~/tools / webhook-emulator
Webhook Cryptographic Header Emulator
Webhook handlers reject anything without a valid signature — which makes local testing
miserable without real provider secrets. Pick a provider, paste any secret and payload,
and get the exact signature headers computed the way Stripe, GitHub, or any HMAC-SHA256
service computes them. Native crypto.subtle only: your
secret never leaves this page.
sign request
— enter a secret to sign —
request headers
// signature headers will appear here
ready-to-fire curl
// curl command will appear here
$ man signature-schemes
- stripe — HMAC-SHA256 over
{timestamp}.{payload}, emitted ast={ts},v1={hex}. Timestamp is re-stamped on every edit. - github — HMAC-SHA256 over the raw body, emitted as
sha256={hex}. - generic — plain hex HMAC-SHA256 of the raw body in
x-signature.
Signatures are computed over the exact bytes in the textarea — whitespace included — matching how providers sign the raw request body.