wyreup
inspect

Webhook Replay

Verify an inbound webhook then re-sign the same payload under a different secret for replay against your local dev or staging server. The classic "tunnel a Stripe / GitHub webhook through to localhost" pattern, without a server roundtrip.

Loading…

About Webhook Replay

Webhook Replay verifies an inbound webhook's signature, then re-signs the exact same payload under a different secret so you can replay it against your local or staging server. It is the classic "tunnel a Stripe or GitHub webhook through to localhost" workflow, done without a server roundtrip. Verification and re-signing happen in your browser, so the payload and secrets stay local.

Category
inspect
Input
Accepts: */*.
Output
Outputs: application/json.
Cost
Free, runs in your browser
Memory
low
Privacy: Webhook Replay runs entirely on your device. Files you provide never leave your browser — no uploads, no server, no tracking. The page works offline once loaded.

Common uses

  • Replay a captured Stripe webhook against localhost with your dev signing secret
  • Re-sign a GitHub webhook payload to test your staging endpoint's handler
  • Confirm an inbound HMAC signature is valid before trusting the event
  • Reproduce a production webhook locally without exposing a public tunnel
  • Swap the signing secret on a saved payload to test how each environment verifies it
  • Debug a signature-mismatch error by re-signing the body and comparing headers

Frequently asked questions

How does it verify the original webhook?

It checks the inbound HMAC signature against the secret you provide before re-signing the payload.

Does the payload or secret get sent anywhere?

No. Verification and re-signing run in your browser, with no server roundtrip.

Which providers does this work with?

It fits the common HMAC-signed webhook pattern used by Stripe, GitHub, and similar services.

What exactly do I get back?

A JSON result with the verification outcome and the re-signed payload plus signature for replay.

Can it deliver the webhook to my server for me?

It prepares the re-signed request locally; you send the resulting payload and headers to your dev or staging endpoint.

Keywords

  • webhook
  • replay
  • forward
  • tunnel
  • hmac
  • stripe
  • github
  • staging
  • dev

Try next

Hash
inspect

Compute SHA-256/SHA-512 checksums while debugging signatures.
JWT Decoder
dev

Inspect bearer tokens that ride alongside your webhook calls.
JSON Formatter
inspect

Pretty-print the webhook payload to read it clearly.
Color Palette
inspect

Extract dominant colors from an image as hex codes.
Image Diff
inspect

Pixel-level diff between two images of the same dimensions.
Image Info
inspect

Extract dimensions, format, and metadata from an image.
PDF Info
inspect

Extract page count and metadata from a PDF.
Hash
inspect

Compute SHA-256, SHA-1, or SHA-512 hashes of files.
JSON Formatter
inspect

Parse and pretty-print JSON with configurable indentation.
Extract PDF Tables
export

Extract tabular data from a PDF as JSON or CSV. Works well for simple tables with aligned columns and no merged cells. Complex tables, rotated text, and scanned PDFs (images) will not extract cleanly.
Topic Keywords
text

Pull the topic-bearing nouns and noun phrases out of any text. Answers "what is this about" — not "what words appear most" (try Text Frequency for that). Runs entirely in your browser.