mockdock.dev

~/tools / webhook-emulator

Webhook Cryptographic Header Emulator

Webhook handlers reject anything without a valid signature — which makes local testing miserable without real provider secrets. Pick a provider, paste any secret and payload, and get the exact signature headers computed the way Stripe, GitHub, or any HMAC-SHA256 service computes them. Native crypto.subtle only: your secret never leaves this page.

sign request

— enter a secret to sign —

request headers
// signature headers will appear here
ready-to-fire curl
// curl command will appear here

$ man signature-schemes

  • stripe — HMAC-SHA256 over {timestamp}.{payload}, emitted as t={ts},v1={hex}. Timestamp is re-stamped on every edit.
  • github — HMAC-SHA256 over the raw body, emitted as sha256={hex}.
  • generic — plain hex HMAC-SHA256 of the raw body in x-signature.

Signatures are computed over the exact bytes in the textarea — whitespace included — matching how providers sign the raw request body.

ln -s ./related-tools