Skip to main content

Testing with Anonymous Endpoints

This guide shows you how to use Anonymous Endpoints for quick webhook testing, debugging integrations, and evaluating Hooklistener - all without creating an account.

What You'll Learn

  • How to create anonymous endpoints for testing
  • How to test webhooks from popular providers
  • How to view and inspect webhook payloads
  • How to debug webhook issues quickly
  • Common testing patterns and workflows

Prerequisites

  • None! No account or authentication required
  • Just a terminal or browser
  • curl or similar HTTP client (optional)

Quick Start

Step 1: Create Anonymous Endpoint

Using curl:

curl -X POST https://api.hooklistener.com/api/v1/anon/endpoints

Response:

{
  "id": "anon-abc123def456",
  "viewer_token": "dGhpc2lzYXJhbmRvbXRva2VuZXhhbXBsZQ",
  "expires_at": "2024-01-16T10:30:00Z",
  "webhook_url": "https://api.hooklistener.com/anon/anon-abc123def456"
}

Save these values:

  • webhook_url - Send webhooks here
  • viewer_token - View webhooks with this (shown only once!)

Step 2: Send Test Webhook

curl -X POST https://api.hooklistener.com/anon/anon-abc123def456 \
  -H "Content-Type: application/json" \
  -d '{
    "test": true,
    "message": "Hello from Hooklistener!"
  }'

Step 3: View Webhooks

Open in browser:

https://app.hooklistener.com/anon/anon-abc123def456?token=dGhpc2lzYXJhbmRvbXRva2VuZXhhbXBsZQ

Or via API:

curl -X GET "https://api.hooklistener.com/api/v1/anon/endpoints/anon-abc123def456/events" \
  -H "Authorization: Bearer dGhpc2lzYXJhbmRvbXRva2VuZXhhbXBsZQ"

That's it! You now have a functioning webhook testing endpoint.

Stripe Webhooks

1. Create endpoint:

curl -X POST https://api.hooklistener.com/api/v1/anon/endpoints \
  -H "Content-Type: application/json" \
  -d '{"ttl_seconds": 3600}'

2. Add to Stripe:

3. Send test event:

  • In Stripe dashboard, click "Send test webhook"
  • Select event type (e.g., "payment_intent.succeeded")
  • Click "Send test webhook"

4. View in Hooklistener:

Open your viewing URL in browser to see the webhook payload, including:

  • Event type
  • Event ID
  • Signature header (Stripe-Signature)
  • Complete payload structure

Example Stripe webhook:

{
  "id": "evt_1234567890",
  "object": "event",
  "type": "payment_intent.succeeded",
  "data": {
    "object": {
      "id": "pi_1234567890",
      "amount": 1000,
      "currency": "usd",
      "status": "succeeded"
    }
  }
}

GitHub Webhooks

1. Create endpoint:

curl -X POST https://api.hooklistener.com/api/v1/anon/endpoints \
  -H "Content-Type: application/json" \
  -d '{"ttl_seconds": 7200}'

2. Add to GitHub repository:

  • Go to your repository Settings
  • Click "Webhooks" → "Add webhook"
  • Paste your webhook_url
  • Content type: application/json
  • Select events (or "Send me everything")
  • Click "Add webhook"

3. Trigger event:

  • Create issue, push code, open PR, etc.
  • GitHub sends webhook immediately

4. Inspect payload:

View webhook to see:

  • Event type (in X-GitHub-Event header)
  • Delivery ID (in X-GitHub-Delivery header)
  • Signature (in X-Hub-Signature-256 header)
  • Full event payload

Example GitHub webhook:

{
  "action": "opened",
  "pull_request": {
    "id": 123456789,
    "title": "Add new feature",
    "user": {
      "login": "developer"
    }
  },
  "repository": {
    "name": "my-repo",
    "full_name": "org/my-repo"
  }
}

Shopify Webhooks

1. Create endpoint:

curl -X POST https://api.hooklistener.com/api/v1/anon/endpoints

2. Add to Shopify:

  • Shopify Admin → Settings → Notifications
  • Scroll to "Webhooks"
  • Click "Create webhook"
  • Event: Select event type (e.g., "Order creation")
  • Format: JSON
  • URL: Paste your webhook_url
  • Click "Save"

3. Trigger event:

  • Create test order in Shopify
  • Or use Shopify's webhook test feature

4. View webhook:

See complete order details including:

  • Order ID
  • Line items
  • Customer information
  • Payment status

Slack Webhooks (Outgoing)

1. Create endpoint:

curl -X POST https://api.hooklistener.com/api/v1/anon/endpoints

2. Set up Slack Outgoing Webhook:

  • Go to https://api.slack.com/apps
  • Create new app (or select existing)
  • Features → Outgoing Webhooks
  • Add webhook with your webhook_url
  • Configure trigger words

3. Send message in Slack:

Type message with trigger word in configured channel.

4. Inspect webhook:

View payload structure:

  • Token
  • Team ID
  • Channel ID
  • User ID
  • Text
  • Trigger word

Common Testing Patterns

Pattern 1: Quick Integration Test

Scenario: Verify webhook integration works before coding.

Steps:

  1. Create anonymous endpoint
  2. Configure provider to send webhooks
  3. Trigger test event
  4. Inspect payload structure
  5. Now write code with confidence

Time: 5 minutes

Pattern 2: Payload Structure Discovery

Scenario: Don't know exact webhook format.

Steps:

  1. Create anonymous endpoint
  2. Add to provider
  3. Trigger multiple event types
  4. Document payload structures
  5. Use in application code

Example:

# Create endpoint
RESPONSE=$(curl -s -X POST https://api.hooklistener.com/api/v1/anon/endpoints)
ENDPOINT_ID=$(echo $RESPONSE | jq -r '.id')
VIEWER_TOKEN=$(echo $RESPONSE | jq -r '.viewer_token')
WEBHOOK_URL=$(echo $RESPONSE | jq -r '.webhook_url')

echo "Webhook URL: $WEBHOOK_URL"
echo "View at: https://app.hooklistener.com/anon/$ENDPOINT_ID?token=$VIEWER_TOKEN"

# Configure provider with $WEBHOOK_URL
# Trigger various events
# Review payloads in browser

Pattern 3: Debugging Production Issues

Scenario: Production webhooks failing, need to see what's being sent.

Steps:

  1. Create anonymous endpoint
  2. Temporarily route production webhooks to it
  3. Trigger real production event
  4. Inspect actual production payload
  5. Identify issue
  6. Fix and restore production routing

Time: 10-15 minutes

Pattern 4: Sharing Examples with Team

Scenario: Show teammate webhook structure.

Steps:

  1. Create anonymous endpoint
  2. Send example webhooks
  3. Share viewer URL with teammate
  4. They view payloads in browser
  5. Endpoint auto-expires after 24 hours

Example:

# Create endpoint
curl -X POST https://api.hooklistener.com/api/v1/anon/endpoints

# Send example
curl -X POST https://api.hooklistener.com/anon/anon-abc123 \
  -H "Content-Type: application/json" \
  -d '{
    "order_id": "ORD-12345",
    "status": "completed",
    "total": 99.99
  }'

# Share this URL with teammate:
# https://app.hooklistener.com/anon/anon-abc123?token=...

Pattern 5: CI/CD Webhook Testing

Scenario: Test webhooks in CI pipeline.

Steps:

# .github/workflows/test.yml
name: Test Webhooks

on: [push]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2

      - name: Create test endpoint
        id: endpoint
        run: |
          RESPONSE=$(curl -s -X POST https://api.hooklistener.com/api/v1/anon/endpoints)
          echo "::set-output name=url::$(echo $RESPONSE | jq -r '.webhook_url')"
          echo "::set-output name=id::$(echo $RESPONSE | jq -r '.id')"
          echo "::set-output name=token::$(echo $RESPONSE | jq -r '.viewer_token')"

      - name: Run tests
        env:
          WEBHOOK_URL: ${{ steps.endpoint.outputs.url }}
        run: npm test

      - name: Verify webhooks received
        run: |
          curl -H "Authorization: Bearer ${{ steps.endpoint.outputs.token }}" \
            https://api.hooklistener.com/api/v1/anon/endpoints/${{ steps.endpoint.outputs.id }}/events

Debugging with Anonymous Endpoints

Debugging Missing Headers

Problem: Webhooks not authenticated properly.

Solution:

  1. Create anonymous endpoint
  2. Send webhook with authentication headers
  3. Inspect headers in Hooklistener
  4. Verify format is correct

Example:

# Send with auth header
curl -X POST https://api.hooklistener.com/anon/anon-abc123 \
  -H "Authorization: Bearer secret-token" \
  -H "X-Custom-Header: value" \
  -d '{"test": true}'

# View in browser - check Headers section
# Verify Authorization header is present and correct

Debugging Payload Format

Problem: Not sure if JSON is correctly formatted.

Solution:

  1. Send payload to anonymous endpoint
  2. View in Hooklistener (automatic JSON formatting)
  3. See syntax highlighting and validation

Example:

# Send potentially malformed JSON
curl -X POST https://api.hooklistener.com/anon/anon-abc123 \
  -H "Content-Type: application/json" \
  -d '{
    "valid": true,
    "nested": {
      "data": [1, 2, 3]
    }
  }'

# View in browser - JSON will be formatted
# Any syntax errors will be visible

Debugging Webhook Signatures

Problem: Need to verify webhook signature format.

Solution:

  1. Configure provider to send signed webhooks
  2. View signature headers
  3. Verify signature algorithm and format
  4. Test signature verification code

Example (Stripe):

# Stripe sends signature in header
# View webhook, find Stripe-Signature header:
# t=1234567890,v1=abc123...

# Now implement signature verification:
const crypto = require('crypto');

function verifyStripeSignature(payload, signature, secret) {
  const timestamp = signature.split(',')[0].split('=')[1];
  const sig = signature.split(',')[1].split('=')[1];

  const signedPayload = `${timestamp}.${payload}`;
  const expected = crypto
    .createHmac('sha256', secret)
    .update(signedPayload)
    .digest('hex');

  return sig === expected;
}

Best Practices

Security

1. Don't use for production:

# ❌ Bad: Production webhooks to anonymous endpoint
# Anonymous endpoints are temporary and public

# ✅ Good: Use for testing only

2. Protect viewer token:

# ❌ Bad: Commit viewer token to git
echo "TOKEN=abc123" >> .env
git add .env

# ✅ Good: Keep in local environment only
export VIEWER_TOKEN="abc123"  # Terminal only

3. Use short TTLs:

# ❌ Bad: 7-day endpoint for 1-hour test
curl -X POST ... -d '{"ttl_seconds": 604800}'

# ✅ Good: Match TTL to need
curl -X POST ... -d '{"ttl_seconds": 3600}'  # 1 hour

Efficiency

1. Reuse endpoints:

# Instead of creating new endpoint for each test:
# Create once, use multiple times

ENDPOINT_URL="https://api.hooklistener.com/anon/anon-abc123"

# Test 1
curl -X POST $ENDPOINT_URL -d '{"test": 1}'

# Test 2
curl -X POST $ENDPOINT_URL -d '{"test": 2}'

# Test 3
curl -X POST $ENDPOINT_URL -d '{"test": 3}'

# View all tests in one place

2. Save endpoint details:

# Save to file for easy access
curl -X POST https://api.hooklistener.com/api/v1/anon/endpoints \
  | tee endpoint-details.json

# Later, retrieve URL
cat endpoint-details.json | jq -r '.webhook_url'

3. Use automation:

#!/bin/bash
# create-test-endpoint.sh

# Create endpoint
RESPONSE=$(curl -s -X POST https://api.hooklistener.com/api/v1/anon/endpoints)

# Extract details
ENDPOINT_ID=$(echo $RESPONSE | jq -r '.id')
WEBHOOK_URL=$(echo $RESPONSE | jq -r '.webhook_url')
VIEWER_TOKEN=$(echo $RESPONSE | jq -r '.viewer_token')
VIEW_URL="https://app.hooklistener.com/anon/$ENDPOINT_ID?token=$VIEWER_TOKEN"

# Display
echo "Webhook URL: $WEBHOOK_URL"
echo "View URL: $VIEW_URL"

# Copy to clipboard (macOS)
echo $WEBHOOK_URL | pbcopy
echo "Webhook URL copied to clipboard!"

# Open browser
open $VIEW_URL

Troubleshooting

Endpoint Creation Fails

Error: Rate limit exceeded

Cause: Created too many endpoints (limit: 10 per hour per IP)

Solution:

# Wait for rate limit to reset
# Or reuse existing endpoint

Webhooks Not Appearing

Checklist:

  1. ✅ Verify endpoint URL is correct
  2. ✅ Check endpoint hasn't expired
  3. ✅ Confirm webhook was actually sent
  4. ✅ Refresh browser

Test:

# Send test webhook manually
curl -X POST https://api.hooklistener.com/anon/YOUR_ENDPOINT_ID \
  -d '{"test": true}'

# Should appear immediately in browser

Cannot View Webhooks (401)

Error: Invalid viewer token

Cause: Wrong token in Authorization header

Solution:

# Correct format
curl -H "Authorization: Bearer YOUR_VIEWER_TOKEN" ...

# Not this
curl -H "X-Viewer-Token: YOUR_VIEWER_TOKEN" ...  # ❌

Endpoint Expired (410)

Cause: TTL elapsed (default 24 hours)

Solution:

# Create new endpoint
curl -X POST https://api.hooklistener.com/api/v1/anon/endpoints

# Or use longer TTL
curl -X POST https://api.hooklistener.com/api/v1/anon/endpoints \
  -H "Content-Type: application/json" \
  -d '{"ttl_seconds": 172800}'  # 48 hours

Advanced Usage

Real-Time Webhook Monitoring

Monitor webhooks as they arrive using WebSocket:

// webhook-monitor.js
const WebSocket = require('ws');

const endpointId = 'anon-abc123def456';
const viewerToken = 'dGhpc2lzYXJhbmRvbXRva2VuZXhhbXBsZQ';

const ws = new WebSocket('wss://api.hooklistener.com/socket');

ws.on('open', () => {
  console.log('Connected to Hooklistener');

  // Join endpoint channel
  ws.send(JSON.stringify({
    topic: `anon_webhook:${endpointId}`,
    event: 'phx_join',
    payload: { token: viewerToken },
    ref: '1'
  }));
});

ws.on('message', (data) => {
  const message = JSON.parse(data);

  if (message.event === 'webhook_received') {
    console.log('\n=== New Webhook ===');
    console.log('Method:', message.payload.method);
    console.log('Headers:', JSON.stringify(message.payload.headers, null, 2));
    console.log('Body:', message.payload.body);
    console.log('===================\n');
  }
});

ws.on('error', (error) => {
  console.error('WebSocket error:', error);
});

console.log(`Monitoring webhooks for endpoint: ${endpointId}`);
console.log('Send webhooks to test...');

Run:

node webhook-monitor.js

Automated Testing Script

Complete script for automated testing:

#!/bin/bash
# test-webhook-integration.sh

set -e

echo "Creating test endpoint..."
RESPONSE=$(curl -s -X POST https://api.hooklistener.com/api/v1/anon/endpoints \
  -H "Content-Type: application/json" \
  -d '{"ttl_seconds": 3600}')

ENDPOINT_ID=$(echo $RESPONSE | jq -r '.id')
WEBHOOK_URL=$(echo $RESPONSE | jq -r '.webhook_url')
VIEWER_TOKEN=$(echo $RESPONSE | jq -r '.viewer_token')

echo "Endpoint created: $ENDPOINT_ID"
echo "Webhook URL: $WEBHOOK_URL"
echo ""

echo "Sending test webhooks..."

# Test 1: JSON payload
echo "Test 1: JSON payload"
curl -s -X POST $WEBHOOK_URL \
  -H "Content-Type: application/json" \
  -d '{"test": 1, "type": "json"}'
echo " ✓"

# Test 2: With custom headers
echo "Test 2: Custom headers"
curl -s -X POST $WEBHOOK_URL \
  -H "Content-Type: application/json" \
  -H "X-Custom-Header: test-value" \
  -H "Authorization: Bearer secret-token" \
  -d '{"test": 2, "type": "with-headers"}'
echo " ✓"

# Test 3: Different method
echo "Test 3: PUT request"
curl -s -X PUT $WEBHOOK_URL \
  -d '{"test": 3, "method": "PUT"}'
echo " ✓"

echo ""
echo "Verifying webhooks..."

# Wait for webhooks to process
sleep 2

# Fetch and verify
EVENTS=$(curl -s -H "Authorization: Bearer $VIEWER_TOKEN" \
  "https://api.hooklistener.com/api/v1/anon/endpoints/$ENDPOINT_ID/events")

COUNT=$(echo $EVENTS | jq '.pagination.total_count')

if [ "$COUNT" -eq 3 ]; then
  echo " ✓ All 3 webhooks received"
else
  echo " ✗ Expected 3 webhooks, got $COUNT"
  exit 1
fi

echo ""
echo "View webhooks at:"
echo "https://app.hooklistener.com/anon/$ENDPOINT_ID?token=$VIEWER_TOKEN"

Next Steps

Now that you've learned how to test with Anonymous Endpoints:

  1. Try Debug Endpoints - For permanent, team-based testing
  2. Build Bridges - For production webhook workflows
  3. Explore Transformations - Modify webhook payloads
  4. Sign up for free - Get full platform access

Anonymous Endpoints are perfect for quick testing and debugging. For production use and team collaboration, create a Hooklistener account and use the full platform features!