Skip to content

Engineering Blog

Practical webhook guides for local development, CI assertions, provider signatures, and AI-assisted debugging workflows.

Featured

ProductApr 15, 20265 min read

New: Verify Webhook Signatures Without Writing Code

Paste a signing secret in the dashboard and verify any captured webhook instantly — or configure it on the endpoint and every request is verified automatically. Supports Stripe, GitHub, Shopify, and 10 more providers.

Read guide

Latest

ProductApr 9, 20265 min

New: One Endpoint, Multiple Responses

Webhook endpoints can now return different responses based on what's in the request. Match on headers, body fields, methods, or paths — first matching rule wins.

SecurityApr 6, 20268 min

Webhook Security Checklist: SSRF, Replay Attacks, and Signature Bypass

A critical SSRF hit Plunk in March 2026. A high-severity SSRF hit GitLab in September 2025. Here's the checklist: verify signatures with constant-time comparison, reject stale timestamps, block private IPs, and test all three.

All posts

Product

New: Teams — Share Webhook Endpoints With Your Team

Pro users can now create teams, invite members, and share webhook endpoints. Everyone on the team sees incoming requests in real time.

Mar 28, 20264 min
Testing

End-to-End Webhook Testing in Next.js App Router

Next.js App Router breaks every Express-era webhook pattern. Here's the correct way to handle signatures, exclude auth middleware, and test webhook routes end-to-end.

Mar 27, 20268 min
Local Development

Why We Built a Webhook Testing Tool (Not Another Tunnel)

ngrok is a great tunnel. But webhook testing needs signed payloads, provider templates, mock responses, and test assertions — things a tunnel can't do.

Mar 16, 20267 min
Architecture

Stop Doing Business Logic in Your Webhook Handlers

Your webhook endpoint should verify the signature, drop the event onto a queue, and return 200. Everything else belongs in a background worker.

Mar 11, 20267 min
Testing

Mock Webhook Responses for Retry and Error Testing

Configure your webhook endpoint to return 500s, 429s, or custom responses on demand. Observe how Stripe, Shopify, and GitHub handle failures and retries.

Mar 10, 20267 min
AI Workflows

Using AI Agents to Debug Webhooks with MCP

Connect your coding agent to webhooks.cc via MCP. Create endpoints, send signed payloads, inspect captures, and verify signatures — all from within the agent conversation.

Mar 10, 20266 min
Testing

Webhook Testing in CI/CD with TypeScript

Write end-to-end webhook integration tests that run in GitHub Actions. Create ephemeral endpoints, capture requests, and assert on payloads with the webhooks.cc SDK.

Mar 10, 20267 min
Local Development

How to Test Stripe Webhooks Locally in 2026

Set up a public tunnel to localhost, verify Stripe signatures, and write automated assertions with the webhooks.cc CLI and TypeScript SDK.

Mar 10, 20266 min