Documentation
Your complete guide to using Pagerhooks
Overview
PagerHooks is a webhook event management platform that enables you to create, monitor, and manage webhook endpoints with real-time mobile notifications. When you create a hook in the app, a unique webhook URL is generated that can be used to receive events from external services like Stripe, OpenAI, Google APIs, and more.
Key Features
- Real-time event tracking and metrics
- Instant iOS push notifications
- Multi-device delivery — get paged on every signed-in iOS device simultaneously
- AES-256 encryption for data protection
- Multiple authentication methods — HMAC (SHA-256/SHA-1), JWT, Bearer token, API Keys, and more
- Message forwarding — automatically relay incoming events to any HTTPS endpoint
- At-least-once delivery with automatic retries
- Accepts JSON payloads up to 5 MB per event
- Offline-first architecture with real-time sync
- Full-text search across messages and hooks
Getting Started
Account Creation
- Download the PagerHooks app from the App Store
- Create an account using your email address
- Verify your email through the verification code sent
- Set up your password (minimum 8 characters)
Creating Your First Hook
- Navigate to the Hooks tab
- Tap Create Hook
- Select a brand/platform template or use a generic webhook
- Configure authentication (recommended)
- Optionally enable message forwarding to relay events to another endpoint
- Copy your generated webhook URL
- Add the URL to your external service's webhook settings
Webhook Management
Creating a Hook
When creating a hook, you'll need to provide the following information:
| Field | Required | Description |
|---|---|---|
| Name | Yes | A descriptive label for your hook |
| Description | Yes | Details about the hook's purpose |
| Template/Brand | Yes | The platform sending webhooks (e.g., Stripe, GitHub) |
| URL | No | Optional source URL reference |
| Authentication | No | Enable credential-based protection (strongly recommended) |
| Secret/Credentials | If auth enabled | Authentication credentials based on method |
| Message Forwarding | No | Enable automatic relay of incoming events to another HTTPS URL |
| Forward URL | If forwarding enabled | Destination HTTPS URL for forwarded events |
Security Warning: If you create or update a hook without authentication, the app will display a confirmation dialog warning you of the increased risk of receiving unsolicited events. You must explicitly confirm before proceeding.
Webhook URL Structure
When a hook is created, PagerHooks generates a unique webhook URL that you provide to external services:
The id parameter is your unique hook identifier. You can copy this URL directly from the app.
Managing Hooks
View Hook Details:
- See the webhook URL (tap to copy)
- View recent messages received by the hook
- Check hook status (active/inactive)
Edit Hook Settings:
- Update name, description, and URL
- Change the brand/template
- Modify authentication credentials
- Toggle active/inactive status
- Enable or disable message forwarding and update the forward URL
Delete a Hook:
- Deleting a hook will also delete all associated messages
- This action requires confirmation and cannot be undone
Authentication & Security
Supported Authentication Methods
PagerHooks supports multiple authentication methods to secure your webhook endpoints:
| Method | Description | Use Case |
|---|---|---|
| Signing Secret | HMAC-based signature verification | Stripe, GitHub, Slack |
| Basic Auth | Username/password credentials | Custom integrations |
| API Key | API key in request header | Various APIs |
| Shared Secret | Symmetric secret key | Custom webhooks |
| Webhook ID | ID-based authentication | Simple integrations |
| Public Key | Asymmetric key verification | High-security integrations |
| JWT | Signed JSON Web Token verification, including claims | High-security or custom auth flows |
| Verify Token | Token-based verification | Facebook, Meta platforms |
Protected URLs
When a webhook URL is protected (authentication enabled), every incoming webhook request must include valid credentials that PagerHooks validates on its infrastructure.
How Protected URLs Work:
- Credential Configuration: When creating a hook with authentication, you provide the secret/credentials used by the sending service
- Request Validation: When a webhook arrives, PagerHooks validates the request signature or credentials against your stored configuration
- Rejection of Invalid Requests: Requests that fail authentication are rejected and not stored
Security Warning: If you create a hook without authentication, the app will display a warning: "Using this hook without an authentication field exposes it to higher risk of receiving unsolicited events."
Credential Storage
PagerHooks implements multiple layers of security for credential storage:
- AES-256 Encryption: All secrets are encrypted at rest
- Masked Display: Credentials are displayed as
************in the UI to prevent accidental exposure; the last-updated date is shown instead of the value - Secure Updates: Credential updates are processed through secure edge functions
- No Plain-Text Transmission: Secrets are never transmitted in plain text after initial storage
- Device Keychain Storage: Authentication session tokens on the mobile device are stored in the OS keychain (iOS Keychain / Android Keystore) via
expo-secure-store, not in unencrypted local storage
Message Forwarding
Message forwarding allows a hook to automatically relay every incoming webhook event to a second HTTPS endpoint of your choice. This is useful for piping events into internal services, CI/CD pipelines, logging systems, or any other receiver alongside PagerHooks.
Enabling Forwarding
Forwarding can be enabled both at hook creation and in hook settings:
- Open Create Hook or navigate to a hook's Settings
- Toggle Enable message forwarding to on
- Enter the destination Forward URL (must be a valid HTTPS URL)
- Save or create the hook
To disable forwarding, toggle the switch off and save. The forward URL is cleared automatically when forwarding is turned off.
Forward URL Requirements
| Requirement | Detail |
|---|---|
| Protocol | HTTPS only (https://) |
| Format | Must be a valid, fully-qualified URL |
| Max length | 2048 characters |
Non-HTTPS URLs (including http://, file://, and internal addresses) are rejected by the app before the hook is saved.
Forwarding Behavior
- The original webhook payload is relayed as-is to the forward URL
- Forwarding occurs server-side on PagerHooks infrastructure after the event is received and (if configured) authenticated
- Each forwarded request is logged and visible in the Forward Log on the message detail screen
- If the destination endpoint is unreachable or returns an error, the event is still stored in PagerHooks — forwarding failures do not affect event capture
Plans & Rate Limits
Free Plan
Best for personal use
$0/month
- ✓ 500 events/month
- ✓ 7 days log retention
- ✓ Mobile notifications
- ✓ Advanced authentication
- ✓ Message forwarding
Pro Plan
Coming SoonBest for small teams
$12/month
- ✓ 10,000 events/month
- ✓ 30 days log retention
- ✓ Mobile notifications
- ✓ Advanced authentication
- ✓ Message forwarding
Rate Limiting
Event Caps:
- Free Plan: 500 events per month
- Pro Plan: 10,000 events per month
What Happens When You Hit the Limit:
- Events exceeding your monthly cap will not be stored
- You'll receive a notification when approaching your limit
- Upgrade to Pro for higher limits
Response Time:
- Average webhook processing time: 0.3 seconds
- Real-time push notifications to your mobile device
Log Retention:
- Free Plan: Events older than 7 days are automatically deleted
- Pro Plan: Events older than 30 days are automatically deleted
Per-Hook Request Rate:
- A short-term request rate limit per hook smooths out sudden bursts from senders
- Requests exceeding the burst limit are rejected with a
429 Rate Limit Exceededresponse so the sender knows to back off — your earlier events are unaffected
Reliable Delivery
- Accepted events are processed at least once — if a delivery attempt fails, it is automatically retried
- Events that cannot be delivered after repeated attempts are set aside, not silently discarded
- If a payload cannot be processed (e.g. malformed data), you can be notified by email
Messages & Events
Viewing Messages
Messages are webhook events received by your hooks. Each message contains:
| Field | Description |
|---|---|
| Payload | The JSON data sent by the webhook, rendered as an interactive tree |
| Tag | Event type or category label |
| Hook Name | The associated hook that received the event |
| Brand | The platform that sent the webhook |
| Timestamp | When the event was received |
| Read Status | Whether the message has been viewed |
| Forward Log | Per-message log of forwarding attempts and their outcomes (if forwarding is enabled) |
Customizing Notifications
You can control how each event appears as a push notification by including optional fields in the JSON payload you send to your hook.
| Field | Type | Description |
|---|---|---|
tag |
string | Becomes the title of the push notification. If omitted, the hook's label is used as the title. |
send_notification |
boolean | Set to false to record the event silently without sending a push. Defaults to true. |
Examples:
Alert with a custom title:
Record an event silently — no push sent, still saved to history:
Message Management
Individual Actions:
- View full JSON payload as a formatted, collapsible tree
- Mark as read/unread
- View similar messages from the same hook
Bulk Actions:
- Select multiple messages
- Share messages
- Export messages
- Mark all as read/unread
- Delete selected messages
Search:
- Full-text search across all messages
- Search by hook name, event type, or payload content
Account Management
Deleting Your Account
You can permanently delete your PagerHooks account from the Settings tab.
What happens when you delete your account:
- All hooks and associated messages are permanently removed
- Your authentication credentials and profile data are erased
- This action cannot be undone
You will be asked to provide a reason for deletion before the account is removed. After confirmation, you are automatically signed out.
API Reference
Webhook Endpoint
Receive Webhook Events
Request Headers (for authenticated hooks):
| Auth Method | Header Format |
|---|---|
| Signing Secret | X-Signature: {hmac_signature} |
| Basic Auth | Authorization: Basic {base64_credentials} |
| API Key | {custom_header}: {api_key} |
| JWT | Authorization: Bearer {jwt_token} |
| Verify Token | X-Verify-Token: {token} |
Request Body: Any valid JSON payload from your webhook source. Maximum payload size: 5 MB. You may include optional tag (string) and send_notification (boolean) fields to customize push notification behavior — see Customizing Notifications.
Response Codes:
| Code | Description |
|---|---|
| 200 | Event received and stored successfully |
| 401 | Authentication failed |
| 404 | Hook not found |
| 429 | Rate limit exceeded |
Support & Resources
Need help or have questions? We're here to assist you.
- Website: https://pagerhooks.com
- Issues & Feedback: Contact support through the app or website