Skip to main content
GitHub Webhook Tester

Test GitHub webhooks and inspect every delivery

Point a repository or organization webhook at a public URL and read the payload, the X-GitHub-Event type and the X-Hub-Signature-256 header in your browser. No signup, nothing to install.

Free, no account. Works with repository and organization webhooks.

Trusted by teams at

Coinbase Eudonet GEODIS WoodWing Optery Alteos ActiveAnts Apizee
How it works

Test a GitHub webhook in four steps

play.hook0.com catches the delivery for you, so you can read the exact payload and headers before your handler is anywhere near ready.

Step 1

Get a public URL

Open the tester for a URL that accepts any POST. No install, no server of your own.

Step 2

Add it to your repo

In your repository, open Settings, Webhooks, Add webhook and paste the URL as the Payload URL. Choose the events you care about and save.

Step 3

Trigger and inspect

Do the action, such as a push or a new pull request, then read the raw body plus the X-GitHub-Event, X-GitHub-Delivery and X-Hub-Signature-256 headers.

Step 4

Redeliver while you debug

GitHub keeps a Recent Deliveries list on the webhook with a Redeliver button, so you can replay the same payload as you fix your handler.

Signature

How GitHub signs a webhook delivery

GitHub signs the delivery with a secret you set on the webhook, so you can confirm the request really came from GitHub. Match the header exactly and you are done.

Signature header
X-Hub-Signature-256, a value that starts with sha256=.
Algorithm
HMAC-SHA256, hex encoded, computed over the raw request body.
Legacy header
X-Hub-Signature carries an older SHA-1 signature. Prefer the 256 version and ignore SHA-1.
Shared secret
The secret you typed into the webhook settings. GitHub does not show it again, so store it when you create the hook.
Event and delivery
X-GitHub-Event names the event, X-GitHub-Delivery is a unique id for that delivery.
Replay a delivery
The Recent Deliveries tab on the webhook lets you resend any past payload.

Read the raw body and the X-Hub-Signature-256 value in the tester, then reproduce the HMAC in your own code to confirm it matches.

FAQ

GitHub webhook testing questions

How do I test a GitHub webhook?

Open the tester to get a public URL, add it as the Payload URL under your repository Settings, Webhooks, then trigger an event. The tester shows the exact body and headers GitHub sent, and GitHub keeps a Recent Deliveries list you can redeliver from.

How do I test a GitHub webhook locally?

Point the webhook at a public URL that receives the payload for you, inspect it, then replay it against your local server. That avoids exposing localhost to the internet while you build the handler.

Which header holds the GitHub webhook signature?

X-Hub-Signature-256, a hex HMAC-SHA256 of the raw body prefixed with sha256=. An older X-Hub-Signature header carries a SHA-1 value that you can ignore.

Why is my GitHub signature check failing?

Usually because the body was parsed and re-encoded before hashing. GitHub signs the raw bytes, so compute the HMAC over the exact payload you received. Comparing the header and body in the tester shows you what to sign.

Is the webhook tester free?

Yes. play.hook0.com is free with no signup. When you want to send your own signed webhooks to your users, Hook0 Cloud has a free tier and the server is open-source to self-host.

You have better things to build

Stop building webhook infrastructure. Start shipping features. Get started in minutes.

No credit card required
Setup in 5 minutes
Cancel anytime