The Ultimate Guide to Webhooks (including what a webhook url is)

Robbie CahillRobbie Cahill
5 min read

The Ultimate Guide to Webhooks (including what a webhook url is)

Webhooks are the backbone of modern automation and real-time integrations. If you’ve ever needed to connect two services—like triggering a Slack message when you get a new Stripe payment, or updating your CRM when someone fills out a form—you’ve probably heard about webhooks.

But what exactly are webhooks and how do they work? Read on to find out.


What is a Webhook?

A webhook is a way for one application to send real-time data to another application as soon as an event happens. Unlike APIs, where you have to poll for new data, webhooks push data to you automatically.

In plain English:
A webhook is a user-defined HTTP callback. When something happens in Service A, it sends an HTTP request (usually a POST) to a URL you specify (the webhook URL) on Service B.

Example:

  • Stripe sends a POST request to your server when a payment is successful.
  • GitHub notifies your CI/CD pipeline when code is pushed.

What is a Webhook URL?

A webhook URL is the public HTTP or HTTPS endpoint where you want to receive webhook events. It’s the address you give to the webhook provider (like Stripe, GitHub, or Shopify) so they know where to send the data.

Example webhook URL:

https://myapp.com/webhooks/stripe

When an event occurs, the provider makes an HTTP request to this URL, delivering the event payload.

Key properties of a webhook URL:

  • Must be publicly accessible from the internet
  • Usually expects POST requests (sometimes GET)
  • Should be secured (HTTPS, authentication, validation)
  • Needs to handle incoming data quickly and reliably

How Do Webhooks Work?

Here’s a step-by-step breakdown of how webhooks operate:

  1. You provide a webhook URL to the service you want to receive events from (e.g., Stripe, GitHub).
  2. The service stores your webhook URL and, when an event occurs, sends an HTTP request (usually POST) to your URL.
  3. Your server receives the request and processes the event data (e.g., updates a database, triggers a workflow).
  4. You respond with a 2xx HTTP status to acknowledge receipt.

Diagram:

[Webhook Provider] --(HTTP POST)--> [Your Webhook URL]

Example payload (Stripe):

{
  "id": "evt_1Hh1Y2...",
  "type": "payment_intent.succeeded",
  "data": {
    "object": {
      "id": "pi_1Hh1Y2...",
      "amount": 2000,
      "currency": "usd"
    }
  }
}

Common Webhook Use Cases

  • Payment notifications: Stripe, PayPal, Square
  • CI/CD triggers: GitHub, GitLab, Bitbucket
  • Chatbot integrations: Slack, Discord, Microsoft Teams
  • E-commerce events: Shopify, WooCommerce, Magento
  • IoT and automation: IFTTT, Zapier, Home Assistant

Why Testing Webhooks is Hard (Locally)

When developing locally, your server usually runs on localhost (e.g., http://localhost:3000/webhook). But webhook providers on the internet can’t reach your local machine because:

  • You’re behind a NAT or firewall
  • Your local server isn’t exposed to the public internet
  • You don’t want to deploy every code change just to test webhooks

The solution:
Expose your local server to the internet with a public webhook URL that tunnels requests to your machine.


How to Test Webhooks Locally with Tunnelmole

Tunnelmole is a free and open source tunneling tool that gives your local server a public URL. It’s perfect for testing webhooks, APIs, and integrations—no firewall changes or cloud deployments required.

Why use Tunnelmole for webhook URLs?

  • Open source: Inspect, self-host, or contribute
  • Free public URLs: No login required for basic usage
  • Easy install: One-line shell script or npm
  • Works everywhere: Linux, Mac, Windows, WSL
  • Custom domains: Available for paid/self-hosted users

Step-by-Step: Exposing Your Local Webhook URL

Let’s walk through exposing a local webhook endpoint using Tunnelmole.

1. Install Tunnelmole

Option 1: Shell script (Linux, Mac, WSL)

curl -O https://install.tunnelmole.com/xD345/install && sudo bash install

Option 2: NPM (requires Node.js 16.10+)

sudo npm install -g tunnelmole

Option 3: Windows


2. Start Your Local Webhook Server

Suppose you have a Node.js Express app listening on port 3000.

Here is an extremely simple one in one file that you can run with NodeJS.

//app.js
const express = require('express');
const app = express();
app.use(express.json());

app.post('/webhook', (req, res) => {
    console.log('Received webhook:', req.body);
    res.sendStatus(200);
});

app.listen(3000, () => console.log('Listening on port 3000'));

Start your server:

node app.js

3. Run Tunnelmole to Get a Public Webhook URL

In a new terminal, run:

tmole 3000

You’ll see output like:

Your Tunnelmole Public URLs are below and are accessible internet wide. Always use HTTPs for the best security

https://abc12-ip-49-185-26-79.tunnelmole.net ⟶ http://localhost:3000
http://abc12-ip-49-185-26-79.tunnelmole.net ⟶ http://localhost:3000

Copy the HTTPS URL (e.g., https://abc12-ip-49-185-26-79.tunnelmole.net).


4. Use Your Tunnelmole URL as the Webhook URL

In your webhook provider’s dashboard (e.g., Stripe, GitHub, IFTTT), set the webhook URL to:

https://abc12-ip-49-185-26-79.tunnelmole.net/webhook

Now, when the provider sends a webhook, Tunnelmole will forward the request to your local server.


5. Test It!

Trigger an event in your provider (e.g., make a test payment in Stripe).
You should see the webhook payload logged in your terminal.


Best Practices for Webhook URLs

  • Always use HTTPS for security
  • Validate incoming requests (signatures, secrets, IP allowlists)
  • Respond quickly (acknowledge with 2xx, process heavy work asynchronously)
  • Log all webhook events for debugging and auditing
  • Handle retries and idempotency (webhook providers may resend events)
  • Rotate secrets and update URLs if compromised

Summary & Next Steps

Webhooks are a powerful way to automate workflows and connect services in real time. The webhook URL is the critical bridge between providers and your application. With tools like Tunnelmole, you can easily expose your local server to the internet, making webhook development and testing fast, secure, and frustration-free.

Ready to try it?

  • Download Tunnelmole
  • Expose your local webhook URL in seconds
  • Build, test, and debug integrations with confidence

Further Reading:


Ready to expose your webhook URL?
Get started with Tunnelmole now!

0
Subscribe to my newsletter

Read articles from Robbie Cahill directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Robbie Cahill
Robbie Cahill