GitHub webhooks let you build integrations that subscribe to events on GitHub.com. When an event is triggered, GitHub sends an HTTP POST to your configured URL. Common uses include CI/CD pipelines, chatbot notifications, and automated deployments.
GitHub webhooks are HTTP POST requests that GitHub sends to your server when specific events occur in your account. Rather than continuously polling the GitHub API for updates, webhooks deliver real-time notifications the moment something happens — a payment completes, a user signs up, a deployment finishes, or any other tracked event.
Debugging these webhooks can be challenging because they originate from GitHub's servers, not your browser. You can't simply open DevTools to inspect them. That's where WebhookVault comes in — capture every GitHub webhook, inspect the full payload and headers, and replay them to your local development server.
| Event | Description |
|---|---|
| push | Fired when commits are pushed to a repository branch |
| pull_request | Fired when a pull request is opened, closed, merged, or synchronized |
| issues | Fired when an issue is opened, edited, deleted, or labeled |
| release | Fired when a release is published, unpublished, or edited |
Follow these steps to start capturing and debugging GitHub webhooks using WebhookVault.
Sign up for a free WebhookVault API key and create an endpoint to capture GitHub webhooks.
curl -X POST https://webhookvault.anethoth.com/api/v1/endpoints \
-H "Authorization: Bearer wv_your_key" \
-H "Content-Type: application/json" \
-d '{"name": "GitHub Webhooks"}'
# Response:
# {"url": "https://webhookvault.anethoth.com/hook/abc123", "inspect_url": "https://webhookvault.anethoth.com/inspect/abc123"}Go to your repository Settings > Webhooks > Add webhook Enter your WebhookVault endpoint URL in the Payload URL field Set Content type to application/json Choose which events to trigger the webhook (or select 'Send me everything')
Once GitHub sends a webhook, you can inspect every detail through the WebhookVault API or web inspector.
curl https://webhookvault.anethoth.com/api/v1/endpoints/abc123/requests \
-H "Authorization: Bearer wv_your_key"
# Returns all captured GitHub webhook requests with full headers, body, and metadataReplay any captured GitHub webhook to your local development server for testing.
curl -X POST https://webhookvault.anethoth.com/api/v1/endpoints/abc123/requests/1/replay \
-H "Authorization: Bearer wv_your_key" \
-H "Content-Type: application/json" \
-d '{"url": "http://localhost:3000/webhook"}'
# The original GitHub webhook is replayed to your local serverHere is an example of a typical GitHub webhook payload. Use WebhookVault to capture real payloads from your GitHub account for accurate testing.
{
"action": "opened",
"number": 42,
"pull_request": {
"id": 1234567890,
"title": "Fix authentication bug",
"user": {
"login": "octocat"
},
"head": {
"ref": "fix-auth",
"sha": "abc123"
},
"base": {
"ref": "main"
},
"state": "open",
"draft": false
},
"repository": {
"full_name": "octocat/hello-world",
"private": false
},
"sender": {
"login": "octocat"
}
}Here are the most common issues developers encounter when working with GitHub webhooks, and how to resolve them.
GitHub truncates payloads over 25MB. For push events with many commits, use the API to fetch full details.
GitHub uses HMAC-SHA256 to sign payloads. Verify the X-Hub-Signature-256 header matches your computed hash.
GitHub expects a 2xx response within 10 seconds. Long-running handlers should process asynchronously.
Check that the specific event type is enabled in your webhook settings. 'push' events are separate from 'pull_request' events.
GitHub webhooks are HTTP callbacks that GitHub sends to your server when specific events occur. Instead of polling the GitHub API for changes, webhooks push real-time notifications to your application, making your integration more efficient and responsive.
Use WebhookVault to capture GitHub webhooks in the cloud, then replay them to your localhost. Create a WebhookVault endpoint, configure GitHub to send webhooks to it, and use the replay API to forward captured requests to http://localhost:3000/webhook (or your local port).
Most webhook providers, including GitHub, sign their webhook payloads to prove authenticity. Check the GitHub documentation for the specific signature header and verification algorithm. Use WebhookVault to capture and inspect the raw headers to debug signature verification issues.
Unlike ngrok, WebhookVault captures and stores every webhook request with full headers and payloads. You can replay any GitHub webhook to your local server as many times as needed, inspect historical requests, and share webhook data with your team. No tunnel to maintain or port to expose.
Create a free WebhookVault endpoint in seconds. Capture, inspect, and replay GitHub webhooks with zero configuration.
Get Free API Key