Customer Portal Overview

The Hook Mesh Customer Portal is a white-labeled, embeddable UI that allows your customers to manage their webhook endpoints, view delivery logs, test webhooks, and rotate secrets - all without contacting support.

Self-service webhooks. Your customers can manage their entire webhook configuration independently, reducing your support burden by up to 80%.

Token configuration: Portal tokens expire after 1 hour by default (configurable from 60 seconds to 24 hours). By default, tokens grant full read-write access. For support/debugging scenarios, use permissions: ["read"] to provide read-only access.

What is the Customer Portal?

The Customer Portal is a pre-built, production-ready interface that you can embed directly into your application or link to as a standalone page. It provides your customers with complete control over their webhook configuration while maintaining security and authentication through short-lived tokens.

Endpoint management (create, update, delete)

Event type subscriptions

Real-time delivery logs

Test webhook functionality

Secret rotation with zero downtime

Webhook signature verification helpers

Failed delivery retry

Circuit breaker status monitoring

Key Features

Endpoint Management

Customers can create, update, and delete webhook endpoints. They choose which event types to subscribe to, configure custom headers, and manage rate limiting settings.

Secret Rotation

One-click secret rotation with zero downtime. The portal handles the dual-secret transition period automatically, ensuring no webhooks are missed during rotation.

Delivery Logs

Real-time visibility into webhook delivery status. Customers can see request/response details, retry attempts, timestamps, and full payload data for debugging.

Test Webhooks

Send test webhook events to verify endpoint configuration before going live. Customers can test signature verification, payload handling, and error scenarios.

Use Cases

Self-Service Integration

Your customers can set up and configure webhooks without any involvement from your team. They add their endpoint URL, subscribe to events, and start receiving webhooks immediately.

Reduced Support Burden

Instead of answering "Why didn't I receive this webhook?" tickets, customers can view delivery logs themselves. They see exactly when webhooks were sent, delivery status, and response codes.

Transparency and Trust

Give customers full visibility into webhook delivery. They can see retry attempts, circuit breaker status, and success rates. This transparency builds trust and reduces support escalations.

How It Works

The portal is accessed through a secure, time-limited URL that you generate for each customer. You can either embed it in your application using an iframe or link to it as a standalone page.

Generate portal token

Call the Hook Mesh API to generate a short-lived portal token for a specific application (customer). Tokens expire after 1 hour by default.

Embed or link to portal

Use the token to construct the portal URL. You can embed it in an iframe within your app or provide it as a direct link for customers to access.

Customer manages webhooks

Your customer uses the portal to add endpoints, subscribe to events, view logs, test webhooks, and rotate secrets - all without leaving your application.

Portal URL Format

The portal is accessed via a URL that includes a secure token in the path:

https://portal.hookmesh.com/{portal_token}?return_url={optional}

Parameter	Description
`portal_token`	Short-lived JWT token for authentication (path parameter)
`return_url`	Optional URL to redirect to after user exits portal

Generating Portal Tokens

Generate a portal token by calling the Hook Mesh API. Tokens are scoped to a specific application and expire after 1 hour by default.

POST /v1/applications/{application_id}/portal-tokens

Request

{
  "expires_in": 3600,
  "permissions": ["read", "write"]
}

Parameter	Type	Description
`expires_in`	integer	Optional. Token lifetime in seconds. Min: 60, Default: 3600 (1 hour), Max: 86400 (24 hours)
`permissions`	array	Optional. Array of permissions: `["read"]` or `["read", "write"]`. Default: `["read", "write"]`

Response

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "url": "https://portal.hookmesh.com/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_at": "2026-01-20T17:30:00Z"
}

Field	Description
`token`	JWT token for portal authentication
`url`	Complete portal URL ready to use (token in path)
`expires_at`	ISO 8601 timestamp when token expires

Code Examples

Node.js

// Generate portal token for a customer
async function getPortalUrl(applicationId) {
  const response = await fetch(
    `https://api.hookmesh.com/v1/applications/${applicationId}/portal-tokens`,
    {
      method: 'POST',
      headers: {
        'Authorization': `Bearer ${process.env.HOOKMESH_API_KEY}`,
        'Content-Type': 'application/json'
      },
      body: JSON.stringify({
        expires_in: 3600, // 1 hour (default)
        permissions: ['read', 'write'] // Full access (default)
      })
    }
  );

  const { url, expires_at } = await response.json();

  console.log('Portal URL:', url);
  console.log('Expires at:', expires_at);

  return url;
}

// Usage in your customer dashboard
app.get('/dashboard/webhooks', async (req, res) => {
  const customerId = req.user.id;
  const applicationId = await getApplicationId(customerId);

  const portalUrl = await getPortalUrl(applicationId);

  res.render('webhooks', { portalUrl });
});

Python

import requests
import os

def get_portal_url(application_id: str) -> dict:
    """Generate portal token for a customer."""
    response = requests.post(
        f'https://api.hookmesh.com/v1/applications/{application_id}/portal-tokens',
        headers={'Authorization': f'Bearer {os.environ.get("HOOKMESH_API_KEY")}'},
        json={
            'expires_in': 3600,  # 1 hour (default)
            'permissions': ['read', 'write']  # Full access (default)
        }
    )

    data = response.json()

    print(f'Portal URL: {data["url"]}')
    print(f'Expires at: {data["expires_at"]}')

    return data

# Usage in your Flask/Django app
@app.route('/dashboard/webhooks')
@login_required
def webhooks_dashboard():
    customer_id = current_user.id
    application_id = get_application_id(customer_id)

    portal_data = get_portal_url(application_id)

    return render_template('webhooks.html', portal_url=portal_data['url'])

Security

The portal uses short-lived JWT tokens to ensure secure access:

Short-lived tokens

Tokens expire after 1 hour by default (configurable up to 24 hours). This limits the window of exposure if a token is leaked.

App-scoped access

Each token is scoped to a specific application. Customers can only view and manage endpoints for their own application, never others.

Configurable permissions

Tokens grant full read-write access by default. For auditing or support scenarios, generate read-only tokens using permissions: ["read"] to allow viewing without making changes.

HTTPS only

The portal is served exclusively over HTTPS with strict transport security headers enabled.

Security best practice: Generate a new token each time a customer accesses the portal. Don't reuse or cache tokens. This ensures the shortest possible exposure window.

Portal vs API

When should your customers use the portal vs calling the API directly?

Scenario	Use Portal	Use API
One-time setup
Debugging webhooks
Manual secret rotation
Automated configuration
Programmatic updates
Infrastructure as code

Customization

The portal supports white-labeling and customization to match your brand:

Custom logo and brand colors (Enterprise plan)
Custom domain (portal.yourcompany.com)
Hide Hook Mesh branding
Custom CSS for advanced styling

See Customization for full details on branding options.

Benefits Summary

For your customers

Self-service webhook management - no support tickets needed
Real-time visibility into delivery status
Easy debugging with comprehensive logs
Test webhooks before going live

For you

Reduce support burden - customers manage webhooks themselves
Faster time to integration - customers can get started immediately
Better customer experience - transparency builds trust
Focus on your product - not webhook support tickets

Pro tip: Most Hook Mesh customers see an 80% reduction in webhook-related support tickets after enabling the customer portal.

Getting Started

Ready to give your customers self-service webhook management?

Create an application

First, create an application for your customer using the Applications API. This represents your customer in Hook Mesh.

Generate a portal token

Call the portal token endpoint with the application ID to get a secure, time-limited URL.

Embed or link

Embed the portal in your app with an iframe, or provide the URL as a direct link. See Embedding for implementation examples.

Customer Portal Overview

What is the Customer Portal?

Key Features

Endpoint Management

Secret Rotation

Delivery Logs

Test Webhooks

Use Cases

Self-Service Integration

Reduced Support Burden

Transparency and Trust

How It Works

Generate portal token

Embed or link to portal

Customer manages webhooks

Portal URL Format

Generating Portal Tokens

Request

Response

Code Examples

Security

Short-lived tokens

App-scoped access

Configurable permissions

HTTPS only

Portal vs API

Customization

Benefits Summary

For your customers

For you

Getting Started

Create an application

Generate a portal token

Embed or link

Next Steps

Authentication

Embedding

Customization

Related Documentation