validates the request signature or credentials against your stored configuration
  3. Rejection of Invalid Requests: Requests that fail authentication are rejected and not stored

Security Warning: If you create a hook without authentication, the app will display a warning: "Using this hook without an authentication field exposes it to higher risk of receiving unsolicited events."

Credential Storage

PagerHooks implements multiple layers of security for credential storage:

  • AES-256 Encryption: All secrets are encrypted at rest
  • Masked Display: Credentials are displayed as ************ in the UI to prevent accidental exposure; the last-updated date is shown instead of the value
  • Secure Updates: Credential updates are processed through secure edge functions
  • No Plain-Text Transmission: Secrets are never transmitted in plain text after initial storage
  • Device Keychain Storage: Authentication session tokens on the mobile device are stored in the OS keychain (iOS Keychain / Android Keystore) via expo-secure-store, not in unencrypted local storage

Message Forwarding

Message forwarding allows a hook to automatically relay every incoming webhook event to a second HTTPS endpoint of your choice. This is useful for piping events into internal services, CI/CD pipelines, logging systems, or any other receiver alongside PagerHooks.

Enabling Forwarding

Forwarding can be enabled both at hook creation and in hook settings:

  1. Open Create Hook or navigate to a hook's Settings
  2. Toggle Enable message forwarding to on
  3. Enter the destination Forward URL (must be a valid HTTPS URL)
  4. Save or create the hook

To disable forwarding, toggle the switch off and save. The forward URL is cleared automatically when forwarding is turned off.

Forward URL Requirements

Requirement Detail
Protocol HTTPS only (https://)
Format Must be a valid, fully-qualified URL
Max length 2048 characters

Non-HTTPS URLs (including http://, file://, and internal addresses) are rejected by the app before the hook is saved.

Forwarding Behavior

  • The original webhook payload is relayed as-is to the forward URL
  • Forwarding occurs server-side on PagerHooks infrastructure after the event is received and (if configured) authenticated
  • Each forwarded request is logged and visible in the Forward Log on the message detail screen
  • If the destination endpoint is unreachable or returns an error, the event is still stored in PagerHooks — forwarding failures do not affect event capture

Plans & Rate Limits

Free Plan

Best for personal use

$0/month

  • 500 events/month
  • 7 days log retention
  • Mobile notifications
  • Advanced authentication
  • Message forwarding

Pro Plan

Coming Soon

Best for small teams

$12/month

  • 10,000 events/month
  • 30 days log retention
  • Mobile notifications
  • Advanced authentication
  • Message forwarding

Rate Limiting

Event Caps:

  • Free Plan: 500 events per month
  • Pro Plan: 10,000 events per month

What Happens When You Hit the Limit:

  • Events exceeding your monthly cap will not be stored
  • You'll receive a notification when approaching your limit
  • Upgrade to Pro for higher limits

Response Time:

  • Average webhook processing time: 0.3 seconds
  • Real-time push notifications to your mobile device

Log Retention:

  • Free Plan: Events older than 7 days are automatically deleted
  • Pro Plan: Events older than 30 days are automatically deleted

Per-Hook Request Rate:

  • A short-term request rate limit per hook smooths out sudden bursts from senders
  • Requests exceeding the burst limit are rejected with a 429 Rate Limit Exceeded response so the sender knows to back off — your earlier events are unaffected

Reliable Delivery

  • Accepted events are processed at least once — if a delivery attempt fails, it is automatically retried
  • Events that cannot be delivered after repeated attempts are set aside, not silently discarded
  • If a payload cannot be processed (e.g. malformed data), you can be notified by email

Messages & Events

Viewing Messages

Messages are webhook events received by your hooks. Each message contains:

Field Description
Payload The JSON data sent by the webhook, rendered as an interactive tree
Tag Event type or category label
Hook Name The associated hook that received the event
Brand The platform that sent the webhook
Timestamp When the event was received
Read Status Whether the message has been viewed
Forward Log Per-message log of forwarding attempts and their outcomes (if forwarding is enabled)

Customizing Notifications

You can control how each event appears as a push notification by including optional fields in the JSON payload you send to your hook.

Field Type Description
tag string Becomes the title of the push notification. If omitted, the hook's label is used as the title.
send_notification boolean Set to false to record the event silently without sending a push. Defaults to true.

Examples:

Alert with a custom title:

{ "tag": "Deploy finished", "service": "checkout-api", "status": "success" }

Record an event silently — no push sent, still saved to history:

{ "tag": "Healthcheck", "status": "ok", "send_notification": false }

Message Management

Individual Actions:

  • View full JSON payload as a formatted, collapsible tree
  • Mark as read/unread
  • View similar messages from the same hook

Bulk Actions:

  • Select multiple messages
  • Share messages
  • Export messages
  • Mark all as read/unread
  • Delete selected messages

Search:

  • Full-text search across all messages
  • Search by hook name, event type, or payload content

Account Management

Deleting Your Account

You can permanently delete your PagerHooks account from the Settings tab.

What happens when you delete your account:

  • All hooks and associated messages are permanently removed
  • Your authentication credentials and profile data are erased
  • This action cannot be undone

You will be asked to provide a reason for deletion before the account is removed. After confirmation, you are automatically signed out.

API Reference

Webhook Endpoint

Receive Webhook Events

POST https://messages.pagerhooks.com/notifications?id={hook_id}

Request Headers (for authenticated hooks):

Auth Method Header Format
Signing Secret X-Signature: {hmac_signature}
Basic Auth Authorization: Basic {base64_credentials}
API Key {custom_header}: {api_key}
JWT Authorization: Bearer {jwt_token}
Verify Token X-Verify-Token: {token}

Request Body: Any valid JSON payload from your webhook source. Maximum payload size: 5 MB. You may include optional tag (string) and send_notification (boolean) fields to customize push notification behavior — see Customizing Notifications.

Response Codes:

Code Description
200 Event received and stored successfully
401 Authentication failed
404 Hook not found
429 Rate limit exceeded

Support & Resources

Need help or have questions? We're here to assist you.