Transient Mode: Process Webhooks Without Storing Payloads
New per-source Transient Mode skips payload storage entirely. Designed for HIPAA, GDPR, and data minimization requirements in webhook pipelines.
Why Your Webhook Payloads Might Be a Liability
Webhook relay platforms store payloads so you can debug, replay, and inspect deliveries after the fact. That is useful -- until the payloads contain protected health information, payment card numbers, or personally identifiable data subject to GDPR.
Every stored payload becomes a compliance surface. It needs encryption at rest, access controls, audit logs, retention policies, and eventually, defensible deletion. For teams operating under HIPAA, PCI-DSS, or GDPR data minimization principles, the safest payload is the one you never store.
Today we are releasing Transient Mode, a per-source setting that processes webhook payloads without persisting them to storage. Events still flow through your routes, transforms, and destinations exactly as before -- but the payload body is never written to disk.
How Transient Mode Works
When you enable Transient Mode on a source, Hookbase changes how it handles incoming webhook payloads at the ingestion layer:
Without Transient Mode (default): Webhook arrives -> Payload encrypted and stored in R2 -> Event metadata saved to D1 -> Delivery queued -> Worker fetches payload from R2 -> Delivers to destination
With Transient Mode enabled: Webhook arrives -> Payload passed directly through the queue -> Event metadata saved to D1 -> Delivery queued with inline payload -> Worker delivers to destination -> Payload discarded
The key difference is that payloads bypass R2 object storage entirely. There is no encrypted blob sitting in a bucket waiting to be cleaned up by a retention policy. The payload exists only in memory and in transit.
Small vs. Large Payloads
Transient Mode handles payloads differently based on size:
- Payloads under 100KB are passed inline through the delivery queue. The payload travels as part of the queue message itself and is discarded after delivery.
- Payloads over 100KB exceed queue message size limits, so they are temporarily staged in R2 under a
transient/prefix with explicit transient metadata. These temporary objects are cleaned up immediately after delivery.
In both cases, field-level encryption is skipped since there is nothing persisted to encrypt. This also means Transient Mode deliveries have slightly lower latency -- no encryption overhead and no R2 read on the delivery side.
What You Keep and What You Lose
Transient Mode is a deliberate tradeoff. Here is exactly what changes:
| Capability | Standard Mode | Transient Mode | |---|---|---| | Event metadata (timestamps, source, status) | Stored | Stored | | Request headers | Stored | Stored | | Payload body | Encrypted in R2 | Not stored | | Event debugger payload view | Available | Shows "Payload Not Stored" | | Event replay | Available | Disabled | | Delivery logs and status codes | Available | Available | | Transforms and filters | Applied | Applied | | Routing and fan-out | Works | Works |
The important thing to understand: event metadata is still fully persisted. You can still see when webhooks arrived, which routes they matched, whether deliveries succeeded or failed, and what status codes your destinations returned. You lose the ability to inspect the raw payload after the fact and the ability to replay events.
For compliance-driven teams, this is often exactly the right tradeoff. You maintain operational visibility without retaining the sensitive data.
When to Use Transient Mode
Transient Mode is designed for specific scenarios where payload persistence creates compliance risk:
Healthcare integrations. A webhook from an EHR system carries patient records, appointment details, or lab results. Under HIPAA, storing that data in a webhook relay creates a new system that needs to be included in your BAA, risk assessment, and access audit. Transient Mode lets you route these webhooks without adding another data store to your compliance scope.
Payment processing. Stripe or payment processor webhooks can contain card details, transaction amounts, and customer billing addresses. PCI-DSS has strict requirements about where cardholder data can be stored. Transient Mode keeps your webhook layer out of scope.
European user data. GDPR data minimization (Article 5(1)(c)) requires that you do not store personal data beyond what is necessary for the specific processing purpose. If your webhook pipeline is routing data to its final destination, there is no reason to keep a copy in the relay layer.
High-throughput event streams. If you are processing thousands of webhooks per minute and never need to replay them, Transient Mode reduces storage costs and eliminates the need to manage retention policies for that source.
Enabling Transient Mode
Dashboard
Navigate to Sources, then create or edit a source. In the Security section, toggle Transient Mode on. Any new events received by that source will skip payload storage immediately.
API
# Enable on a new source
curl -X POST "https://api.hookbase.app/api/organizations/{orgId}/sources" \
-H "Authorization: Bearer {token}" \
-H "Content-Type: application/json" \
-d '{
"name": "ehr-webhooks",
"slug": "ehr-webhooks",
"transientMode": true
}'
# Enable on an existing source
curl -X PATCH "https://api.hookbase.app/api/organizations/{orgId}/sources/{sourceId}" \
-H "Authorization: Bearer {token}" \
-H "Content-Type: application/json" \
-d '{
"transientMode": true
}'
CLI
hookbase sources create --name "ehr-webhooks" --transient
hookbase sources update src_abc123 --transient
Kubernetes Operator
apiVersion: hookbase.io/v1alpha1
kind: WebhookSource
metadata:
name: ehr-webhooks
spec:
name: ehr-webhooks
slug: ehr-webhooks
transientMode: true
verification:
provider: hmac
secretRef:
name: ehr-signing-secret
key: hmac-key
Mixing Transient and Standard Sources
Transient Mode is a per-source setting, not a global toggle. This means you can run transient and standard sources side by side in the same organization. A common pattern:
- Standard mode for sources like GitHub, Jira, or internal services where payload inspection and replay are valuable for debugging.
- Transient mode for sources carrying PII, PHI, or payment data where compliance requires data minimization.
Routes, transforms, and filters work identically regardless of the source mode. You do not need to change your routing configuration when enabling Transient Mode.
A Note on Debugging
Without stored payloads, debugging delivery failures requires a different approach. Here is what we recommend:
- Use delivery status codes and response bodies. These are still logged and available in the event debugger and via the API.
- Log on the destination side. Your destination service should log the payloads it receives for its own debugging purposes.
- Test with Standard Mode first. Set up and validate your transforms, filters, and routes using a non-transient source. Once everything works, switch the production source to Transient Mode.
- Use tunnels for local development. Hookbase tunnels let you inspect live webhook payloads on your local machine during development without them being stored on our infrastructure.
Getting Started
Transient Mode is available today on all plans. There is no additional cost -- in fact, it reduces your storage usage since payloads are not persisted.
If you are evaluating Hookbase for a compliance-sensitive integration, Transient Mode lets you route webhooks through our platform without expanding your data storage footprint. Pair it with source verification and field-level encryption for a defense-in-depth approach to webhook security.
Have questions about Transient Mode or how it fits into your compliance requirements? Reach out to us at [email protected].