HookCastle
v2.4.1April 2026 release

Stop babysitting your webhook queue.

HookCastle takes events from your app and delivers them to your customers' endpoints — with retries, exponential backoff, HMAC signatures, and a searchable delivery log. Drop it in, point your webhook URL at us, move on.

Start free → Read the docs

EU-hosted · GDPR-friendly · Free tier up to 50,000 events/mo

deliver.sh bash 
# queue an event for delivery
curl -X POST https://api.hookcastle.com/v1/events \
  -H "Authorization: Bearer hc_live_a8f...3c2" \
  -H "Content-Type: application/json" \
  -d '{
    "destination": "https://acme.app/hooks/orders",
    "payload": { "event": "order.paid", "id": "ord_4912" }
  }'

<- 201 Created
{
  "id": "evt_8a3f4b9c7d",
  "status": "queued",
  "attempts": 0,
  "created_at": "2026-04-30T09:14:22Z"
}

What you get

Retries that don't lose events

Failed deliveries get up to 12 attempts over ~24h with exponential backoff (30s, 2m, 10m, 30m, 1h…). Per-endpoint policy if the default isn't right for you. Nothing is dropped silently.

A delivery log you can actually search

Every attempt is stored with full request and response (status code, headers, body, latency) for the retention window of your plan. Filter by status, endpoint, or any header. Replay individually or in bulk.

Per-endpoint HMAC signatures

Each endpoint can have its own secret. We sign the body with HMAC-SHA256 and ship the signature in X-HookCastle-Signature. Verifying on the receiving side is six lines in any language.

Drop-in for existing webhooks

Already use Stripe / GitHub / Shopify webhooks? Point the destination URL at HookCastle, set us as the relay, and keep your existing signature scheme. We forward intact and add ours.

Sane rate limits per destination

Configure a max requests-per-second per endpoint so you don't accidentally DDoS your customer's slow webhook receiver. Excess events stay queued, not dropped.

Honest pricing

Free tier covers 50K events/month; the Pro plan is €29/mo flat with 1M events. No usage-based surprises. If you outgrow Pro, write us — we'll figure something out before sending an invoice.

How it fits in

You publish events to our API. We queue them, deliver them, retry them, and surface what happened. That's it. Two integration shapes:

relay Existing webhook source
You already receive a webhook from Stripe / GitHub / your own backend. Forward the body to POST /v1/events with the destination URL. We take it from there. Your code drops the cron job, the queue table, and the retry loop.
direct Native integration
Inside your service, replace your "send webhook" call with a call to our SDK (or plain HTTP). You stop caring about delivery state — just check the dashboard or wire our delivery webhook back into your app.
fan-out One event, many endpoints
Attach multiple destination URLs to a single event (e.g. one customer subscribed to order.*, another to order.paid only). HookCastle handles delivery and retry independently for each endpoint.

Pricing

Two tiers and a "talk to us" option. Annual billing knocks 15% off — written about in the full pricing page.

Free

€0/mo

For testing, side projects, low-volume use.

  • 50,000 events / month
  • 7-day delivery log retention
  • 3 endpoints
  • Community email support
Sign up

Pro

€29/mo

For production. Most customers land here.

  • 1,000,000 events / month
  • 30-day log retention
  • Unlimited endpoints
  • Priority support (24h response)
  • Custom retry policy per endpoint
Start 14-day trial

Enterprise

Custom

Higher volume, SSO, custom SLA, DPA.

  • From 5M events / month
  • 90-day log retention
  • SSO (SAML, Google Workspace)
  • Custom DPA & subprocessor list
  • Slack channel for support
Get in touch

All plans run on EU infrastructure (Sofia, Bulgaria). VAT charged where applicable. Invoices in EUR.

Things people ask before signing up

Why not just write the retry loop myself?
You can. We did, three or four times, before deciding it was worth charging money for. The honest answer is that "retry with backoff" is the easy 30%; the hard 70% is the dashboard, the searchable log, the per-endpoint policy, the rate limit handling, and not having to wake up at 3am because the queue table filled the disk.
Where exactly is this hosted?
Single VPS region in Sofia, Bulgaria, with an EU-based hosting provider. We picked it for low EU-internal latency and predictable pricing. We don't proxy through Cloudflare or any US CDN. Subprocessor list is in the privacy policy.
Is the source open?
Parts of it: the CLI and language SDK examples are MIT on github.com/hookcastle. The delivery service itself isn't open-source — for now it's a small focused product, not a platform.
What happens to events past my retention window?
The event payload is removed from our database after the retention period (7 days on Free, 30 on Pro, configurable on Enterprise). The metadata (id, destination, final status, timestamps) is kept for billing reconciliation but stripped of payload bodies.
What's the deal with the name?
Hooks (webhooks) + Castle (somewhere safe to keep them while we figure out delivery). I tried "Hookhaus", "Postcastle", "Webgate" first. None of the .com domains were free. hookcastle.com was, so here we are.
Can I cancel any time?
Yes. From the dashboard. We'll keep your delivery log accessible read-only for 14 days after cancellation, then drop it. Export to JSON is one click.

Built by a small team in Milan.

HookCastle was started in 2023 by Claudio Baldinucci after the third time he wrote webhook retry logic at a $dayjob. It's still a small operation — there's no growth team, no SDR, no support tier. If you email hello@hookcastle.com, you're emailing the people who write the code.

If you're evaluating HookCastle for production: ask hard questions, we'd rather you don't sign up than sign up disappointed. More about us →