Building a GitHub integration — a CI bot, a PR automation, a deployment trigger — means dealing with GitHub webhooks. Testing them requires a public HTTPS URL that GitHub can reach, which means fighting with ngrok or deploying every change just to see a payload. WebhookWhisper gives you that public URL instantly, with a full real-time inspector built in.
How to Set Up GitHub Webhook Testing in 60 Seconds
- Get your free WebhookWhisper URL — click the button below, no account needed.
- Add it to GitHub — go to your repo → Settings → Webhooks → Add webhook. Paste your URL as the Payload URL. Set content type to
application/json. Choose "Send me everything" or pick specific events. - Trigger an event — push a commit, open a PR, merge a branch, or run a workflow. GitHub fires the webhook immediately.
- Inspect in real time — see the full payload with all GitHub headers (
X-GitHub-Event,X-Hub-Signature-256,X-GitHub-Delivery) the moment it arrives. - Forward to localhost — add a forwarding rule to
http://localhost:3000/webhooks/githuband WebhookWhisper relays every event to your local handler with retry on failure.
GitHub Webhook Events You Can Test
WebhookWhisper accepts all GitHub event types. Here are the most commonly tested:
Event (X-GitHub-Event) | When it fires | Common use case |
|---|---|---|
push | Commits pushed to any branch | Trigger CI, invalidate cache |
pull_request | PR opened, closed, merged, reviewed | Auto-assign, status checks, notifications |
workflow_run | GitHub Actions workflow completes | Post-deploy hooks, Slack notifications |
release | Release published or created | Trigger deploy, changelog update |
issues | Issue opened, closed, labelled | Sync to Linear/Jira, auto-triage |
issue_comment | Comment on issue or PR | Bot commands, slash-command handlers |
star | Repo starred or unstarred | Track growth, celebrate milestones |
create | Branch or tag created | Auto-provision environments |
Why GitHub Webhook Testing is Painful Without the Right Tool
GitHub needs a reachable public URL
GitHub can't reach localhost. Every developer building a GitHub integration has hit this wall: you need to either deploy your handler to a public server (slow iteration loop) or run a tunnel like ngrok (CLI to install, rotating URLs, persistent terminal process). WebhookWhisper gives you a permanent public URL with zero setup — paste it into GitHub once and forget about the tunnel.
The payload structure is complex
GitHub webhook payloads can be enormous. A pull_request event includes the full PR object, base/head refs, repository metadata, sender info, and dozens of nested fields. WebhookWhisper's inspector pretty-prints the JSON so you can quickly find the field your handler needs without running console.log(JSON.stringify(body, null, 2)) in your server logs.
Signature verification needs real headers
GitHub signs every webhook with X-Hub-Signature-256 using your webhook secret. WebhookWhisper shows the raw header value alongside the full body, so you can validate that your HMAC verification code is reading the signature correctly before shipping.
Testing GitHub Webhooks for GitHub Apps vs Repository Webhooks
GitHub has two webhook delivery mechanisms and both work identically with WebhookWhisper:
Repository webhooks
Set up under Settings → Webhooks on a specific repo or organisation. Scope is limited to that repo/org. Best for repo-specific automation like CI triggers, auto-labellers, or deploy hooks.
GitHub App webhooks
GitHub Apps have a single webhook URL configured on the App itself and receive events from all installed repos. Set your WebhookWhisper URL as the Webhook URL during App development. Every installation event, repository event, and check run lands in your inspector so you can see exactly what your App receives.
Guides & Related Resources
- How to Test GitHub Webhooks Locally — Full Step-by-Step Guide
- How to Debug Webhooks: A Practical Guide
- GitHub Webhook Events & Payload Reference
- Webhook Forwarding to Localhost — How It Works
- Stripe Webhook Testing — Free Tool
- Shopify Webhook Testing — Free Tool
Frequently Asked Questions
How do I verify GitHub webhook signatures?
GitHub sends an X-Hub-Signature-256 header containing sha256= followed by an HMAC-SHA256 of the raw request body using your webhook secret. In Node.js: crypto.createHmac('sha256', secret).update(rawBody).digest('hex') then compare to the header value. WebhookWhisper shows the raw header so you can confirm the value before testing verification logic.
Can I test GitHub webhooks without a public server?
Yes — that's exactly what WebhookWhisper is for. Your WebhookWhisper URL is publicly reachable by GitHub. You inspect events in the browser, and if you want your local server to receive them, add a forwarding rule pointing to http://localhost:3000.
Does WebhookWhisper work with GitHub Actions?
Yes, for inspecting the events that trigger GitHub Actions (like workflow_run completions or push events). WebhookWhisper is a webhook receiver, not a CI runner — it captures the HTTP event that GitHub sends, not the Actions workflow itself.
How do I test GitHub webhooks locally without ngrok?
Use WebhookWhisper's forwarding feature. Create a free endpoint, add it to GitHub, then set a forwarding rule with your local server URL as the target. No ngrok binary, no CLI, no rotating URLs — just a permanent public endpoint that proxies events to your machine.