Engineering Blog
Practical webhook guides for local development, CI assertions, provider signatures, and AI-assisted debugging workflows.
Featured
New: See Which Provider Sent Every Webhook
The dashboard now shows the detected provider and event type on every captured request. Stripe icon next to a checkout.session.completed event. GitHub icon next to a push. No configuration required.
Read guideLatest
AI Agents Can Now Get Their Own webhooks.cc Key
AI coding agents need an API credential before they can test webhooks, but they can't paste one in for themselves. webhooks.cc now implements auth.md, letting agents register for their own key through three flows.
New: 14 More Webhook Providers, From HubSpot to Sentry
webhooks.cc now sends signed test payloads, auto-detects, and verifies signatures for 28 providers — including Square, HubSpot, Mailgun, Calendly, Mux, Sentry, and Bitbucket.
All posts
Test Stripe Webhooks From Claude Code & Codex With MCP
Wire the webhooks.cc MCP server into Claude Code or Codex so the agent can send signed Stripe events, verify your handler, and replay captured requests — all from a single chat message.
Test GitHub Webhooks Locally: Smee, gh CLI, webhooks.cc
Three ways to receive GitHub webhooks on localhost — Smee, the GitHub CLI, and webhooks.cc. Tunnel real events, send signed test webhooks, and verify x-hub-signature-256 in your handler.
New: Verify Webhook Signatures Without Writing Code
Paste a signing secret in the dashboard and verify any captured webhook instantly — or configure it on the endpoint and every request is verified automatically. Supports Stripe, GitHub, Shopify, and 10 more providers.
New: One Endpoint, Multiple Responses
Webhook endpoints can now return different responses based on what's in the request. Match on headers, body fields, methods, or paths — first matching rule wins.
Webhook Security Checklist: SSRF, Replay Attacks, and Signature Bypass
A critical SSRF hit Plunk in March 2026. A high-severity SSRF hit GitLab in September 2025. Here's the checklist: verify signatures with constant-time comparison, reject stale timestamps, block private IPs, and test all three.
New: Teams — Share Webhook Endpoints With Your Team
Pro users can now create teams, invite members, and share webhook endpoints. Everyone on the team sees incoming requests in real time.
End-to-End Webhook Testing in Next.js App Router
Next.js App Router breaks every Express-era webhook pattern. Here's the correct way to handle signatures, exclude auth middleware, and test webhook routes end-to-end.
Why We Built a Webhook Testing Tool (Not Another Tunnel)
ngrok is a great tunnel. But webhook testing needs signed payloads, provider templates, mock responses, and test assertions — things a tunnel can't do.
Stop Doing Business Logic in Your Webhook Handlers
Your webhook endpoint should verify the signature, drop the event onto a queue, and return 200. Everything else belongs in a background worker.
Mock Webhook Responses for Retry and Error Testing
Configure your webhook endpoint to return 500s, 429s, or custom responses on demand. Observe how Stripe, Shopify, and GitHub handle failures and retries.
Using AI Agents to Debug Webhooks with MCP
Connect your coding agent to webhooks.cc via MCP. Create endpoints, send signed payloads, inspect captures, and verify signatures — all from within the agent conversation.
Webhook Testing in CI/CD with TypeScript
Write end-to-end webhook integration tests that run in GitHub Actions. Create ephemeral endpoints, capture requests, and assert on payloads with the webhooks.cc SDK.
How to Test Stripe Webhooks Locally in 2026
Set up a public tunnel to localhost, verify Stripe signatures, and write automated assertions with the webhooks.cc CLI and TypeScript SDK.