Test GitHub webhooks and inspect every delivery
Point a repository or organization webhook at a public URL and read the payload, the X-GitHub-Event type and the X-Hub-Signature-256 header in your browser. No signup, nothing to install.
Free, no account. Works with repository and organization webhooks.
Test a GitHub webhook in four steps
play.hook0.com catches the delivery for you, so you can read the exact payload and headers before your handler is anywhere near ready.
Get a public URL
Open the tester for a URL that accepts any POST. No install, no server of your own.
Add it to your repo
In your repository, open Settings, Webhooks, Add webhook and paste the URL as the Payload URL. Choose the events you care about and save.
Trigger and inspect
Do the action, such as a push or a new pull request, then read the raw body plus the X-GitHub-Event, X-GitHub-Delivery and X-Hub-Signature-256 headers.
Redeliver while you debug
GitHub keeps a Recent Deliveries list on the webhook with a Redeliver button, so you can replay the same payload as you fix your handler.
How GitHub signs a webhook delivery
GitHub signs the delivery with a secret you set on the webhook, so you can confirm the request really came from GitHub. Match the header exactly and you are done.
- Signature header
X-Hub-Signature-256, a value that starts withsha256=.- Algorithm
- HMAC-SHA256, hex encoded, computed over the raw request body.
- Legacy header
X-Hub-Signaturecarries an older SHA-1 signature. Prefer the 256 version and ignore SHA-1.- Shared secret
- The secret you typed into the webhook settings. GitHub does not show it again, so store it when you create the hook.
- Event and delivery
X-GitHub-Eventnames the event,X-GitHub-Deliveryis a unique id for that delivery.- Replay a delivery
- The Recent Deliveries tab on the webhook lets you resend any past payload.
Read the raw body and the X-Hub-Signature-256 value in the tester, then reproduce the HMAC in your own code to confirm it matches.
GitHub webhook testing questions
How do I test a GitHub webhook?
Open the tester to get a public URL, add it as the Payload URL under your repository Settings, Webhooks, then trigger an event. The tester shows the exact body and headers GitHub sent, and GitHub keeps a Recent Deliveries list you can redeliver from.
How do I test a GitHub webhook locally?
Point the webhook at a public URL that receives the payload for you, inspect it, then replay it against your local server. That avoids exposing localhost to the internet while you build the handler.
Which header holds the GitHub webhook signature?
X-Hub-Signature-256, a hex HMAC-SHA256 of the raw body prefixed with sha256=. An older X-Hub-Signature header carries a SHA-1 value that you can ignore.
Why is my GitHub signature check failing?
Usually because the body was parsed and re-encoded before hashing. GitHub signs the raw bytes, so compute the HMAC over the exact payload you received. Comparing the header and body in the tester shows you what to sign.
Is the webhook tester free?
Yes. play.hook0.com is free with no signup. When you want to send your own signed webhooks to your users, Hook0 Cloud has a free tier and the server is open-source to self-host.
You have better things to build
Stop building webhook infrastructure. Start shipping features. Get started in minutes.