Share Sanitized Webhook Requests

Why teams need sanitized webhook sharing

Webhook debugging usually crosses team boundaries. The person who owns the receiver may need headers, path, query parameters, and body structure, while the person who owns the webhook infrastructure must protect credentials and customer data.

A sanitized request share keeps the useful debugging context in one stable link. It avoids screenshot drift, Slack copy-paste errors, and accidental exposure of raw secrets.

• Open a provider support case with the request shape attached.
• Hand off an incident to a receiver owner without granting dashboard access.
• Show a vendor which headers and payload fields arrived.
• Compare evidence before replaying with modifications.
• Keep the public artifact narrow, expiring, and read-only.

What FastHook redacts

How sanitized sharing works

1. FastHook captures the inbound webhook request.
2. An operator selects the request and creates a sanitized share.
3. FastHook builds a snapshot with default and custom redaction rules.
4. The dashboard copies an expiring public link.
5. The recipient opens the link and sees only the sanitized snapshot.

Dashboard and API workflow

In the dashboard, open Requests, select a request, and click Share sanitized. The API supports the same flow for support automation and internal tooling.

curl -X POST "https://api.fasthook.io/v1/requests/req_01jv8c3m7b2p4q9x6r5t1n0k8s/share" \
  -H "Authorization: Bearer fhp_xxx" \
  -H "x-team-id: tm_xxx" \
  -H "Content-Type: application/json" \
  -d '{
    "expires_in_seconds": 604800,
    "redact_keys": ["customer_id", "account_number"]
  }'

When FastHook is the better fit

• You need webhook capture, debugging, routing, replay, and sharing in one tool.
• You want a support-safe artifact without creating a separate request bin.
• You need share links tied to real production request history.
• You want to move from evidence to replay, filtering, transformations, or destination fixes.
• You need teammates to inspect one request without broader dashboard permissions.

Limitations to understand

Sanitized sharing is still a public bearer link until it expires. Do not use it as a replacement for team permissions when someone needs operational access, and add custom redaction keys for any private business fields your payload uses.

• Recipients can view the sanitized snapshot if they have the URL.
• The share is read-only and cannot retry or modify traffic.
• It is not meant for regulated data disclosure workflows.
• Full request investigation still belongs in the authenticated dashboard.

Frequently asked questions

What is a sanitized webhook request share?
It is an expiring public link to a redacted snapshot of a captured webhook request. The link shows useful debugging evidence without exposing common secrets.

Does FastHook share the original request payload?
No. FastHook creates a sanitized snapshot when the share is created, then serves that copy from the public link.

Which fields are redacted?
FastHook redacts common secret keys such as authorization, cookies, API keys, tokens, passwords, provider signatures, and custom keys supplied by the operator.

Can I add my own redaction keys?
Yes. The API accepts redact_keys so teams can hide business-specific identifiers such as customer_id, account_number, or internal_email.

Are share links indexed by search engines?
FastHook dashboard share pages are marked noindex. The SEO documentation page is indexable, but individual request share links are not intended for indexing.

When should I use sanitized sharing instead of dashboard access?
Use a sanitized link for support tickets, vendor debugging, and limited incident evidence. Use dashboard access when someone must inspect many requests or operate retries and routing.