Dashboard Test Webhooks
Use the dashboard Send button to fire manual requests or realistic provider webhook templates with correct signatures. Verify your handler end-to-end without deploying or configuring an external service.
Updated Mar 2026
Open the sender
- Open an endpoint in the dashboard.
- Click Send in the URL bar.
- Select either manual mode or a provider template mode.
- Send the request and inspect the captured result in the request list.
Manual mode
Manual mode lets you choose method, path, headers, and body. Use this when you need a custom request shape or when you are debugging a non-standard sender.
Method: POST
Path: /stripe/webhook
Headers:
Content-Type: application/json
Body:
{"event":"test.manual"}
Provider template mode
Provider templates generate realistic payload structure and signature headers so you can test verification logic, not just transport.
| Provider | Presets | Content-Type | Signature header |
|---|---|---|---|
| Stripe | payment_intent.succeeded, checkout.session.completed, invoice.paid | application/json | stripe-signature (HMAC SHA-256 over timestamp.payload) |
| GitHub | push, pull_request.opened, ping | application/json | x-hub-signature-256 (HMAC SHA-256 over raw body) |
| Shopify | orders/create, orders/paid, products/update, app/uninstalled | application/json | x-shopify-hmac-sha256 (Base64 HMAC SHA-256 over raw body) |
| Twilio | messaging.inbound, messaging.status_callback, voice.incoming_call | application/x-www-form-urlencoded | x-twilio-signature (Base64 HMAC SHA-1 over URL + sorted params) |
| Slack | event_callback, slash_command, url_verification | application/json | x-slack-signature (HMAC SHA-256 over v0:timestamp:body) |
| Paddle | transaction.completed, subscription.created, subscription.updated | application/json | paddle-signature (HMAC SHA-256 over timestamp:body) |
| Linear | issue.create, issue.update, comment.create | application/json | linear-signature (HMAC SHA-256 over raw body) |
| SendGrid | delivered, open, bounce, spam_report | application/json | None (unsigned) |
| Clerk | user.created, user.updated, user.deleted, session.created | application/json | webhook-signature (Standard Webhooks / Svix signing) |
| Discord | interaction_create, message_component, ping | application/json | None (unsigned template; Ed25519 verification available separately) |
| Vercel | deployment.created, deployment.succeeded, deployment.error | application/json | x-vercel-signature (HMAC SHA-1 over raw body) |
| GitLab | push, merge_request | application/json | x-gitlab-token (raw token comparison) |
| Standard Webhooks | No presets — user-provided body | application/json | webhook-id + webhook-timestamp + webhook-signature (v1, Base64 HMAC SHA-256 over msgId.timestamp.body) |
Mock webhook secret and event override
Enter your provider signing secret in Mock webhook secret. The sender signs the generated payload with that secret and sets the provider-specific signature header.
Leave Event/topic override empty to use the preset default. Use override only when you need to test a specific event name.
Twilio signatures are computed from URL + sorted form params. If you override a Twilio body as a string, provide URL-encoded key/value pairs (not raw JSON).
Verification checklist
- Verify your server reads the raw request body before parsing JSON.
- Verify signature checks fail if you change the secret.
- Verify your handler branches on provider event/topic correctly.
- Verify Twilio handlers parse form-encoded payloads.