Authentication
All webhook endpoints require an API key sent in the X-API-Key header.
Find your API key at hellhound.dev/account. Each account has one API key. If you need to rotate it, generate a new one from your account page.
Keep your API key private. Do not commit it to version control or expose it in client-side code. Use environment variables or a secrets manager to store it.
Unauthorized response:
If the key is missing or invalid, you will receive a 401 response:
Base URL
All API requests are made to:
Full example URL:
POST /api/webhook/run-start
Report that an automation run has started. Call this at the beginning of your workflow.
Returns a run_id to use when reporting the run end.
Full URL:
Headers:
| Header | Value |
|---|---|
| X-API-Key | Your API key |
| Content-Type | application/json |
Request body:
| Field | Type | Description |
|---|---|---|
| automation_name required | string | Name of the automation (e.g. "lead-pipeline") |
| source | string | Where the run was triggered from (e.g. "make", "n8n", "zapier", "custom") |
Example request body:
automation_name must match the name you use in run-end. If the automation does not exist yet, Hellhound creates it automatically on the first run-start. The source field is optional but helps you filter runs in the dashboard.
Response (200):
Errors:
| Status | Meaning |
|---|---|
| 400 | Missing automation_name |
| 401 | Invalid or missing API key |
| 402 | Plan limit reached |
| 429 | Rate limit exceeded |
| 500 | Server error |
curl example:
POST /api/webhook/run-end
Report that an automation run has finished. Call this at the end of your workflow.
Include the run_id from run-start to link the two events.
Full URL:
Headers:
| Header | Value |
|---|---|
| X-API-Key | Your API key |
| Content-Type | application/json |
Request body:
| Field | Type | Description |
|---|---|---|
| automation_name required | string | Name of the automation (must match run-start) |
| run_id | string | The run_id returned from run-start (recommended) |
| success required | boolean | Whether the run succeeded (true or false) |
| error_message | string | Error details when success is false |
Example request body (success):
Example request body (failure):
success must be a boolean, not a string.
Send true or
false, not
"true" or
"false".
Some platforms (like Make.com) send strings by default — make sure to convert.
Response (200):
Errors:
| Status | Meaning |
|---|---|
| 400 | Missing automation_name or success |
| 401 | Invalid or missing API key |
| 402 | Plan limit reached |
| 429 | Rate limit exceeded |
| 500 | Server error |
curl example (success):
curl example (failure):
Request format
All requests must be sent as JSON with the Content-Type: application/json header.
Field types:
| Type | JSON format | Example |
|---|---|---|
| string | Wrapped in double quotes | "lead-pipeline" |
| boolean | Bare true or false (no quotes) | true |
| number | Bare number (no quotes) | 42 |
Common mistake:
Sending "true" (a string) instead of
true (a boolean).
Many no-code platforms default to strings. Make sure boolean fields are sent as actual JSON booleans.
Error codes
All endpoints return standard HTTP status codes. Error responses include a JSON body with an error field.
| Status | Meaning | What to do |
|---|---|---|
| 200 | Success | Request was processed successfully |
| 400 | Bad request | Check required fields are present and correctly typed |
| 401 | Unauthorized | Check your API key is correct and sent in the X-API-Key header |
| 402 | Payment required | Upgrade your plan or reduce the number of monitored automations |
| 429 | Rate limited | Wait and retry. You are sending too many requests per second |
| 500 | Server error | Retry after a few seconds. If persistent, contact support |
Error response format:
Integration examples
Copy-paste examples for the most common platforms and languages.
Make.com
Make.com has a dedicated step-by-step setup guide. See Make.com Setup →
Node.js
Use the built-in fetch API (Node 18+) or any HTTP library.
Python
Using the requests library.
Bash / curl
For shell scripts, consider using
hellhound watch instead of the webhook API.
It wraps your command with zero code changes:
hellhound watch --name "my-job" --run "./script.sh"