Webhook Relay

GitHub Webhook Tester — Test & Inspect GitHub Webhooks Online

Test and inspect GitHub webhooks online with a free webhook tester URL — capture real GitHub payloads, read the signature header, then forward locally.

GitHub Webhook Tester — Test & Inspect GitHub Webhooks Online

If you are wiring up GitHub webhooks, the first question is always the same: what does GitHub actually send? The docs show an idealised payload, but the real request — its headers, its X-Hub-Signature-256 header, the exact JSON shape — is what your handler has to parse. A GitHub webhook tester gives you a public URL that captures those real requests so you can read every byte before you write any code.

Get a free GitHub webhook tester URL

The fastest way is our free Webhook Bin — a no-code webhook tester that gives you an instant public URL and stores every request that hits it, headers and body included. No signup, no deploy:

  1. Open the Webhook Bin and copy the URL it generates for you.
  2. In Settings → Webhooks on a repository or organization, add a webhook endpoint and paste that URL.
  3. Trigger an event (see below) and watch the request land in the bin in real time.

Because the bin keeps the full request, you can inspect the X-Hub-Signature-256 header, the Content-Type, and the complete payload — the three things you need to build and verify a handler.

What a GitHub webhook looks like

GitHub delivers webhooks as an HTTP POST with a application/json (or application/x-www-form-urlencoded) body. GitHub adds an X-GitHub-Event header naming the event and an X-GitHub-Delivery GUID for each delivery, and its Recent Deliveries panel lets you redeliver any payload — perfect for replaying into a tester URL.

A typical push payload looks like this:

{
  "action": "opened",
  "number": 42,
  "pull_request": {
    "id": 1,
    "title": "Add feature",
    "state": "open",
    "user": {
      "login": "octocat"
    }
  },
  "repository": {
    "full_name": "octocat/hello-world"
  }
}

Common GitHub events you will want to test:

  • push
  • pull_request
  • issues
  • release

Verifying the GitHub signature

GitHub signs each request so you can prove it really came from GitHub. The signature travels in the X-Hub-Signature-256 header and is HMAC-SHA256 of the raw request body, using the secret you set on the webhook. Capture a real request first, then use our HMAC signature verifier and the verify a webhook signature guide to confirm your verification logic against a payload you can actually see.

From inspecting to receiving on localhost

A bin is perfect for seeing the payload. When you are ready to drive your local handler with real GitHub events — without deploying — forward them straight to localhost with the Webhook Relay agent. The full walkthrough is here: Receive GitHub webhooks on localhost.

That gives you a stable public URL that tunnels to your machine, so GitHub keeps delivering to the same endpoint while you iterate on localhost, no firewall changes or public IP required.

Test GitHub webhooks online in three steps

  1. Capture — point GitHub at a Webhook Bin URL and inspect the real request.
  2. Verify — confirm the X-Hub-Signature-256 header with the HMAC verifier.
  3. Forward — when the shape is clear, receive GitHub webhooks on localhost and build your handler.

New to webhooks in general? Start with what is a webhook and how to test webhooks.

Ready to inspect your first GitHub event? Open a free Webhook Bin and paste the URL into GitHub.