Webhook Inspector
Get a unique URL, point a webhook at it, and inspect every request it receives in real time.
Generating endpoint…
Point any webhook at this URL. Requests appear below within a few seconds and are discarded automatically after 24 hours.
Nothing captured yet. Send a test request or trigger your webhook.
About the Webhook Inspector
When you are integrating a webhook, the hardest part is seeing what the sender actually sends. This tool gives you a unique URL to use as a temporary webhook destination. Point Stripe, GitHub, your payment provider, or your own code at it, trigger the event, and the full request appears here within seconds: method, headers, query string, and body.
Use it to answer the questions documentation never quite does. What does the payload actually look like? Which signature header does the sender include? Does it send JSON or form encoded data? Does it follow redirects? Capture a real request once, build your handler against reality, and switch the webhook to your real endpoint.
This is the one tool on toolhq that needs a server, because something has to be publicly reachable to receive the webhook. Captures are kept in a temporary store for up to 24 hours and then deleted automatically; nothing else is logged. Endpoints are unguessable random IDs, and each one holds at most the last 50 requests.
Do not point production webhooks with sensitive payloads here. It is a debugging tool, and anyone who has your endpoint URL can read what arrives at it during that window.
Reach developers and designers who use these tools every day. Privacy-first, no trackers.
Frequently asked questions
How long are captured requests kept?
Up to 24 hours in a temporary store, capped at the 50 most recent requests per endpoint, then deleted automatically. Treat every capture as temporary and do not send sensitive production data.
Can anyone else see my captured requests?
Only someone who has your endpoint URL. Endpoint IDs are random UUIDs generated in your browser, so they are not guessable, but the URL itself is the only secret. Do not share it, and do not send sensitive production data to it.
Why did my captures disappear?
Captures live in the memory of a single server instance. On serverless hosting, instances recycle and new requests may land on different instances. For a debugging session of a few minutes this rarely matters; if it happens, send the webhook again.
Does the endpoint validate webhook signatures?
No, it accepts and records everything. That is the point: you can see the raw signature headers (like Stripe-Signature or X-Hub-Signature-256) exactly as sent, so you can implement verification correctly in your own handler.
What does the endpoint respond with?
HTTP 200 with a small JSON body, for every method. Webhook senders treat that as successful delivery, so retries stop and you see each event exactly once.