Test Stripe webhooks and read every byte Stripe sends
Point a Stripe endpoint at a public URL, then inspect the raw body and the Stripe-Signature header in your browser. No signup, nothing to install. The quickest way to see why a signature check passes or fails.
Free, no account. Works with test-mode and live events.
Test a Stripe webhook in four steps
play.hook0.com receives the event for you, so you can see what Stripe actually posted before you write a line of verification code.
Get a public URL
Open the tester and it hands you a URL that accepts any HTTP POST. Nothing to install.
Point Stripe at it
Add the URL as an endpoint in the Stripe Dashboard, or forward to it with stripe listen --forward-to. Then fire an event with stripe trigger payment_intent.succeeded.
Read the raw delivery
See the exact body Stripe posted and every header, including Stripe-Signature with its t= timestamp and v1= signature.
Fix your verification
Copy the raw body and the signature into your own handler and confirm the HMAC matches before you wire it to production.
What the Stripe-Signature header actually contains
Stripe signs each event so you can prove it came from Stripe and was not replayed. Getting the signed string wrong is the usual reason a check fails, so here is exactly what to match.
- Signature header
Stripe-Signature, carrying at=timestamp and av1=signature.- Algorithm
- HMAC-SHA256, hex encoded.
- What gets signed
- The timestamp, a dot, then the raw request body:
t + "." + payload. Sign the raw bytes, not a re-serialized object. - Signing secret
- Your endpoint secret, prefixed
whsec_. Test mode and live mode each have their own. - Replay window
- Stripe libraries reject a timestamp older than five minutes by default. Keep that check on.
- Send test events
stripe trigger,stripe listen --forward-to, or create an object in the Dashboard.
The tester shows the raw body and the Stripe-Signature value side by side, which is all you need to reproduce the HMAC locally.
Stripe webhook testing questions
How do I test a Stripe webhook?
Open the tester to get a public URL, add it as an endpoint in the Stripe Dashboard or forward to it with stripe listen, then send an event with stripe trigger. The tester shows the raw body and headers Stripe posted so you can inspect and replay them.
Where do I find my Stripe webhook signing secret?
In the Stripe Dashboard, open the endpoint under Developers, Webhooks and reveal its signing secret. It starts with whsec_. When you run stripe listen, the CLI prints a separate secret for local forwarding.
Why does my Stripe signature verification fail?
Almost always because the signed payload does not match byte for byte. Stripe signs timestamp + "." + raw body, so verify the raw request bytes rather than a parsed and re-serialized object. Reading the exact body and Stripe-Signature header in the tester tells you what to reproduce.
Can I test Stripe webhooks without my own server?
Yes, at least for inspecting deliveries. The tester gives you a public URL that receives events in the browser, so you do not have to expose localhost. You still need a Stripe account to send events, and test mode is free.
Is the webhook tester free?
Yes. play.hook0.com is free and needs no signup. When you are ready to send your own signed webhooks in production, Hook0 Cloud has a free tier and the server is open-source to self-host.
You have better things to build
Stop building webhook infrastructure. Start shipping features. Get started in minutes.