Webhooks that never
drop a signal.
funiq is production-grade webhook infrastructure. Ingest, verify, filter, retry and replay every event — with the observability your engineers need.
curl -X POST https://your-app/api/public/hooks/ingest/whk_a1b2c3 \
-H "content-type: application/json" \
-H "x-hookpilot-signature: sha256=..." \
-d '{"type":"payment.succeeded","amount":4200}'
← 200 { "ok": true, "event_id": "evt_9f...", "status": "pending" }Platform
Everything a webhook needs, on day one.
Instant ingest
Publish an endpoint and start receiving in seconds. HTTP/1.1 + HTTP/2, JSON, form, raw.
Signature verification
HMAC-SHA256 signatures verified on every request. Timing-safe comparison.
Smart filtering
Reject events you don't need. Cut noise before it hits your workers.
Retry queue + DLQ
Exponential backoff up to 6 attempts. Anything left over lands in the dead-letter queue for replay.
Real analytics
Throughput, success rate, and errors — grouped by endpoint and status.
API + SDK
REST API and TypeScript SDK for programmatic access to every event and delivery.
Pipeline
Five stages. Zero dropped events.
Receive
Signed request hits your unique endpoint.
Verify
HMAC-SHA256 comparison in constant time.
Filter
Drop events that don't match your rules.
Deliver
Forward, retry on failure, escalate to DLQ.
Observe
Every payload, header, and attempt captured.
SDK
Verify in three lines.
Drop the SDK into your app. funiq signs every forwarded request so your handlers can trust the source.
- TypeScript + Node
- Works with any framework
- Timing-safe HMAC compare
import { verify } from "hookpilot";
app.post("/webhook", (req, res) => {
const ok = verify({
secret: process.env.HOOKPILOT_SECRET,
body: req.rawBody,
signature: req.headers["x-hookpilot-signature"],
});
if (!ok) return res.status(401).end();
// ... handle event
res.status(200).end();
});Ship webhooks like a platform team.
Start free. Upgrade when the traffic grows.