🪝

Webhook Validator — Payload & Signature Checker

Validate and inspect webhook payloads in your browser. Auto-detects GitHub, Stripe, Slack, and Shopify webhooks, extracts event details, and optionally verifies HMAC signatures. Free and private.

ValidatorsAPI & Backend
Loading tool...

How to Use Webhook Validator — Payload & Signature Checker

How to Use the Webhook Validator:

  1. Paste the Payload: Copy the raw JSON body of your webhook request and paste it into the payload field. The tool accepts any JSON object.

  2. Click "Validate Webhook": The tool parses the JSON and attempts to identify the provider automatically based on the payload structure. Supported providers are GitHub, Stripe, Slack, and Shopify.

  3. Review Event Details: For recognised providers, the tool extracts the event type, event ID, and provider-specific fields such as the repository name (GitHub), livemode flag (Stripe), team ID (Slack), or currency (Shopify).

  4. Verify the Signature (optional): To verify that the payload has not been tampered with:

    • Paste the signature header value into the "Signature Header Value" field (e.g. the full value of X-Hub-Signature-256 for GitHub, or X-Shopify-Hmac-Sha256 for Shopify).
    • Enter your webhook signing secret.
    • Click "Validate Webhook" again — the tool will compute the expected HMAC and compare it against the provided value.
  5. Understand Signature Results:

    • Verified: The computed HMAC matches the provided signature — the payload is authentic.
    • Mismatch: The signatures differ — the payload may have been modified, or the wrong secret was used. The computed signature is shown for comparison.
    • See note: Some providers (Stripe, Slack) sign a combined string that includes a timestamp from another header. Body-only verification is not supported for these; use the provider SDK or include the full signing string.

Notes:

  • GitHub uses HMAC-SHA256 on the raw body with a "sha256=" prefix. Paste the full header value.
  • Shopify uses HMAC-SHA256 on the raw body, base64-encoded (no prefix).
  • Stripe uses HMAC-SHA256 on "<timestamp>.<body>" — direct body-only verification is not possible.
  • Slack uses HMAC-SHA256 on "v0:<timestamp>:<body>" — direct body-only verification is not possible.
  • Your payload and secret never leave your browser.

Frequently Asked Questions

Most Viewed Tools

📺

Screen Size Converter — Diagonal Dimension Tool

5,968 views

Calculate screen width and height from diagonal size and aspect ratio. Convert between inches and centimeters for displays, TVs, and monitors with instant dimension calculations.

Use Tool →
🖨️

DPI Calculator — Print Resolution Tool

3,885 views

Calculate DPI (dots per inch), image dimensions, and print sizes. Convert between pixels and physical dimensions for printing and displays.

Use Tool →
🔐

TOTP Code Generator — 2FA Testing Tool

3,612 views

Generate time-based one-time passwords from a TOTP secret key. Enter your base32 secret, choose a period and digit length, and get the current and next codes with a live countdown timer. Useful for testing and debugging 2FA integrations.

Use Tool →
{}

JSONL Formatter — Line-by-Line Validator

3,608 views

Format, validate, and inspect JSON Lines (JSONL) and NDJSON files. Validates each line individually, reports parse errors by line number, outputs compact JSONL or a pretty-print preview, and lets you download the cleaned file.

Use Tool →
{ }

JSON to Zod — Schema Generator

3,490 views

Generate Zod validation schema code from a JSON sample object. Infers z.string(), z.number(), z.boolean(), z.array(), z.object(), and z.null() types automatically. Handles nested objects, arrays of objects with optional field detection, and outputs copy-ready TypeScript with import and z.infer type alias.

Use Tool →
🔑

Password Entropy Calculator — Crack Time Estimator

3,291 views

Calculate the information-theoretic bit entropy of any password or API key. Detects character set pools automatically, shows the total number of possible combinations, and estimates crack time across five attack scenarios from rate-limited web logins to GPU cracking clusters.

Use Tool →
🔐

TLS Cipher Suite Checker — Strength Analyzer

3,284 views

Check TLS protocol version compatibility and cipher suite strength ratings against current best practices. Supports IANA and OpenSSL cipher names — rates each suite as Strong, Weak, or Deprecated and explains why.

Use Tool →
🔍

Secret Scanner — API Key & Credential Detector

3,014 views

Scan pasted text, code, or config files for accidentally exposed API keys, tokens, passwords, and private keys. Detects 50+ secret types across AWS, GitHub, Stripe, OpenAI, and more — all client-side, nothing leaves your browser.

Use Tool →

Related API & Backend Tools

GraphQL Subscription Builder — Generate WebSocket Payloads and Client Queries

Build GraphQL subscription query strings and generate WebSocket connection code snippets for Apollo Client, urql, and graphql-ws. Define your operation name, variables, and selection fields visually, then copy the ready-to-use code.

Use Tool →
🔁

Webhook Retry Config Calculator — Simulate Exponential Backoff & Jitter

Configure exponential backoff parameters and preview the full retry schedule for webhook delivery. Enter max attempts, initial delay, multiplier, jitter, and a max delay cap to instantly see each retry timestamp, cumulative elapsed time, jitter range, and which delays hit the cap. Supports presets for standard, aggressive, conservative, Stripe-style, and fixed-interval retry policies. Free and runs entirely in your browser.

Use Tool →
📝

REST Endpoint Documenter — Markdown Doc Generator

Document a REST endpoint quickly by entering the URL, method, headers, and sample request/response. Generates formatted Markdown documentation and an example cURL command instantly.

Use Tool →
⏱️

API Latency Budget Calculator — Plan Distributed System Performance

Set a P99 SLO latency target and distribute the budget across your upstream service dependencies. See remaining headroom, utilization percentage, a stacked allocation bar, and a per-service breakdown with optional P99 actual measurements.

Use Tool →
🔍

API Error Decoder — Fix Suggestion Tool

Decode HTTP status codes and OAuth 2.0 error strings with plain-English descriptions, common causes, and actionable fix suggestions. Covers every HTTP 1xx–5xx status code and all standard OAuth 2.0 error responses. Results appear instantly as you type.

Use Tool →
📊

GraphQL Cost Estimator — Analyze Query Complexity and Depth

Assign custom field weights to a GraphQL schema and calculate the total query complexity score. Paste any GraphQL query, configure per-field costs, and get a per-field breakdown table showing depth, multipliers, and cumulative cost.

Use Tool →
🔁

OpenAPI Mock Generator — Turn API Specs into Live Mock Servers

Paste an OpenAPI 3.x or Swagger 2.0 spec, select any endpoint, and instantly get a realistic mock request body and response matching the defined schemas. Also generates a ready-to-run cURL command.

Use Tool →

GraphQL Query Formatter — Mutation & Subscription Tool

Format and prettify GraphQL queries, mutations, subscriptions, and fragments with correct indentation.

Use Tool →

Share Your Feedback

Help us improve this tool by sharing your experience

We will only use this to follow up on your feedback