Powerful Features for Webhook Development

WebhookSpy provides everything you need to test, debug, and inspect webhooks during development. No signup required, completely free, and open-source.

Create Free Endpoint

Real-time Request Streaming

Watch webhook requests appear instantly as they arrive. WebhookSpy uses Server-Sent Events (SSE) to push new requests to your browser without any manual refreshing. Perfect for debugging webhook integrations where timing matters.

  • Instant updates via Server-Sent Events
  • No page refresh needed
  • Automatic reconnection on network issues

Permanent Webhook URLs

Your webhook URL never expires. Configure it once in your third-party service and it will keep working indefinitely. Request data is cleared after 7 days of inactivity, but the endpoint stays active and continues capturing new requests.

  • URLs never expire
  • Data retention: 7 days of inactivity
  • Stores last 100 requests per endpoint

Complete HTTP Request Inspection

Examine every detail of incoming requests. View HTTP headers, request body content, query string parameters, source IP addresses, and request paths. JSON payloads are automatically formatted with syntax highlighting for easy reading.

  • Headers, body, and query params
  • JSON syntax highlighting
  • Source IP tracking

Support for All HTTP Methods

WebhookSpy captures requests using any HTTP method. Whether your webhook sends GET, POST, PUT, PATCH, DELETE, or any custom method, it will be captured and displayed with color-coded method badges for quick identification.

  • GET, POST, PUT, PATCH, DELETE
  • Custom HTTP methods supported
  • Color-coded method indicators

Secure Endpoints with Access Keys

Need to test webhooks containing sensitive data? Create a secure endpoint protected by a unique access key. Only users with the key can view captured requests in the inspector. Perfect for teams testing production-like webhook payloads.

  • One-click secure endpoint creation
  • Access keys hashed with industry-standard bcrypt
  • Share keys with teammates via URL or manual entry

Security Hardened

WebhookSpy is built with security in mind. Rate limiting prevents abuse, security headers protect against common web vulnerabilities, and XSS protection ensures captured payloads are safely displayed. We also remind users not to send sensitive data to public endpoints.

  • Rate limiting (100 requests/min, 10 endpoints/min)
  • CSP, X-Frame-Options, and XSS protection headers
  • Safe JSON rendering with HTML escaping

REST API with Interactive Documentation

WebhookSpy provides a full REST API for programmatic access to all features. Create endpoints, retrieve captured requests, and integrate webhook testing into your CI/CD pipelines or automated testing workflows. Our interactive API documentation powered by OpenAPI 3.0 lets you explore and test endpoints directly in your browser.

  • OpenAPI 3.0 specification
  • Interactive Scalar API explorer
  • Test API calls directly from docs
  • JSON responses for easy parsing
  • SSE streaming for real-time updates
  • CI/CD integration ready
  • Powerful request filtering
Explore API Documentation

Powerful Request Filtering for Tests

Query captured requests programmatically with flexible filters. Perfect for test assertions in CI/CD pipelines when multiple webhooks hit the same endpoint. Find exactly the request you need by filtering on method, path, headers, query parameters, or JSON body content.

Parameter Description Example
method Filter by HTTP method ?method=POST
path Filter by path (substring match) ?path=/webhook
body Filter by body text (substring match) ?body=order_id
body_key Filter by JSON body key existence ?body_key=user_id
body_value Filter by JSON body key:value ?body_value=status:completed
query_key Filter by query param existence ?query_key=token
query_value Filter by query param key:value ?query_value=id:12345
header_key Filter by header existence ?header_key=x-signature
header_value Filter by header name:value ?header_value=content-type:application/json
limit Limit number of results ?limit=1

Example Usage

# Find POST requests with a specific JSON body value
curl "https://webhookspy.com/api/endpoints/{'{id}'}/requests?method=POST&body_value=event:order.created"

# Find requests with a specific query parameter
curl "https://webhookspy.com/api/endpoints/{'{id}'}/requests?query_value=webhook_id:abc123"

# Find requests that have a signature header
curl "https://webhookspy.com/api/endpoints/{'{id}'}/requests?header_key=x-webhook-signature"

# Combine filters to find the exact request you need
curl "https://webhookspy.com/api/endpoints/{'{id}'}/requests?method=POST&body_key=user_id&limit=1"

Use in Your Tests

// Example: Verify a webhook was received with correct data
const response = await fetch(
  `https://webhookspy.com/api/endpoints/${'{endpointId}'}/requests?body_value=order_id:${'{orderId}'}&limit=1`
);
const requests = await response.json();
expect(requests).toHaveLength(1);
expect(requests[0].method).toBe('POST');
Try It in API Docs

Common Use Cases

Payment Gateway Testing

Debug Stripe, PayPal, or other payment provider webhooks during checkout integration.

GitHub/GitLab Webhooks

Test repository events like push, pull requests, and CI/CD pipeline triggers.

Chat & Messaging Bots

Debug Slack, Discord, or Telegram bot webhooks and message payloads.

E-commerce Integrations

Test order notifications, inventory updates, and shipping status webhooks.

IoT Device Callbacks

Capture and inspect data from IoT devices, sensors, and smart home integrations.

API Development

Test outgoing webhook implementations before deploying to production.

Technical Specifications

100

Requests stored per endpoint

512KB

Max request body size

7 days

Data retention period

URL lifetime (never expires)

Ready to start testing?

Create your first webhook endpoint in seconds. No signup required.

Get Started Free