Webhook Debugger & Logger gives you disposable webhook endpoints that capture the complete request envelope — headers, body, query params, response, timing, and IP — and expose a searchable log API, a live SSE event stream, and one-click replay. It works with Stripe, GitHub, Shopify, Slack, and any custom HMAC provider, and runs on the Apify platform or self-hosted with Node.js or Docker.Documentation Index
Fetch the complete documentation index at: https://supahooks.ar27111994.dev/llms.txt
Use this file to discover all available pages before exploring further.
What you get
Capture and inspect
Every incoming webhook is stored with full request and response metadata, including headers, payload, status code, latency, and sender IP.
Live event stream
Watch events appear in real time over a Server-Sent Events feed at
/log-stream — no polling required.Replay captured traffic
Resend any stored event to a new destination URL after you fix a bug, without asking your provider to re-deliver.
Forward to another server
Pipe every captured request to a downstream service while keeping a full audit trail, with automatic retries and circuit breaking.
Mock API responses
Return custom status codes, headers, bodies, and artificial latency to simulate how your application handles slow or failing callbacks.
Verify provider signatures
Validate Stripe, GitHub, Shopify, Slack, and custom HMAC signatures automatically, with replay-attack protection.
Key features
| Feature | What you get |
|---|---|
| Temporary webhook URLs | 1–50 unique endpoints per run, active for 1–168 hours |
| Full request capture | Method, headers, query, body, response, size, latency, IP |
| Searchable logs | Query and paginate captured events at /logs |
| Live streaming | Real-time SSE feed at /log-stream |
| Replay | Resend any stored event to a new target URL |
| HTTP forwarding | Forward all traffic with retries and circuit breaker protection |
| API mocking | Custom status codes, headers, bodies, and response delay |
| Alert notifications | Slack or Discord alerts for error, 4xx, 5xx, timeout, or signature_invalid events |
| Security controls | Global API key, IP allowlist, sensitive header masking, provider signature verification |
| Payload validation | JSON Schema validation and inline JavaScript transformation scripts |
When to use this instead of a generic request bin
A generic request bin shows you raw HTTP dumps. Webhook Debugger & Logger goes further:- Searchable, queryable logs — filter and paginate captured events through a documented API, not just a web UI.
- Replay and forwarding — resend stored events to a new target or pipe live traffic to a downstream service.
- Provider signature verification — validate Stripe, GitHub, Shopify, Slack, and custom HMAC signatures with one config option.
- API mocking — simulate custom status codes, response bodies, and artificial latency without a separate mock server.
- Slack and Discord alerts — get notified immediately when capture, validation, or downstream delivery fails.
- Operational endpoints —
/health,/ready, and/system/metricsmake it suitable for automated test harnesses and CI pipelines.
Supported providers
Signature verification is built in for the following providers. Select yours in thesignatureVerification input and supply the shared secret — no custom middleware required.
- Stripe —
Stripe-Signatureheader with HMAC-SHA256 and timestamp tolerance - GitHub —
X-Hub-Signature-256header with HMAC-SHA256 - Shopify —
X-Shopify-Hmac-SHA256header with HMAC-SHA256 - Slack —
X-Slack-Signaturewith version prefix and timestamp replay protection - Custom HMAC — configurable header name, algorithm (
sha256orsha1), and encoding (hexorbase64)
Generated webhook URLs are public by default. Set
authKey, allowedIps, or signatureVerification before pointing real provider traffic at your endpoints.