Cloudflare webhooks notify your application about changes to your Cloudflare resources, including DNS changes, security events, and Worker deployments. They integrate with Cloudflare's notification system for real-time alerting.
Cloudflare webhooks are HTTP POST requests that Cloudflare sends to your server when specific events occur in your account. Rather than continuously polling the Cloudflare API for updates, webhooks deliver real-time notifications the moment something happens — a payment completes, a user signs up, a deployment finishes, or any other tracked event.
Debugging these webhooks can be challenging because they originate from Cloudflare's servers, not your browser. You can't simply open DevTools to inspect them. That's where WebhookVault comes in — capture every Cloudflare webhook, inspect the full payload and headers, and replay them to your local development server.
| Event | Description |
|---|---|
| SSL certificate renewal | Fired when an SSL certificate is renewed or expires |
| DDoS attack detected | Fired when Cloudflare detects and mitigates a DDoS attack |
| Workers deployment | Fired when a Cloudflare Worker is deployed or updated |
| DNS record change | Fired when DNS records are created, updated, or deleted |
Follow these steps to start capturing and debugging Cloudflare webhooks using WebhookVault.
Sign up for a free WebhookVault API key and create an endpoint to capture Cloudflare webhooks.
curl -X POST https://webhookvault.anethoth.com/api/v1/endpoints \
-H "Authorization: Bearer wv_your_key" \
-H "Content-Type: application/json" \
-d '{"name": "Cloudflare Webhooks"}'
# Response:
# {"url": "https://webhookvault.anethoth.com/hook/abc123", "inspect_url": "https://webhookvault.anethoth.com/inspect/abc123"}Go to the Cloudflare Dashboard > Notifications Create a notification policy for the events you want to monitor Under delivery method, choose Webhook and enter your WebhookVault URL Configure the notification conditions and save the policy
Once Cloudflare sends a webhook, you can inspect every detail through the WebhookVault API or web inspector.
curl https://webhookvault.anethoth.com/api/v1/endpoints/abc123/requests \
-H "Authorization: Bearer wv_your_key"
# Returns all captured Cloudflare webhook requests with full headers, body, and metadataReplay any captured Cloudflare webhook to your local development server for testing.
curl -X POST https://webhookvault.anethoth.com/api/v1/endpoints/abc123/requests/1/replay \
-H "Authorization: Bearer wv_your_key" \
-H "Content-Type: application/json" \
-d '{"url": "http://localhost:3000/webhook"}'
# The original Cloudflare webhook is replayed to your local serverHere is an example of a typical Cloudflare webhook payload. Use WebhookVault to capture real payloads from your Cloudflare account for accurate testing.
{
"alert_id": "alert_abc123",
"alert_type": "ssl_certificate_renewal",
"account_id": "abc123",
"policy_id": "pol_abc123",
"data": {
"zone_name": "example.com",
"certificate_status": "renewed",
"expiration": "2025-06-15T00:00:00Z"
},
"timestamp": "2024-01-15T10:30:00Z",
"message": "SSL certificate for example.com has been renewed"
}Here are the most common issues developers encounter when working with Cloudflare webhooks, and how to resolve them.
Cloudflare sends a shared secret in the cf-webhook-auth header. Verify this matches your configured secret.
Cloudflare notifications and webhooks are configured separately. Ensure you're setting up the webhook delivery method.
Cloudflare may throttle notifications during high-volume events. Critical alerts should have separate notification policies.
Different alert types have different payload structures. Parse based on the alert_type field.
Cloudflare webhooks are HTTP callbacks that Cloudflare sends to your server when specific events occur. Instead of polling the Cloudflare API for changes, webhooks push real-time notifications to your application, making your integration more efficient and responsive.
Use WebhookVault to capture Cloudflare webhooks in the cloud, then replay them to your localhost. Create a WebhookVault endpoint, configure Cloudflare to send webhooks to it, and use the replay API to forward captured requests to http://localhost:3000/webhook (or your local port).
Most webhook providers, including Cloudflare, sign their webhook payloads to prove authenticity. Check the Cloudflare documentation for the specific signature header and verification algorithm. Use WebhookVault to capture and inspect the raw headers to debug signature verification issues.
Unlike ngrok, WebhookVault captures and stores every webhook request with full headers and payloads. You can replay any Cloudflare webhook to your local server as many times as needed, inspect historical requests, and share webhook data with your team. No tunnel to maintain or port to expose.
Create a free WebhookVault endpoint in seconds. Capture, inspect, and replay Cloudflare webhooks with zero configuration.
Get Free API Key