This guide covers everything you need to test Airtable webhooks — how to inspect the raw payload, verify the signature, forward events to localhost, and reproduce any delivery in your local development environment without needing a real Airtable event.
How to Test Airtable Webhooks with WebhookWhisper
- Create a free endpoint — click Create Live Endpoint above to get a permanent public HTTPS URL (no account required to try)
- Register the URL in Airtable — paste the WebhookWhisper URL into Airtable's webhook settings
- Trigger a test event — use the one-click test payload sender or trigger a real event in Airtable
- Inspect the request — see the full headers, raw body, and Airtable signature header in real time
- Forward to localhost — add a forwarding rule to relay the event to your local handler (e.g.
http://localhost:3000/webhooks/airtable)
Airtable Webhook Signature Verification
Airtable signs webhook deliveries using HMAC-SHA256. The signature is sent in the X-Airtable-Content-MAC header. Always verify this signature before processing the payload to ensure the request came from Airtable and was not tampered with in transit.
Node.js Verification
const crypto = require('crypto')
const express = require('express')
const app = express()
app.post('/webhooks/airtable',
express.raw({ type: 'application/json' }),
(req, res) => {
const secret = process.env.AIRTABLE_WEBHOOK_SECRET
const signature = req.headers['x-airtable-content-mac']
// Compute expected HMAC — always use raw body, never parsed JSON
const expected = crypto
.createHmac('sha256', secret)
.update(req.body)
.digest('hex')
if (!crypto.timingSafeEqual(Buffer.from(signature || ''), Buffer.from(expected))) {
return res.status(401).json({ error: 'Invalid signature' })
}
const event = JSON.parse(req.body)
// Process event here — respond first, process async for slow operations
res.json({ received: true })
}
)Python (FastAPI) Verification
import hashlib, hmac, os
from fastapi import FastAPI, Request, HTTPException
app = FastAPI()
@app.post('/webhooks/airtable')
async def webhook(request: Request):
secret = os.environ['AIRTABLE_WEBHOOK_SECRET'].encode()
raw_body = await request.body()
signature = request.headers.get('x-airtable-content-mac', '')
expected = hmac.new(secret, raw_body, hashlib.sha256).hexdigest()
if not hmac.compare_digest(signature, expected):
raise HTTPException(status_code=401, detail='Invalid signature')
payload = await request.json()
return {'received': True}Common Airtable Webhook Errors
| Error | Cause | Fix |
|---|---|---|
| 401 Unauthorized | Signature mismatch — body parsed before verification | Use raw body bytes for HMAC, never parsed JSON |
| Timeout | Handler takes longer than Airtable's timeout window | Respond with 200 immediately, process async in background |
| Duplicate events | Your handler returned non-2xx, causing retries | Deduplicate using the event ID field |
| Missing events | Wrong URL registered or endpoint returning errors | Use WebhookWhisper to confirm the exact delivery URL and response |
Forward Airtable Webhooks to Localhost
Use WebhookWhisper to receive Airtable webhook events at a public HTTPS URL and relay them to your local development server — no tunnel, no CLI install, no public server required.
- Create a WebhookWhisper endpoint and paste it into Airtable's webhook settings
- In the Forwarding tab, set target URL to
http://localhost:3000/webhooks/airtable - Every Airtable event appears in the inspector and hits your local handler simultaneously
- Use event replay (Pro) to re-send any captured event without triggering a new action in Airtable
FAQ
Do I need a Airtable account to test webhooks?
No. WebhookWhisper includes a one-click Airtable sample payload so you can fire a realistic test event and verify your handler without a Airtable account or triggering a real Airtable action.
How do I find my Airtable webhook secret?
The webhook signing secret is shown in Airtable's developer settings or webhook configuration page. Each webhook endpoint gets its own secret — do not share secrets between endpoints.
What is the Airtable webhook timeout?
Most providers timeout after 5–30 seconds. If your handler does slow operations (database writes, external API calls), respond with HTTP 200 immediately and process the event in a background job to avoid triggering Airtable's retry logic.