The Ultimate Guide to Webhooks (including what a webhook url is)


The Ultimate Guide to Webhooks (including what a webhook url is)
Webhooks are the backbone of modern automation and real-time integrations. If you’ve ever needed to connect two services—like triggering a Slack message when you get a new Stripe payment, or updating your CRM when someone fills out a form—you’ve probably heard about webhooks.
But what exactly are webhooks and how do they work? Read on to find out.
What is a Webhook?
A webhook is a way for one application to send real-time data to another application as soon as an event happens. Unlike APIs, where you have to poll for new data, webhooks push data to you automatically.
In plain English:
A webhook is a user-defined HTTP callback. When something happens in Service A, it sends an HTTP request (usually a POST) to a URL you specify (the webhook URL) on Service B.
Example:
- Stripe sends a POST request to your server when a payment is successful.
- GitHub notifies your CI/CD pipeline when code is pushed.
What is a Webhook URL?
A webhook URL is the public HTTP or HTTPS endpoint where you want to receive webhook events. It’s the address you give to the webhook provider (like Stripe, GitHub, or Shopify) so they know where to send the data.
Example webhook URL:
https://myapp.com/webhooks/stripe
When an event occurs, the provider makes an HTTP request to this URL, delivering the event payload.
Key properties of a webhook URL:
- Must be publicly accessible from the internet
- Usually expects POST requests (sometimes GET)
- Should be secured (HTTPS, authentication, validation)
- Needs to handle incoming data quickly and reliably
How Do Webhooks Work?
Here’s a step-by-step breakdown of how webhooks operate:
- You provide a webhook URL to the service you want to receive events from (e.g., Stripe, GitHub).
- The service stores your webhook URL and, when an event occurs, sends an HTTP request (usually POST) to your URL.
- Your server receives the request and processes the event data (e.g., updates a database, triggers a workflow).
- You respond with a 2xx HTTP status to acknowledge receipt.
Diagram:
[Webhook Provider] --(HTTP POST)--> [Your Webhook URL]
Example payload (Stripe):
{
"id": "evt_1Hh1Y2...",
"type": "payment_intent.succeeded",
"data": {
"object": {
"id": "pi_1Hh1Y2...",
"amount": 2000,
"currency": "usd"
}
}
}
Common Webhook Use Cases
- Payment notifications: Stripe, PayPal, Square
- CI/CD triggers: GitHub, GitLab, Bitbucket
- Chatbot integrations: Slack, Discord, Microsoft Teams
- E-commerce events: Shopify, WooCommerce, Magento
- IoT and automation: IFTTT, Zapier, Home Assistant
Why Testing Webhooks is Hard (Locally)
When developing locally, your server usually runs on localhost
(e.g., http://localhost:3000/webhook
). But webhook providers on the internet can’t reach your local machine because:
- You’re behind a NAT or firewall
- Your local server isn’t exposed to the public internet
- You don’t want to deploy every code change just to test webhooks
The solution:
Expose your local server to the internet with a public webhook URL that tunnels requests to your machine.
How to Test Webhooks Locally with Tunnelmole
Tunnelmole is a free and open source tunneling tool that gives your local server a public URL. It’s perfect for testing webhooks, APIs, and integrations—no firewall changes or cloud deployments required.
Why use Tunnelmole for webhook URLs?
- Open source: Inspect, self-host, or contribute
- Free public URLs: No login required for basic usage
- Easy install: One-line shell script or npm
- Works everywhere: Linux, Mac, Windows, WSL
- Custom domains: Available for paid/self-hosted users
Step-by-Step: Exposing Your Local Webhook URL
Let’s walk through exposing a local webhook endpoint using Tunnelmole.
1. Install Tunnelmole
Option 1: Shell script (Linux, Mac, WSL)
curl -O https://install.tunnelmole.com/xD345/install && sudo bash install
Option 2: NPM (requires Node.js 16.10+)
sudo npm install -g tunnelmole
Option 3: Windows
- Download tmole.exe
- Add to your PATH
2. Start Your Local Webhook Server
Suppose you have a Node.js Express app listening on port 3000.
Here is an extremely simple one in one file that you can run with NodeJS.
//app.js
const express = require('express');
const app = express();
app.use(express.json());
app.post('/webhook', (req, res) => {
console.log('Received webhook:', req.body);
res.sendStatus(200);
});
app.listen(3000, () => console.log('Listening on port 3000'));
Start your server:
node app.js
3. Run Tunnelmole to Get a Public Webhook URL
In a new terminal, run:
tmole 3000
You’ll see output like:
Your Tunnelmole Public URLs are below and are accessible internet wide. Always use HTTPs for the best security
https://abc12-ip-49-185-26-79.tunnelmole.net ⟶ http://localhost:3000
http://abc12-ip-49-185-26-79.tunnelmole.net ⟶ http://localhost:3000
Copy the HTTPS URL (e.g., https://abc12-ip-49-185-26-79.tunnelmole.net
).
4. Use Your Tunnelmole URL as the Webhook URL
In your webhook provider’s dashboard (e.g., Stripe, GitHub, IFTTT), set the webhook URL to:
https://abc12-ip-49-185-26-79.tunnelmole.net/webhook
Now, when the provider sends a webhook, Tunnelmole will forward the request to your local server.
5. Test It!
Trigger an event in your provider (e.g., make a test payment in Stripe).
You should see the webhook payload logged in your terminal.
Best Practices for Webhook URLs
- Always use HTTPS for security
- Validate incoming requests (signatures, secrets, IP allowlists)
- Respond quickly (acknowledge with 2xx, process heavy work asynchronously)
- Log all webhook events for debugging and auditing
- Handle retries and idempotency (webhook providers may resend events)
- Rotate secrets and update URLs if compromised
Summary & Next Steps
Webhooks are a powerful way to automate workflows and connect services in real time. The webhook URL is the critical bridge between providers and your application. With tools like Tunnelmole, you can easily expose your local server to the internet, making webhook development and testing fast, secure, and frustration-free.
Ready to try it?
- Download Tunnelmole
- Expose your local webhook URL in seconds
- Build, test, and debug integrations with confidence
Further Reading:
Ready to expose your webhook URL?
Get started with Tunnelmole now!
Subscribe to my newsletter
Read articles from Robbie Cahill directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
