Hook0

Webhooks-as-a-Service for SaaS builders, honestly reviewed. Because your product shouldn’t die on webhook retry logic.

TL;DR

• What it is: Open-source Webhooks-as-a-Service (WaaS) platform — you send one API call, Hook0 handles delivery, retries, signatures, logging, and the subscriber portal your users see [website].
• Who it’s for: Developers and technical founders building SaaS products who need to offer webhook integrations to their own users. Not an end-user automation tool — this is infrastructure for the people building the tools [README].
• Cost savings: Svix (the dominant commercial alternative) charges per message volume with no self-hosted option. Hook0 self-hosted on a $10/mo VPS eliminates that bill entirely [website].
• Key strength: Complete, production-ready webhook stack — delivery, exponential-backoff retries, cryptographic signatures, event logs, embeddable subscriber portal — out of the box [README][website].
• Key weakness: SSPL license, not MIT or Apache. This matters if you plan to embed it in a commercial product or redistribute it. 1,390 GitHub stars is small for infrastructure you’d bet a production SaaS on. Third-party reviews are nearly nonexistent [README][merged profile].

---

What is Hook0

Hook0 solves a specific, annoying problem: you’re building a SaaS product, your enterprise customers ask for webhook integrations (“notify our system when an order ships”), and you either build all that infrastructure yourself or you pay someone else to run it.

Building it yourself means implementing reliable delivery queues, retry logic with exponential backoff, cryptographic payload signing, subscriber management, event logs, and a dashboard for your users to debug failed deliveries. It takes weeks and it’s not your core product. It’s plumbing.

Hook0 is that plumbing, packaged as a service you call with one API request. Your app fires an event at Hook0; Hook0 handles the rest — figuring out which of your users subscribed to that event type, delivering it to their endpoint, retrying on failure, logging everything, and exposing it all through a subscriber portal you can embed under your own domain [README][website].

The project is 100% bootstrapped, based in Europe, and co-founded by François-Guillaume Ribreau (also known for Cloud-IAM and several other developer tools) and David Sferruzza [website][5]. As of this review it sits at 1,390 GitHub stars. The README carries an SSPL badge — the Server Side Public License, which is not an OSI-approved open source license and carries meaningful restrictions compared to MIT [README].

---

Why people choose it

Third-party reviews of Hook0 are sparse — the tool occupies a narrow enough niche that it hasn’t generated the volume of independent commentary that a Zapier competitor would. What exists is mostly primary source material: the website, documentation, and the co-founder’s blog [5].

The case for Hook0 comes down to three things.

Build-vs-buy math on webhook infrastructure. Every SaaS eventually needs to offer webhooks. The classic path is building it yourself: a delivery queue, a retry worker, a database table for subscriptions, a UI for your customers. Engineering time is expensive. Hook0’s pitch is that you skip this entirely — one API integration on your end, and your users get a subscriber portal, delivery logs, retry transparency, and mock payloads for testing [website][README]. The co-founder frames it directly: “We are building it the way we would love to use it.” [website testimonials]

European data sovereignty and GDPR compliance. The SaaS version keeps all data in Europe, on Clever Cloud infrastructure. Hook0 provides a full Data Processing Addendum for GDPR compliance and documents its subprocessors [1][3]. For European SaaS builders selling to enterprise customers with DPA requirements, this removes friction. “Hook0 does not lock your data nor your software. If you subscribe to Hook0 SaaS version, all your data will stay in Europe. No GAFAM there.” [website]

Self-hosted escape hatch. The Svix model is fully commercial — no self-hosting, pricing tied to message volume. Hook0 gives you a path out: self-host on your own infrastructure, zero per-event fees, no vendor dependency on a third party for your outbound webhook pipeline [README][website]. The co-founder’s blog reflects this philosophy consistently — he built an open-source MCP server for Matomo specifically to avoid routing analytics through a third-party service [5]. Hook0 is the product version of that instinct.

---

Features

Core delivery engine:

• One-call API to trigger webhook events [website][README]
• Fine-grained subscriptions: your users subscribe to specific event types, not everything [README]
• Multi-endpoint subscriptions: users can register multiple target URLs per subscription [website]
• Exponential backoff retries on delivery failure [README][website]
• Endpoint health monitoring and failure notifications (listed as “coming soon” on the website) [website]
• Event scoping: scope events to user, organization, or custom hierarchy levels [website][README]

Security:

• TLS on all webhook delivery [website]
• Cryptographic signature on every payload to prevent forgery, replay attacks, and man-in-the-middle [website]
• Hosted on Clever Cloud with SOC 2 and ISO 27001 audited infrastructure [1]
• Two-factor authentication on operator access [1]
• PGP key available for vulnerability disclosure; open bug bounty for API security reports [1]

Observability:

• Full event and response persistence — every event sent, every webhook attempt logged [README][website]
• Subscriber-facing delivery logs for debugging [website]
• Replay: subscribers can replay old events from the log [website]

Subscriber portal:

• Embeddable portal with custom subdomain and logo [website]
• Mock payloads for subscribers to test their integration without your app sending real events [website]
• Subscribers self-manage their webhook URLs [website]

Developer integration:

• JSON REST API [README]
• SDKs mentioned but not enumerated on the public documentation [website]
• MCP Server for AI assistants — lets AI tools trigger webhook events [website]

Cloud features (SaaS version):

• Project provisioned in ~90 seconds [README]
• Auto-scaling for thousands of requests per minute [website]
• Global CDN [README]
• Uptime SLA: 99.9% [website]

Deployment:

• Docker and PostgreSQL for self-hosted [merged profile]
• On-premise and single-tenant options available [website]

What’s notably absent from the public documentation: specific SDK language support, Kubernetes/Helm charts (unlike some competitors), and the “coming soon” items (dashboards, failure notifications) suggest the product is still building toward feature completeness [website].

---

Pricing: SaaS vs self-hosted math

Hook0 Cloud:

• Community (Free): Available, no credit card required. The website says “Unlimited users and applications, API requests” on the free community cloud [README]. Specific event/message limits on the free tier are not published clearly on the pricing page referenced in the scraped data.
• Standard: Event-based, pay-as-you-go pricing [README]. Exact per-event rates are not available in the data provided for this review.
• Enterprise: Contact sales [website].

Self-hosted:

• Software license: $0 (with SSPL terms — see Cons) [README]
• Infrastructure: $10–20/month for a VPS that can handle moderate webhook volumes
• PostgreSQL: bundled or external
• Your ops time

Svix for comparison (primary commercial competitor):

• Pricing is usage-based per message volume, with no self-hosted tier. Exact rates not available in this review’s source data.

Specific pricing comparison math is not available from the provided sources. Hook0’s website references “Event-Based Pricing” and “Pay-as-you-go” but the exact rate card wasn’t captured in the scrape. The clear savings claim is for self-hosted users who escape per-event SaaS billing entirely.

---

Deployment reality check

Hook0 self-hosted runs on Docker and PostgreSQL — the same stack as most modern infrastructure, so there’s nothing exotic about the deployment shape [merged profile]. The README points to documentation for setup details.

What you actually need:

• A Linux VPS (2–4GB RAM is a reasonable starting point for webhook infrastructure)
• Docker and docker-compose
• PostgreSQL (can run in the same compose stack)
• A reverse proxy for HTTPS (Caddy or nginx)
• A domain for the subscriber portal subdomain feature

What can go sideways:

The honest assessment here is limited by thin third-party coverage. No independent review has stress-tested the self-hosted setup and reported back. The production SaaS runs on Clever Cloud (a French PaaS), which provides SOC 2 and ISO 27001 audited infrastructure [1][4] — but the self-hosted path relies on whatever you provision.

The SSPL license is the bigger operational risk to flag. SSPL was written by MongoDB and is deliberately more restrictive than MIT: if you offer Hook0 as a network service to others, you may be required to open-source your entire service stack under SSPL. For a SaaS founder embedding Hook0 into their own product stack, this deserves a legal read before committing [README]. The project’s own shield says “SSPL” [README], which is distinct from the “NOASSERTION” in the merged profile — treat the README badge as authoritative.

Activity signal: The GitHub commit activity badge in the README shows a monthly commit cadence, suggesting the project is actively maintained. 1,390 stars is modest for infrastructure software, which means the community troubleshooting pool is small if you hit an edge case.

Realistic time estimate for a developer: 30–90 minutes to a running self-hosted instance. For a non-technical founder: this tool requires either a developer or a deployment service — there’s no click-through managed SaaS setup equivalent to what Svix offers.

---

Pros and Cons

Pros

• Complete out-of-the-box webhook stack. Delivery, retries, signatures, event logs, subscriber portal — everything a SaaS webhook integration needs is in one package, not assembled from primitives [README][website].
• Embeddable subscriber portal. Your users get a first-class webhook management experience with your branding, without you building it [website]. This is the feature that most custom-built webhook implementations skip and immediately regret.
• European data sovereignty. GDPR-ready with DPA, subprocessor documentation, and data stored in Europe [1][3]. Meaningful differentiator for EU-regulated industries.
• Cryptographic security out of the box. TLS + payload signatures + replay attack protection [website]. Getting this right yourself is where most homegrown webhook implementations cut corners.
• Bootstrapped and profitable since day 1. No investor pressure to change pricing or pivot [website][5]. The team’s track record (multiple developer infrastructure products) suggests staying power.
• MCP server for AI integration — can trigger webhook events from Claude and other AI assistants [website]. Forward-looking for AI-native SaaS builders.
• GDPR-compliant infrastructure with third-party audits through Clever Cloud (SOC 2, ISO 27001) [1][4].

Cons

• SSPL license, not MIT or Apache. This is a real limitation. If you build a commercial product that offers Hook0 as a service to your users, SSPL terms require careful legal review. It’s not the permissive license the “open source” marketing implies [README]. This is the most important thing a founder should understand before adopting Hook0.
• 1,390 GitHub stars = small community. For infrastructure you’re embedding in a production SaaS, this means fewer battle reports, fewer community fixes, and fewer Stack Overflow threads when something breaks [merged profile].
• No independent third-party reviews. Every piece of substantive review content traces back to the Hook0 team’s own materials. That’s not a red flag, but it limits the ability to verify production stability claims independently.
• Pricing opacity on Standard tier. The website describes event-based pay-as-you-go pricing but doesn’t publish a rate card — you’d need to sign up or contact sales to model your actual costs [website].
• “Coming soon” features on the website. Dashboards and failure notifications are still listed as coming soon, which suggests the product is still building toward its own feature roadmap [website].
• Small team. Bootstrapped is admirable, but a two-founder company means support bandwidth, bug fix velocity, and feature roadmap are tightly constrained.
• No Kubernetes/Helm charts documented. Unlike more mature self-hosted infrastructure projects, the deployment story doesn’t include a Helm chart reference in available documentation [merged profile].

---

Who should use this / who shouldn’t

Use Hook0 if:

• You’re a developer or technical founder building a SaaS product whose customers are asking for webhook integrations, and you don’t want to build and maintain that infrastructure yourself.
• You need European data residency and GDPR compliance baked into your webhook infrastructure.
• You want an embeddable subscriber portal that your users interact with directly — rather than explaining to customers how to set up their own webhook endpoints.
• You’re comfortable self-hosting Docker-based infrastructure and want to eliminate per-event SaaS billing from your stack.
• You prefer bootstrapped, no-investor-pressure vendors for long-term infrastructure dependencies.

Skip it and use Svix if:

• You need maximum reliability guarantees with a commercial SLA, dedicated support, and a company whose entire revenue depends on webhook delivery SLAs.
• You need to be up in 90 seconds with no infrastructure ops — Svix is pure managed SaaS.
• Your legal team requires an OSI-approved open source license for any dependencies in your stack (SSPL fails this test).

Skip it (build it yourself) if:

• Your webhook use case is simple enough — one event type, one endpoint per customer, low volume — that a queue table and a worker process is genuinely sufficient. Hook0’s value grows with complexity.

Skip it (not for you at all) if:

• You’re a non-technical founder looking for an end-user automation tool like Zapier or Make. Hook0 is developer infrastructure for people building SaaS — it has no UI for connecting apps and automating personal workflows.

---

Alternatives worth considering

• Svix — the primary commercial competitor. Fully managed, no self-host option, OSI-compliant licensing not applicable (closed source), strong reliability reputation, cleaner documentation. The obvious choice if you want someone else to run the infrastructure and you’ll pay for it.
• Convoy — open-source (Apache 2.0) webhook delivery platform. More permissive license than Hook0, different feature surface, less polished subscriber-facing UX. Worth evaluating if the SSPL matters to you.
• Hookdeck — commercial webhook delivery and routing platform, also handles inbound webhooks (receiving and processing). Different product shape — closer to webhook middleware than pure outbound delivery.
• Build your own — a Postgres table, a BullMQ or Sidekiq queue, and a retry worker. Probably two weeks of work for a competent backend engineer. Viable if your requirements are simple and you don’t need a subscriber portal.
• Standard Webhooks — not a product but a specification. If you’re building your own, follow this spec so your signatures and headers are interoperable with existing tooling.

Hook0’s realistic competitive set is Svix vs Hook0: commercial managed vs. open-ish self-hosted. If you’re choosing between those two, the decision is mostly: do you want to pay per message indefinitely (Svix) or pay once to set it up and own the infrastructure (Hook0)?

---

Bottom line

Hook0 solves a real problem that most SaaS founders encounter around the time their first enterprise customer asks “do you support webhooks?” The full stack — delivery, retries, signatures, subscriber portal, event logs — is genuinely useful to have packaged rather than assembled from scratch. The European data sovereignty angle and GDPR-ready DPA add meaningful value for EU-focused SaaS builders.

The honest caveats: the SSPL license is not the permissive open source that the marketing implies, and the small star count means you’re betting production infrastructure on a project with a thin community troubleshooting surface. For a technical founder who’s evaluated the license terms and wants to self-host a complete webhook stack rather than pay Svix’s per-message rates indefinitely, Hook0 is a credible choice. For a non-technical founder, this is a developer infrastructure tool that requires a developer to deploy and operate — that’s not a knock, just accurate.

If the deployment step is the blocker, that’s exactly the kind of one-time setup that upready.dev handles for clients. Deploy it once, you own the infrastructure.

---

Sources

1. Hook0 Security and Compliance — hook0.com. https://www.hook0.com/security
2. Hook0 Data Processing Agreement — hook0.com. https://www.hook0.com/data-processing-addendum
3. Hook0 Cloud Policies — documentation.hook0.com. https://documentation.hook0.com/hook0-cloud/
4. François-Guillaume Ribreau Blog — December 2025 (Hook0 co-founder) — blog.fgribreau.com. https://blog.fgribreau.com/2025/12/

Primary sources:

• GitHub repository and README: https://github.com/hook0/hook0 (1,390 stars, SSPL license)
• Official website: https://www.hook0.com
• Security page: https://www.hook0.com/security