Skip to main content
Stripe Webhook Tester

Test Stripe webhooks and read every byte Stripe sends

Point a Stripe endpoint at a public URL, then inspect the raw body and the Stripe-Signature header in your browser. No signup, nothing to install. The quickest way to see why a signature check passes or fails.

Free, no account. Works with test-mode and live events.

Trusted by teams at

Coinbase Eudonet GEODIS WoodWing Optery Alteos ActiveAnts Apizee
How it works

Test a Stripe webhook in four steps

play.hook0.com receives the event for you, so you can see what Stripe actually posted before you write a line of verification code.

Step 1

Get a public URL

Open the tester and it hands you a URL that accepts any HTTP POST. Nothing to install.

Step 2

Point Stripe at it

Add the URL as an endpoint in the Stripe Dashboard, or forward to it with stripe listen --forward-to. Then fire an event with stripe trigger payment_intent.succeeded.

Step 3

Read the raw delivery

See the exact body Stripe posted and every header, including Stripe-Signature with its t= timestamp and v1= signature.

Step 4

Fix your verification

Copy the raw body and the signature into your own handler and confirm the HMAC matches before you wire it to production.

Signature

What the Stripe-Signature header actually contains

Stripe signs each event so you can prove it came from Stripe and was not replayed. Getting the signed string wrong is the usual reason a check fails, so here is exactly what to match.

Signature header
Stripe-Signature, carrying a t= timestamp and a v1= signature.
Algorithm
HMAC-SHA256, hex encoded.
What gets signed
The timestamp, a dot, then the raw request body: t + "." + payload. Sign the raw bytes, not a re-serialized object.
Signing secret
Your endpoint secret, prefixed whsec_. Test mode and live mode each have their own.
Replay window
Stripe libraries reject a timestamp older than five minutes by default. Keep that check on.
Send test events
stripe trigger, stripe listen --forward-to, or create an object in the Dashboard.

The tester shows the raw body and the Stripe-Signature value side by side, which is all you need to reproduce the HMAC locally.

FAQ

Stripe webhook testing questions

How do I test a Stripe webhook?

Open the tester to get a public URL, add it as an endpoint in the Stripe Dashboard or forward to it with stripe listen, then send an event with stripe trigger. The tester shows the raw body and headers Stripe posted so you can inspect and replay them.

Where do I find my Stripe webhook signing secret?

In the Stripe Dashboard, open the endpoint under Developers, Webhooks and reveal its signing secret. It starts with whsec_. When you run stripe listen, the CLI prints a separate secret for local forwarding.

Why does my Stripe signature verification fail?

Almost always because the signed payload does not match byte for byte. Stripe signs timestamp + "." + raw body, so verify the raw request bytes rather than a parsed and re-serialized object. Reading the exact body and Stripe-Signature header in the tester tells you what to reproduce.

Can I test Stripe webhooks without my own server?

Yes, at least for inspecting deliveries. The tester gives you a public URL that receives events in the browser, so you do not have to expose localhost. You still need a Stripe account to send events, and test mode is free.

Is the webhook tester free?

Yes. play.hook0.com is free and needs no signup. When you are ready to send your own signed webhooks in production, Hook0 Cloud has a free tier and the server is open-source to self-host.

You have better things to build

Stop building webhook infrastructure. Start shipping features. Get started in minutes.

No credit card required
Setup in 5 minutes
Cancel anytime