Skip to main content
Every request to the Hookdrop API must include a valid access token in the Authorization header: 
Authorization: Bearer YOUR_ACCESS_TOKEN
Keep your tokens secure. Never expose them in client-side code, public repositories, or anywhere they can be read by untrusted parties.

Register a new account

If you don’t have an account yet, create one with POST /api/auth/register.
email
string
required
Your email address.
password
string
required
Your account password.
curl -X POST https://hookdrop.dev/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "you@example.com",
    "password": "your-password"
  }'
Response
user
object
accessToken
string
Short-lived JWT you send with every API request. Expires after 15 minutes.
refreshToken
string
Long-lived token used to obtain a new access token when the current one expires.
{
  "user": {
    "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    "email": "you@example.com",
    "plan": "free"
  },
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Log in to an existing account

Exchange your credentials for tokens using POST /api/auth/login.
email
string
required
Your account email address.
password
string
required
Your account password.
curl -X POST https://hookdrop.dev/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "you@example.com",
    "password": "your-password"
  }'
Response 
{
  "user": {
    "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    "email": "you@example.com",
    "plan": "free"
  },
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Refresh an access token

Access tokens expire after 15 minutes. When yours expires, call POST /api/auth/refresh with your refresh token to get a new one without logging in again.
refreshToken
string
required
The refresh token returned from /auth/login or /auth/register.
curl -X POST https://hookdrop.dev/api/auth/refresh \
  -H "Content-Type: application/json" \
  -d '{
    "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  }'
Response 
{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Using your token

Include the access token in the Authorization header of every API request: 
Authorization: Bearer YOUR_ACCESS_TOKEN
For example, to list your endpoints: 
curl https://hookdrop.dev/api/endpoints \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"