GitHub Webhooks for Integration Workflows

GitHub webhooks drive CI/CD triggers, repository automation, and issue workflows. They are event-heavy and can fail silently if delivery monitoring is weak.

This page shows a practical setup for receiving GitHub webhook events and handling retries safely.

What is a GitHub webhook

It is an HTTP callback from GitHub for events like push, pull_request, and issues. Requests are signed and should be verified before processing.

How it works

1. Create a webhook endpoint URL.
2. Add webhook in GitHub repository settings.
3. Select event types and set secret.
4. Verify `X-Hub-Signature-256` header.
5. Process event asynchronously.

Common problems

• Signature mismatch due to wrong secret or body parsing.
• Missing branch filters causing noisy events.
• No delivery log for failed pushes.
• Duplicate automation actions on retries.

How FastHook solves this

FastHook centralizes GitHub webhook deliveries with payload inspection and replay. You can debug failed events quickly and keep automation predictable.

Code examples

GitHub signature verification pattern (Node.js)

import crypto from "crypto";

function verifyGithubSignature(rawBody, signature, secret) {
  const hmac = crypto.createHmac("sha256", secret).update(rawBody).digest("hex");
  const expected = "sha256=" + hmac;
  return crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(signature));
}

GitHub webhook delivery test (curl)

curl -X POST "https://example.com/webhooks/github" \
  -H "Content-Type: application/json" \
  -H "X-GitHub-Event: push" \
  -d '{
    "ref": "refs/heads/main",
    "repository": { "full_name": "org/repo" }
  }'

GitHub push payload example

{
  "ref": "refs/heads/main",
  "after": "5f6b7a",
  "repository": {
    "full_name": "acme/payments-api"
  },
  "pusher": {
    "name": "dev-user"
  }
}

Try FastHook

Receive GitHub events through FastHook to monitor deliveries and replay failed automation triggers.