Endpoints
What is an endpoint?
An endpoint is the public HTTPS URL you give to a webhook provider. It accepts any POST request, stores it, and streams it to your dashboard in real time. Think of it as a permanent, observable webhook inbox.
https://splithook.com/e/ab3dkf7z
Each endpoint belongs to exactly one workspace. All workspace members can see the captured webhooks.
Creating an endpoint
From the dashboard sidebar: New endpoint → enter a name → Save.
Splithook generates an 8-character base32 slug (characters a-z and 2-7, avoiding visually ambiguous digits). The slug is stable until you rotate it.
Plan limits:
| Plan | Max endpoints |
|---|---|
| Free | 1 |
| Pro | 10 |
| Team | 50 |
Enabling and disabling
A disabled endpoint still receives requests, but stops broadcasting to the live feed and stops fanning out to destinations. Useful for maintenance windows or when a third-party integration is misconfigured and flooding your quota.
Toggle via the endpoint header: the LIVE pill button.
Rotating the slug
If your endpoint URL is leaked, rotate the slug:
- Open the endpoint → ⋯ menu → Rotate URL.
- Confirm. The new slug is active immediately.
- The old slug returns
404— update your provider's webhook URL before rotating.
Rotation is immediate and irreversible. Copy the new URL, update it in your provider's dashboard, then rotate — not the other way around.
Renaming an endpoint
Double-click the endpoint name in the header (or use ⋯ → Rename). The name is internal only — it doesn't affect the URL.
Request retention
Webhook request metadata is stored indefinitely. The raw body lives in Redis with a TTL:
| Plan | Body TTL |
|---|---|
| Free | 24 hours |
| Pro | 30 days |
| Team | 90 days |
After the TTL, the body is purged. The headers, method, IP, and inferred schema remain. Replays after body expiry are not possible.
Inferred provider and event type
On every captured request, Splithook attempts to identify:
Provider — detected from headers and User-Agent:
| Provider | Detection signal |
|---|---|
| Stripe | Stripe-Signature header |
| GitHub | X-GitHub-Event header |
| Shopify | X-Shopify-Hmac-Sha256 header |
| Twilio | X-Twilio-Signature header |
| Svix | svix-signature header |
| Unknown | fallback |
Event type — detected in order:
- Explicit header:
X-GitHub-Event,X-Shopify-Topic, etc. - Well-known JSON field:
type,event,event_type,eventType. - Fallback:
unknown.
These are used to filter destinations (event_type == 'charge.failed') and to bucket schema inference per event type.
Mercure real-time feed
The dashboard subscribes to a private Mercure topic scoped to your endpoint:
https://splithook.com/endpoints/{slug}/webhooks
Each captured event is broadcast as a Turbo Stream that prepends a new row to the live feed — no polling, no page refresh.
The subscription JWT is scoped to your workspace at render time. It cannot be used to subscribe to events from other workspaces.
Deleting an endpoint
⋯ → Delete endpoint. This is permanent:
- All captured webhook metadata is deleted from the database.
- All destinations on this endpoint are deleted.
- Redis bodies are orphaned (they expire naturally after their TTL).
- The slug is immediately available for re-use by other workspaces.