Skip to main content

Documentation Index

Fetch the complete documentation index at: https://supahooks.ar27111994.dev/llms.txt

Use this file to discover all available pages before exploring further.

POST /replay/:webhookId/:itemId re-sends a previously captured webhook event to a destination URL you specify. The server validates the target against SSRF rules, strips masked and transport headers, injects replay-specific headers, and returns the target’s response code and body. Authentication: Required when authKey is configured.

Path parameters

webhookId
string
required
The webhook ID that owns the captured event.
itemId
string
required
The log entry ID to replay. If this does not resolve to a log ID but parses as a timestamp, the handler attempts a fallback lookup by timestamp within the specified webhook.

Query parameters

url
string
required
Destination URL to replay the event to. Subject to SSRF and DNS safety checks. Private networks, loopback addresses, and cloud metadata endpoints are blocked. See Error responses for the full blocked-range list.

Example request

curl -X POST \
  "https://<run-id>.runs.apify.net/replay/wh_abc123/evt_8m2L5p9xR?url=https%3A%2F%2Ftarget.example%2Fwebhook"

Added headers

The server injects the following headers into every outbound replay request:
HeaderValue
X-Apify-Replaytrue
X-Original-Webhook-IdThe original webhook ID
Idempotency-KeyA unique key for this replay attempt

Stripped headers

Masked headers (e.g. Authorization, Cookie) and transport-managed headers (e.g. host, content-length) are removed before forwarding. The response body lists any headers that were stripped.

Success response

{
  "status": "replayed",
  "targetUrl": "https://target.example/webhook",
  "targetResponseCode": 200,
  "targetResponseBody": "OK"
}
When headers were stripped, the response also includes: 
{
  "status": "replayed",
  "targetUrl": "https://target.example/webhook",
  "targetResponseCode": 200,
  "targetResponseBody": "OK",
  "strippedHeaders": ["host", "content-length"]
}

Error responses

Missing destination URL: 
{
  "error": "Missing 'url' parameter"
}
SSRF or DNS validation failure: 
{
  "error": "URL resolves to internal/reserved IP range"
}

{
  "error": "Unable to resolve hostname"
}
Timeout after all retry attempts (504): 
{
  "error": "Replay Failed",
  "message": "Target destination timed out after 3 attempts (10s timeout per attempt)",
  "code": "ECONNABORTED"
}

Retry and timeout settings

You can tune replay behavior in Actor input:
SettingDescription
replayMaxRetriesNumber of delivery attempts before marking the replay as failed
replayTimeoutMsPer-attempt timeout in milliseconds. A dead downstream does not hang the actor beyond this value.
When all retry attempts time out, the server returns 504 Gateway Timeout with a machine-readable code field when one is available.