Launch special — let's split the check with SPLITCHECK for 50% off
Share feedback →

other

MCP Server

Use HookSense from Claude Desktop, Cursor, or Claude Code via the Model Context Protocol server.

The HookSense MCP server exposes your webhook endpoints to Model Context Protocol clients — Claude Desktop, Cursor, Claude Code, Continue, and any other MCP-compatible agent. Instead of copy-pasting payloads from a dashboard into a chat, the agent fetches them directly.

What it can do

  • create_endpoint — spin up a new webhook URL from inside your agent
  • list_endpoints / get_endpoint — discover what you've already configured
  • list_requests — summary of recent captures (method, status, provider, time)
  • get_request — full payload of a single captured webhook
  • replay_request — re-send a captured webhook to any target URL (localhost, staging, prod)

Setup

1. Create an API token

Go to your account pageAPI tokensCreate token. Copy the hsk_... value — it's shown only once.

2. Configure your MCP client

Claude Desktop & Claude Code

Edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "hooksense": {
      "command": "npx",
      "args": ["-y", "@hooksense/mcp"],
      "env": {
        "HOOKSENSE_TOKEN": "hsk_your_token_here"
      }
    }
  }
}

Cursor

Edit ~/.cursor/mcp.json:

{
  "mcpServers": {
    "hooksense": {
      "command": "npx",
      "args": ["-y", "@hooksense/mcp"],
      "env": {
        "HOOKSENSE_TOKEN": "hsk_your_token_here"
      }
    }
  }
}

3. Restart your MCP client

The HookSense tools will appear in the tool palette. Your agent can now call them.

Example prompts

"Create a webhook endpoint, then show me the most recent payload it captured."
"Replay the last 3 captured webhooks against http://localhost:3000/webhooks/stripe so I can test my handler refactor."
"Diff the headers between the two most recent GitHub pushes captured at /w/ci-builds."

Security model

  • API tokens are bearer credentials. Treat them like passwords. Revoke immediately if leaked.
  • Tokens are stored as SHA-256 hashes on our side — we can't recover the plaintext, so you'll need to issue a new one if you lose yours.
  • Bearer-authed requests bypass cookie-based CSRF protection (by design — they're immune to CSRF).
  • Each token grants full account access. We recommend a separate token per machine/agent so revocation is granular.

Troubleshooting

"HOOKSENSE_TOKEN env var is required" — your client isn't passing the env var through. Check the JSON config above.

"Invalid or expired token (401)" — the token was revoked or mistyped. Generate a new one in /account.

Tool calls hang — the MCP server uses stdio. Make sure no other tools are writing to your client's stdin/stdout.

Source

The MCP server is open source. Read the code or file issues at github.com/ozers/hooksense.

PreviousLimits & Quotas