Metafinite LogoMetafinite

Metafinite Docs

A webhook proxy with plain English routing rules. You write the rule. We check every payload against it. FORWARD or DROP — deterministic, auditable, schema-resilient.

What Metafinite does

You give Metafinite a URL. You paste that URL into Stripe, GitHub, or any webhook provider. When a webhook arrives, Metafinite returns HTTP 200 immediately — the provider never times out. Then Metafinite reads the payload, checks it against your routing rule, and either forwards the payload unchanged to your server or drops it at the edge.

Your rule is plain English. 'Forward if payment failed and amount over $40.' You write the thresholds. You set the conditions. If Stripe renames a field next month, your rule still works — the engine reads your intent, not exact field paths.

Every decision is logged with a written reasoning. Every log entry shows what was checked and why the decision was made.

Quickstart

Start intercepting webhooks in under 5 minutes.

1. Create an account

Sign up at metafinite.com/signup. No credit card required.

2. Create an endpoint

curl -X POST https://metafinite.com/endpoints \
  -H "Authorization: Bearer mf_live_YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Stripe High-Value Failures",
    "destination_url": "https://api.yoursite.com/webhooks",
    "rule_text": "forward if status is payment_failed and amount over 1000"
  }'

Response:

{
  "endpoint_id": "ep_01abc123def456",
  "proxy_url": "https://metafinite.com/p/ep_01abc123def456",
  "status": "active"
}

3. Point your provider

Copy proxy_url and paste it into Stripe (or GitHub, Shopify) as the webhook destination.

4. Watch the Live Tail

Open your Dashboard. Events appear in real time powered by Supabase Realtime CDC.

Authentication

All management API requests require a Personal Access Token. Generate one at Dashboard → Settings → API Tokens → New Token.

Tokens are SHA-256 hashed before storage. The raw value is shown exactly once on creation.

Authorization: Bearer mf_live_9a8b7c6d5e4f3a2b1c0d9e8f7a6b5c4d3e2f1
Prefixmf_live_ (easy to spot in logs)
StorageSHA-256 hashed, never retrievable
RevocableInstant from Settings
ReceiverPOST /p/{id} — no auth

Environments

Every endpoint is instantly live on the global edge. To test safely: create a second endpoint named "Staging" and point its destination_url to your local ngrok URL.

Architecture

What happens when a webhook hits your proxy URL:

  1. 1.Provider sends POST to https://metafinite.com/p/{endpoint_id}
  2. 2.Edge function receives the request
  3. 3.200 OK returned immediately (Cloudflare waitUntil) — provider never times out
  4. 4.Routing engine evaluates payload against rule_text asynchronously
  5. 5.Decision: FORWARD → sent to destination_url | DROP → discarded
  6. 6.Decision + reasoning inserted into webhook_logs
  7. 7.Supabase Realtime CDC broadcasts the row to dashboard (~1s latency)
Instant acknowledgment — HTTP 200 returned before routing evaluation200 returned before evaluation completes
Evaluation completes in 1-3 seconds — result in your Live Tail within ~1 secondAlways returned regardless of complexity
DROP decisions never reach your server — dropped at the edgeCompute shield never touches your origin
2MB payload limit — covers all major webhook providersReliable buffering up to maximum

Routing Rules

A routing rule is a natural language string evaluated as a boolean: true = FORWARD, false = DROP.

Math evaluation

Rule: "amount over 1000"
Payload: { "amount_due": "5000" } → 5000 > 1000 ✓

Deep object introspection

Rule: "email contains @enterprise.com"
Payload: { "user": { "contact": { "email": "ceo@enterprise.com" } } } → true

Status checks

Rule: "status is failed"
Payload: { "status": "payment_failed" } → true

Compound rules

"forward if payment failed AND amount over $50 AND customer tier is enterprise"
"drop if event is ping OR event is health_check"

Live Tail

Powered by Supabase Realtime CDC over WebSockets. Events appear within ~1 second — no polling, no refresh.

Each row shows: timestamp, decision (color-coded), written reasoning (expandable), raw payload, destination response status.

POST /endpoints

Requires Bearer token. Creates a new proxy endpoint.

FieldTypeRequiredDescription
namestringYesHuman-readable label
destination_urlstringYesHTTPS URL to forward matching payloads
rule_textstringYesNatural language routing rule
curl -X POST https://metafinite.com/endpoints \
  -H "Authorization: Bearer mf_live_YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Stripe High-Value Failures",
    "destination_url": "https://api.acme.com/v1/webhooks",
    "rule_text": "forward if amount > 1000 and status is payment_failed"
  }'

GET /endpoints

curl -X GET https://metafinite.com/endpoints \
  -H "Authorization: Bearer mf_live_YOUR_TOKEN"

POST /p/{endpoint_id}

No auth required. This is the URL you paste into Stripe, GitHub, etc.

StatusMeaning
200Payload accepted. Routing evaluation is running asynchronously. Result will appear in your Live Tail within seconds.
400Request body is not valid JSON.
402Monthly quota exceeded.
404Endpoint_id not found.
429Rate limit exceeded (10 req/min).
⚡ The 200 response is always returned immediately. Routing evaluation runs asynchronously — your provider never times out.

Guide: Stripe Integration

  1. 1.Create an endpoint

    curl -X POST https://metafinite.com/endpoints \
  -H "Authorization: Bearer mf_live_YOUR_TOKEN" \
  -d '{"name":"Stripe","destination_url":"https://api.you.com/hooks","rule_text":"forward if payment failed and amount over $50"}'

  2. 2.Copy the proxy_url

  3. 3.Stripe Dashboard → Developers → Webhooks → Add endpoint → paste proxy_url → select all events

  4. 4.Send a test event from Stripe and watch the Live Tail

Guide: GitHub Webhooks

  1. 1.Create an endpoint

    curl -X POST https://metafinite.com/endpoints \
  -H "Authorization: Bearer mf_live_YOUR_TOKEN" \
  -d '{"name":"GitHub PRs","destination_url":"https://api.you.com/hooks","rule_text":"forward if pull request opened or merged on main branch"}'

  2. 2.GitHub → Repo → Settings → Webhooks → Add webhook → Payload URL: proxy_url → Content type: application/json

Guide: HTTP Clients

The REST API is designed to be called from any HTTP client or CI pipeline. rule_text accepts natural language — no schema mapping needed.

const res = await fetch('https://metafinite.com/endpoints', {
  method: 'POST',
  headers: { 'Authorization': `Bearer ${MF_TOKEN}`, 'Content-Type': 'application/json' },
  body: JSON.stringify({
    name: 'Churn alert',
    destination_url: 'https://api.yoursite.com/alerts',
    rule_text: 'forward if subscription cancelled and customer LTV over $500'
  })
})

Security

Rules are isolated from payloads

Your routing rules are stored in a separate database table from incoming payloads. They are configured by you and can only be changed by authenticated API calls with your Bearer token. Incoming webhook payloads are read-only data — they are evaluated against your rules but cannot modify them.

Deterministic evaluation

The routing engine uses a structured prompt that forces a boolean output: FORWARD or DROP. This is not open-ended text generation. The same payload with the same rule produces the same decision. You can verify this by checking the written reasoning in your Live Tail.

Token security

API tokens are SHA-256 hashed before storage. The raw value is shown exactly once at creation and never stored in plaintext. Tokens are revocable instantly from Settings → API Tokens. The mf_live_ prefix makes them identifiable in logs and .env files.

Rate limiting

Every endpoint enforces a default rate limit of 10 requests per minute. Requests exceeding this return HTTP 429. This protects your destination server from spike abuse and quota exhaustion.

Data handling

We store your endpoint configuration, routing decisions, reasoning, and incoming payloads for your Live Tail. We do not sell or share your payload data with third parties. Data is stored in Supabase. To delete your account and all data, email legal@metafinite.com.

GDPR

Metafinite acts as a data processor on your behalf. We process webhook payload data only to provide the routing service. We do not use your payload data for any other purpose. You can request full data deletion at any time by emailing legal@metafinite.com. We will respond within 30 days.

Frequently asked questions

Does Metafinite ever change my routing rules or thresholds?

No. The routing engine checks your payload against the rule you wrote — exactly as written. 'Forward if amount over $40' means $40.00. The engine does not interpret, round, or modify your thresholds. Every decision includes a written reasoning so you can verify what was checked.

Can an attacker change my rules by sending a crafted payload?

No. Rules are stored separately and can only be modified by authenticated API calls with your Bearer token. Incoming webhook payloads are read-only input — they cannot modify rules. An attacker sending a malicious payload can only affect whether their own request gets forwarded or dropped.

Will the same payload always get the same routing decision?

Yes. The routing engine uses a structured boolean prompt — not open-ended generation. The same payload with the same rule produces the same FORWARD or DROP decision. This is deterministic by design.

How does the timing work?

HTTP 200 is returned to the sender immediately, before evaluation. This means Stripe, GitHub, and other providers never time out. The routing evaluation runs asynchronously and typically completes within 1-3 seconds. The result appears in your Live Tail within ~1 second via Supabase Realtime CDC.

What if my destination server is down when a webhook is forwarded?

If your destination returns a non-2xx response, the event is logged as failed in your Live Tail. You can see the status code returned by your server. Automatic retries are on the roadmap. Today you can replay any event manually from the dashboard.

Does Metafinite modify the payload before forwarding?

No. The original payload is forwarded to your destination URL exactly as received. We do not add, remove, or transform any fields.

What data does Metafinite store and for how long?

We store your endpoint configuration, routing decisions, written reasoning, and incoming payloads for your Live Tail. Free tier: 24 hours of log history. Pro: 90 days. We do not sell or share your payload data. To delete all data, email legal@metafinite.com.

Is Metafinite GDPR compliant?

Metafinite acts as a data processor on your behalf under GDPR. We process webhook payload data only to provide the routing service — no other purpose. You can request full data deletion at any time by emailing legal@metafinite.com. We will respond within 30 days.

MCP Overview

Model Context Protocol (MCP) is an open standard for tool use. Metafinite is MCP-ready today — our REST API accepts plain English routing rules, making it natively compatible with any MCP host.

MCP Server In development

An official Metafinite MCP server — expose Metafinite as a tool with one config line.

{
  "mcpServers": {
    "metafinite": {
      "command": "npx",
      "args": ["metafinite-mcp"],
      "env": { "MF_TOKEN": "mf_live_YOUR_TOKEN" }
    }
  }
}

Sign up at /beta to be notified when it launches.