Webhook Relay

Shopify Webhook Tester — Test & Inspect Shopify Webhooks Online

Test and inspect Shopify webhooks online with a free webhook tester URL — capture real Shopify payloads, read the signature header, then forward locally.

Shopify Webhook Tester — Test & Inspect Shopify Webhooks Online

If you are wiring up Shopify webhooks, the first question is always the same: what does Shopify actually send? The docs show an idealised payload, but the real request — its headers, its X-Shopify-Hmac-SHA256 header, the exact JSON shape — is what your handler has to parse. A Shopify webhook tester gives you a public URL that captures those real requests so you can read every byte before you write any code.

Get a free Shopify webhook tester URL

The fastest way is our free Webhook Bin — a no-code webhook tester that gives you an instant public URL and stores every request that hits it, headers and body included. No signup, no deploy:

  1. Open the Webhook Bin and copy the URL it generates for you.
  2. In Settings → Notifications → Webhooks (or the Admin API), add a webhook endpoint and paste that URL.
  3. Trigger an event (see below) and watch the request land in the bin in real time.

Because the bin keeps the full request, you can inspect the X-Shopify-Hmac-SHA256 header, the Content-Type, and the complete payload — the three things you need to build and verify a handler.

What a Shopify webhook looks like

Shopify delivers webhooks as an HTTP POST with a application/json body. Shopify also sends X-Shopify-Topic (which event) and X-Shopify-Shop-Domain (which store) headers — capture them in your bin to confirm the topic and store before you write a single line of handler code.

A typical orders/create payload looks like this:

{
  "id": 820982911946154500,
  "email": "[email protected]",
  "financial_status": "paid",
  "total_price": "199.00",
  "currency": "USD",
  "line_items": [
    {
      "title": "T-Shirt",
      "quantity": 1
    }
  ]
}

Common Shopify events you will want to test:

  • orders/create
  • orders/paid
  • products/update
  • app/uninstalled

Verifying the Shopify signature

Shopify signs each request so you can prove it really came from Shopify. The signature travels in the X-Shopify-Hmac-SHA256 header and is base64-encoded HMAC-SHA256 of the raw body, using your app's API secret key. Capture a real request first, then use our HMAC signature verifier and the verify a webhook signature guide to confirm your verification logic against a payload you can actually see.

From inspecting to receiving on localhost

A bin is perfect for seeing the payload. When you are ready to drive your local handler with real Shopify events — without deploying — forward them straight to localhost with the Webhook Relay agent. The full walkthrough is here: Receive Shopify webhooks on localhost.

That gives you a stable public URL that tunnels to your machine, so Shopify keeps delivering to the same endpoint while you iterate on localhost, no firewall changes or public IP required.

Test Shopify webhooks online in three steps

  1. Capture — point Shopify at a Webhook Bin URL and inspect the real request.
  2. Verify — confirm the X-Shopify-Hmac-SHA256 header with the HMAC verifier.
  3. Forward — when the shape is clear, receive Shopify webhooks on localhost and build your handler.

New to webhooks in general? Start with what is a webhook and how to test webhooks.

Ready to inspect your first Shopify event? Open a free Webhook Bin and paste the URL into Shopify.