PayPal Webhook Tester — Test & Inspect PayPal Webhooks Online
Test and inspect PayPal webhooks online with a free webhook tester URL — capture real PayPal payloads, read the signature header, then forward locally.
If you are wiring up PayPal webhooks, the first question is always the same: what does PayPal actually send? The docs show an idealised payload, but the real request — its headers, its Paypal-Transmission-Sig header, the exact JSON shape — is what your handler has to parse. A PayPal webhook tester gives you a public URL that captures those real requests so you can read every byte before you write any code.
Get a free PayPal webhook tester URL
The fastest way is our free Webhook Bin — a no-code webhook tester that gives you an instant public URL and stores every request that hits it, headers and body included. No signup, no deploy:
- Open the Webhook Bin and copy the URL it generates for you.
- In Developer Dashboard → My Apps & Credentials → Webhooks, add a webhook endpoint and paste that URL.
- Trigger an event (see below) and watch the request land in the bin in real time.
Because the bin keeps the full request, you can inspect the Paypal-Transmission-Sig header, the Content-Type, and the complete payload — the three things you need to build and verify a handler.
What a PayPal webhook looks like
PayPal delivers webhooks as an HTTP POST with a application/json body. PayPal verification is unusual: it sends several Paypal-Transmission-* headers and a cert URL rather than a simple HMAC. Capturing all of them in one place is the fastest way to understand what your verification code has to work with.
A typical PAYMENT.CAPTURE.COMPLETED payload looks like this:
{
"id": "WH-...",
"event_type": "PAYMENT.CAPTURE.COMPLETED",
"resource": {
"id": "...",
"amount": {
"value": "19.99",
"currency_code": "USD"
},
"status": "COMPLETED"
}
}
Common PayPal events you will want to test:
PAYMENT.CAPTURE.COMPLETEDCHECKOUT.ORDER.APPROVEDBILLING.SUBSCRIPTION.ACTIVATED
Verifying the PayPal signature
PayPal signs each request so you can prove it really came from PayPal. The signature travels in the Paypal-Transmission-Sig header and is a certificate-based signature (verified with Paypal-Cert-Url and Paypal-Transmission-Id, not a shared-secret HMAC), using PayPal's published certificate plus your webhook ID. Capture a real request first, then use our HMAC signature verifier and the verify a webhook signature guide to confirm your verification logic against a payload you can actually see.
From inspecting to receiving on localhost
A bin is perfect for seeing the payload. When you are ready to drive your local handler with real PayPal events — without deploying — forward them straight to localhost with the Webhook Relay agent. The full walkthrough is here: Receive PayPal webhooks on localhost.
That gives you a stable public URL that tunnels to your machine, so PayPal keeps delivering to the same endpoint while you iterate on localhost, no firewall changes or public IP required.
Test PayPal webhooks online in three steps
- Capture — point PayPal at a Webhook Bin URL and inspect the real request.
- Verify — confirm the
Paypal-Transmission-Sigheader with the HMAC verifier. - Forward — when the shape is clear, receive PayPal webhooks on localhost and build your handler.
New to webhooks in general? Start with what is a webhook and how to test webhooks.
Ready to inspect your first PayPal event? Open a free Webhook Bin and paste the URL into PayPal.