Skip to content
Rush Commerce
Web app · Webhook router

Webhook plumbing you configure once instead of rebuilding every project.

  • Webhooks
  • Infrastructure
  • Multi-tenant
HMAC
verified inbound, with replay protection
Immutable
versioned route snapshots you can replay
Multi-tenant
workspaces with role-scoped keys
The problem

Every integration project rebuilds the same webhook plumbing: signature verification, retries, fan-out, transformation, inspection. It's undifferentiated work that still manages to be security-critical — the worst combination.

The approach

Hooker gives each source one stable inbound URL and handles the rest: verify, transform, route, retry. Routes are deterministic and versioned, destinations get their own retry behavior, and the whole thing is multi-tenant so one deployment serves many workspaces.

What it does
  • Gives each source one stable inbound URL with HMAC/secret verification, a replay window, and scoped idempotency.
  • Deterministic rule-based routes fan out to multiple destinations, versioned as immutable snapshots you can replay.
  • Templated Discord embeds and HTTP bodies, per-destination retry/backoff that honors rate limits, and an SSRF host allowlist.
  • Multi-tenant workspaces with role-scoped keys, an audit log, plan limits, and optional Stripe billing.
Stack & links
  • Node.js
  • Express 5
  • React 19
  • Vite
  • SQLite / Postgres
  • Stripe

Private build — ask us for a walkthrough.

Want a system like this for your business?

No discovery-call theater. Send us the problem, and we'll send back how we'd attack it.