I just shipped Webhook Debugger v2.7 – an open-source tool that generates temporary webhook URLs and logs every incoming request in real-time. No localhost tunneling, no complex setup, no ngrok required.
If you've ever spent hours debugging why your Stripe payment webhook isn't working, this post is for you.
What Problem Does This Solve?
Imagine this scenario: You're building an e-commerce checkout flow. Stripe sends a payment_intent.succeeded webhook to your server, but your order confirmation email never sends.
The traditional debugging workflow:
- Add
console.log statements everywhere
- Deploy to staging
- Make a test purchase
- Check server logs (nothing useful)
- Realize Stripe couldn't reach localhost
- Set up ngrok tunnel
- Update webhook URL in Stripe dashboard
- Repeat test purchase
- Still nothing...
This takes hours. With Webhook Debugger, it takes 30 seconds.
How It Works
Step 1: Start the Actor (one click on Apify)
Step 2: Get your webhook URLs instantly:
https://<run-id>.runs.apify.net/webhook/wh_abc123
https://<run-id>.runs.apify.net/webhook/wh_def456
https://<run-id>.runs.apify.net/webhook/wh_ghi789
Step 3: Configure Stripe/GitHub/Shopify to send webhooks to these URLs
Step 4: See every request in real-time:
{
"id": "evt_8m2L5p9xR",
"timestamp": "2025-12-28T12:00:00Z",
"webhookId": "wh_abc123",
"method": "POST",
"headers": {
"content-type": "application/json",
"stripe-signature": "t=123456789,v1=abc..."
},
"body": {
"type": "payment_intent.succeeded",
"data": { "amount": 9999 }
},
"statusCode": 200,
"processingTime": 8
}
Now you can see exactly what Stripe is sending – the headers, the payload, everything.
Key Features for Developers
Real-Time Streaming
Monitor webhooks as they arrive using Server-Sent Events:
curl -N https://<actor-url>/log-stream
Every new webhook appears instantly in your terminal.
API Mocking
Simulate different response codes to test your error handling:
# Simulate a 500 error
curl https://<actor-url>/webhook/wh_abc123?__status=500
# Simulate a 401 Unauthorized
curl https://<actor-url>/webhook/wh_abc123?__status=401
Request Replay
Captured a webhook but need to test it against your local server? Replay it:
curl "https://<actor-url>/replay/wh_abc123/evt_xyz?url=http://localhost:3000/webhook" \
-H "Authorization: Bearer YOUR_KEY"
The original request is forwarded to your local endpoint with all original headers intact.
Custom Response Bodies
Mock any API response:
{
"defaultResponseCode": 201,
"defaultResponseBody": "{\"status\": \"created\", \"orderId\": \"ord_12345\"}"
}
Perfect for testing how your system handles specific API responses.
Enterprise Security Features
For production debugging, security matters:
| Feature | Description |
|---|
| API Key Auth | Require Bearer tokens for all requests |
| IP Whitelisting | Lock endpoints to specific IPs/CIDRs |
| Rate Limiting | Per-IP throttling on management endpoints |
| Data Masking | Auto-redact Authorization headers from logs |
Example secure configuration:
{
"authKey": "my-secret-key-2025",
"allowedIps": ["54.240.0.0/16"],
"maskSensitiveData": true,
"rateLimitPerMinute": 30
}
What's New in v2.7?
The latest release adds hot-reloading – you can now update your configuration without restarting:
- Change your
authKey → applies immediately
- Add more webhook URLs → generates instantly
- Update custom scripts → recompiles in real-time
This is critical during live debugging sessions where restarting would lose your captured data.
Real-World Use Cases
Stripe Payment Debugging
{
"forwardUrl": "http://localhost:3000/stripe-webhook",
"jsonSchema": {
"type": "object",
"required": ["type", "data"],
"properties": {
"type": { "type": "string" }
}
}
}
Validates Stripe payloads and forwards them to your local server simultaneously.
GitHub Actions Recovery
Missed a critical deployment webhook? Replay it:
# Find the missed event
curl "https://<actor-url>/logs?method=POST&limit=10" \
-H "Authorization: Bearer YOUR_KEY"
# Replay to your CI system
curl "https://<actor-url>/replay/wh_abc123/evt_missed?url=https://ci.internal/deploy"
Shopify Flow Testing
Use custom scripts to transform webhooks before logging:
// Parse nested JSON and add debug flags
if (event.contentType === "application/json") {
const body = JSON.parse(event.body);
event.body = {
...body,
_debugMode: true,
_receivedAt: Date.now(),
};
}
Getting Started in 60 Seconds
- Go to Webhook Debugger on Apify
- Click Start
- Copy your webhook URLs from the output
- Configure your service to send to those URLs
- Watch requests arrive in the Dataset tab
That's it. No installation, no configuration files, no tunnels.
FAQ
Q: How long are URLs valid?
A: Default is 24 hours, configurable up to 72 hours.
Q: Is my data stored?
A: Only in your personal Apify dataset. You own it, it's automatically deleted after retention expires.
Q: What's the payload limit?
A: 10MB default, configurable up to 100MB.
Q: Can I use this with Zapier?
A: Yes! Use the forwarding feature to pipe webhooks to your Zap's catch URL.
Conclusion
Webhook Debugger solves a real problem that every developer faces: debugging invisible HTTP requests. Instead of guessing what went wrong, you get complete visibility into every request.
The key features that make this tool production-ready are:
- Real-time SSE streaming for instant visibility
- Request replay for testing and recovery
- Enterprise security with auth, IP whitelisting, and rate limiting
- Hot-reloading for zero-downtime configuration
- Custom scripting for payload transformation
The project is open-source on GitHub, and you can try it immediately on the Apify Store.
Stop debugging blindly. Start seeing your webhooks.
Questions or feature requests? Open an issue on GitHub or reach out in the Apify Discord.