# Webhook Debugger & Logger ## Docs - [API authentication: Bearer tokens and query params](https://supahooks.ar27111994.dev/api-reference/authentication.md): Authenticate with Webhook Debugger & Logger using a Bearer token header or ?key= query parameter once authKey is configured in Actor input. - [Error responses and HTTP status codes reference](https://supahooks.ar27111994.dev/api-reference/errors.md): Error body shapes, HTTP status codes, and SSRF-blocked IP ranges for Webhook Debugger & Logger management routes, webhook ingest, and replay. - [GET /health and /ready — liveness and readiness probes](https://supahooks.ar27111994.dev/api-reference/health.md): GET /health and GET /ready are liveness and readiness probes for Webhook Debugger & Logger. Both are rate-limited but never require authentication. - [GET /info — runtime metadata and endpoint discovery](https://supahooks.ar27111994.dev/api-reference/info.md): GET /info returns runtime version, active webhook state, the full feature list, and a discoverable endpoint map for programmatic integration. - [GET /log-stream — Server-Sent Events live feed](https://supahooks.ar27111994.dev/api-reference/live-stream.md): Stream live webhook events in real time using GET /log-stream. Covers the SSE wire format, heartbeats, the 100-client limit, and client-side filtering. - [GET /logs — query and filter captured webhook events](https://supahooks.ar27111994.dev/api-reference/logs.md): GET /logs — query captured webhook events with rich filter syntax, offset or cursor pagination, and sparse field selection. Plus /logs/:logId endpoints. - [HTTP API overview for Webhook Debugger & Logger](https://supahooks.ar27111994.dev/api-reference/overview.md): Full HTTP API surface for Webhook Debugger & Logger: base URLs, all endpoints at a glance, authentication model, and runtime discovery via /info. - [Rate limiting for API and webhook ingest endpoints](https://supahooks.ar27111994.dev/api-reference/rate-limiting.md): Rate limiting in Webhook Debugger & Logger: per-IP limits on management endpoints and a separate per-webhook limiter for high-throughput ingest traffic. - [POST /replay/:webhookId/:itemId — replay events](https://supahooks.ar27111994.dev/api-reference/replay.md): POST /replay/:webhookId/:itemId re-sends a captured event to a new URL. Includes SSRF protection, retry configuration, and added tracing headers. - [ANY /webhook/:id — capture incoming webhook traffic](https://supahooks.ar27111994.dev/api-reference/webhook-capture.md): ANY /webhook/:id captures incoming HTTP traffic on any method. Supports status overrides, IP allowlisting, signature verification, and custom scripts. - [Transform webhook payloads with custom JavaScript](https://supahooks.ar27111994.dev/configuration/custom-scripts.md): Use the customScript input to normalize, enrich, or redact webhook payloads with an inline JavaScript snippet before the event is stored. - [Environment variables for self-hosted deployments](https://supahooks.ar27111994.dev/configuration/environment-variables.md): Environment variables for running Webhook Debugger & Logger locally or in Docker: port, input, storage path, logging level, and custom script heap tuning. - [Input configuration reference for Webhook Debugger](https://supahooks.ar27111994.dev/configuration/input-reference.md): Reference for every input option in Webhook Debugger & Logger: endpoint setup, security, response mocking, forwarding, payload validation, and alerting. - [Deploy Webhook Debugger & Logger: Apify or self-hosted](https://supahooks.ar27111994.dev/deployment.md): Run Webhook Debugger & Logger on the Apify platform with no setup required, or self-host with Node.js or Docker in your own environment. - [Frequently asked questions about Webhook Debugger](https://supahooks.ar27111994.dev/faq.md): Answers to common questions about webhook URL retention, security, replay, storage, payload handling, and running Webhook Debugger outside Apify. - [Capture and inspect incoming webhook requests](https://supahooks.ar27111994.dev/features/capture.md): Every request sent to your webhook URL is captured in full: method, headers, query params, body, response, timing, IP, and signature state. - [Forward webhook traffic to a downstream server](https://supahooks.ar27111994.dev/features/forwarding.md): Automatically POST every captured request to a destination URL with retries and circuit breaker protection, keeping your downstream server in sync. - [Stream webhook events live with Server-Sent Events](https://supahooks.ar27111994.dev/features/live-stream.md): Connect to GET /log-stream to receive captured webhook events in real time over Server-Sent Events, without polling the /logs query endpoint. - [Mock webhook responses with custom status and body](https://supahooks.ar27111994.dev/features/mocking.md): Return custom HTTP status codes, bodies, and headers to the webhook sender. Add artificial latency to test slow or failing callback scenarios. - [Replay captured webhook events to any destination](https://supahooks.ar27111994.dev/features/replay.md): Resend any previously captured webhook event to a new target URL, with the original headers and body, so you can test a fix against real traffic. - [Test GitHub webhook events and CI callbacks](https://supahooks.ar27111994.dev/guides/github.md): Capture GitHub App and repository webhook deliveries, verify X-Hub-Signature-256 signatures, inspect push and PR events, and replay CI callbacks. - [Recover from webhook failures with replay workflows](https://supahooks.ar27111994.dev/guides/incident-response.md): Identify failed webhook events with log queries, review payload and error context, and replay captured events to a fixed endpoint for recovery. - [Debug webhooks from Zapier, Make, and n8n](https://supahooks.ar27111994.dev/guides/low-code-tools.md): Use Webhook Debugger as a buffer between your source system and Zapier, Make, or n8n to inspect payloads, map fields, and replay events to fix flows. - [Validate Shopify webhook delivery and payloads](https://supahooks.ar27111994.dev/guides/shopify.md): Capture Shopify order, product, and customer webhooks, verify X-Shopify-Hmac-Sha256 signatures, and replay events to staging after a downstream fix. - [Inspect Slack event API callbacks and signatures](https://supahooks.ar27111994.dev/guides/slack.md): Capture Slack Events API callbacks and slash commands, verify X-Slack-Signature v0= signatures with timestamp validation, and prototype response bodies. - [Debug Stripe webhooks with signature verification](https://supahooks.ar27111994.dev/guides/stripe.md): Capture Stripe webhook events, verify HMAC signatures against your signing secret, inspect payloads, and replay events to staging after a fix. - [Webhook Debugger & Logger: capture and debug webhooks](https://supahooks.ar27111994.dev/introduction.md): Generate temporary webhook URLs, capture every request in full, replay failures, and mock API responses — without tunneling localhost. - [Get started with Webhook Debugger & Logger](https://supahooks.ar27111994.dev/quickstart.md): Learn how to generate a temporary webhook URL, send your first test request, and inspect the captured payload — all in under five minutes. - [Authenticate requests with an API key](https://supahooks.ar27111994.dev/security/authentication.md): Use authKey to protect your dashboard, management routes, and webhook ingest endpoints from unauthorized access with a shared secret. - [Restrict webhook access with IP allowlisting](https://supahooks.ar27111994.dev/security/ip-allowlist.md): Use allowedIps to limit traffic to specific IP addresses or CIDR blocks, blocking all requests that originate from outside the configured ranges. - [Verify webhook signatures from Stripe, GitHub, and more](https://supahooks.ar27111994.dev/security/signature-verification.md): Validate that incoming webhooks were sent by your provider using HMAC signature verification for Stripe, Shopify, GitHub, Slack, and custom providers. - [Troubleshoot common Webhook Debugger issues](https://supahooks.ar27111994.dev/troubleshooting.md): Diagnose and fix common problems with authentication, signature verification, payload handling, replay, streaming, and general endpoint behavior. ## OpenAPI Specs - [openapi](https://supahooks.ar27111994.dev/api-reference/openapi.json)