Authentication is opt-in. By default, all endpoints (including webhook ingest) are publicly accessible. To protect your instance, setDocumentation Index
Fetch the complete documentation index at: https://supahooks.ar27111994.dev/llms.txt
Use this file to discover all available pages before exploring further.
authKey in the Actor input. Once set, the same key is enforced across all management routes and, conditionally, on the webhook ingest endpoint.
Enabling authentication
PassauthKey in your Actor input to activate auth:
Supported methods
OnceauthKey is configured, you can authenticate with either of the following methods on every protected request.
| Method | Example |
|---|---|
| Bearer token header | Authorization: Bearer YOUR_KEY |
| Query parameter | ?key=YOUR_KEY |
Protected endpoints
The following endpoints require authentication whenauthKey is configured:
GET /GET /infoGET /logsGET /logs/:logIdGET /logs/:logId/payloadGET /log-streamPOST /replay/:webhookId/:itemIdGET /system/metrics
Never protected
The health probes are never auth-protected, regardless of whetherauthKey is set. This allows container orchestrators and load balancers to probe the service without credentials.
GET /healthGET /ready
Webhook ingest auth
ANY /webhook/:id is public by default. When authKey is configured, webhook ingest uses the same auth validation as management routes. This means every inbound webhook request must include a valid Authorization: Bearer header or ?key= query parameter.