Introduction

Mittr is webhook delivery infrastructure. We handle the hard parts (retries, monitoring, security, scale) so you can focus on building your product.

Building reliable webhook delivery is deceptively complex. You need:

• Guaranteed delivery with retries and exponential backoff
• Monitoring to know when deliveries fail and why
• Security with signed payloads and mTLS
• Scale to handle bursts without dropping events
• Multi-tenancy to isolate customer data

Mittr provides all of this with a single Go binary and PostgreSQL.

1. Send an event via the REST API with an idempotency key
2. Mittr routes it to all subscribed endpoints (fan-out by event type)
3. Delivery is guaranteed with automatic retries, circuit breakers, and dead letter queues
4. Monitor everything from the real-time dashboard or via API

curl -X POST https://app.mittr.io/api/v1/events \
  -H "X-API-Key: mtr_your_key" \
  -H "X-Idempotency-Key: order-123" \
  -H "Content-Type: application/json" \
  -d '{
    "eventType": "order.created",
    "payload": { "orderId": "ord_123", "amount": 9900 }
  }'

• Automatic retries with configurable exponential backoff (default 5 attempts, configurable per-event)
• Circuit breakers per endpoint — stops hammering failing destinations
• Dead letter queue — permanently failed events are replayable, editable, and resendable
• Priority queues (1-10) — critical webhooks jump the line
• Scheduled delivery — delay events by seconds or up to 30 days
• Payload transformations — JavaScript transforms modify method, URL, headers, and body before delivery
• Storage sink delivery — deliver to S3, GCS, or S3-compatible stores instead of HTTP
• Poll-based delivery — consumers pull events via long-polling with acknowledgement

• Fan-out — one event, many endpoints. Subscribe by type with wildcards (order.*)
• Content-based filtering — 10+ filter operators (equals, contains, regex, startsWith) with AND/OR/NOT combinators
• FIFO ordering — sequential delivery per partition key
• Inbound webhooks — receive from 130+ platforms (GitHub, Stripe, Shopify, etc.) with auto signature verification
• Event type mapping — extract event types from headers or payload with JSONPath

• HMAC-SHA256 signatures on every delivery with per-endpoint secrets
• Secret rotation — zero-downtime key rotation with configurable grace period
• mTLS — mutual TLS client certificates per endpoint
• IP allow/block lists per endpoint (CIDR notation)
• SSRF protection — blocks loopback, private IPs, link-local addresses
• API key scoping — restrict keys by scope, rate limit, and expiration
• Audit log for every configuration change

• Dashboard with delivery charts, event detail, edit & resend, debug capture endpoints
• Team management — invite by email, roles (admin, editor, viewer)
• Projects — isolate environments (production, staging, development)
• SSO — Google, GitHub OAuth, and SAML 2.0 single sign-on
• Alert rules — trigger on failure rate, latency, or queue depth. Notify via Slack, PagerDuty, Email, or webhook
• Connectors — pre-built integrations for Slack, Discord, Teams, PagerDuty, Email
• Debug endpoints — temporary webhook capture with real-time streaming and replay
• REST API — works with any HTTP client, any language. Signature verification examples in 5 languages

Pricing follows usage volume + capability tier, not how many things you’ve configured. Three pricing dimensions drive the meter:

• Messages/month — the primary cost. Hard-capped on Free; paid plans bill overage at a per-tier rate (Starter $1.00 / Growth $0.50 / Scale $0.20 per 1k); Enterprise via custom contract.
• Rate limit — sustained requests per second.
• Retention — how long events, delivery attempts, and audit rows live. Split into four windows you can tune per category.

Capability tiers add boolean features as you climb: MFA, SAML SSO, SCIM, session policies, GDPR data-subject tools, compliance attestation, dedicated infrastructure. Resource counts (endpoints, event types, alert rules, team members) aren’t tier-gated — every plan can create up to a system-wide hard cap of 10k each, which exists only as a DB-protection guard.

See the Plans & Pricing guide for the full breakdown.

• Quickstart — send your first webhook in 5 minutes
• API Reference — full REST API documentation
• Webhook Security — verify webhook signatures
• Retry Strategies — configure backoff and circuit breakers
• Inbound Webhooks — receive from 130+ platforms
• Connectors — Slack, Discord, Teams, PagerDuty, Email
• Transformations — modify payloads with JavaScript
• Storage Sinks — deliver to S3 or GCS
• Poll Delivery — pull events instead of push
• Integrations — full list of supported platforms