Webhook Guides

Webhook Test

A webhook test proves the full path from sender to receiver: source URL, request capture, route matching, destination delivery, response body, retry behavior, and replay safety.

FastHook lets you run that test online with a public source URL while keeping the evidence needed to debug failures before production providers depend on the route.

Webhook test loop from payload fixture to request capture, routed event, attempt, assertion, and replay. — A useful webhook test validates every step, not just a single 200 response.

Send a webhook test payload

Webhook test cURL

curl -X POST "https://hook-xxxxxx.fasthook.io/" \
  -H "Content-Type: application/json" \
  -H "X-Test-Run: smoke-1" \
  -d '{
    "id": "evt_test_1",
    "type": "order.created",
    "data": {
      "order_id": "ord_102",
      "customer_id": "cus_88"
    }
  }'

What a good webhook test proves

A useful webhook test proves more than connectivity. It should show that the sender can reach the source URL, the payload and headers are captured, source authentication behaves as expected, connection filters match the intended route, the destination receives the delivery, and the receiver can handle retry without duplicate side effects.

That is why FastHook tests follow the request to event to attempt path. The request proves ingress, the event proves routing, and the attempt proves outbound delivery and receiver response.

Test checklist

Confirm the request was accepted and captured.
Confirm route filters matched the expected connection.
Inspect the destination attempt response and latency.
Retry one failed event after fixing the receiver.
Replay a request only when routing or transformations changed.

Negative webhook tests

Send a wrong HTTP method and confirm it is rejected.
Send a payload with a missing required field and confirm the receiver returns the expected error.
Send a duplicate event id and confirm the receiver does not repeat the side effect.
Use a wrong signature secret and confirm the source rejects the request.
Force a destination 500, fix the receiver, and retry only the failed event.

Inspect the webhook test

Inspect test request

curl "https://api.fasthook.io/v1/requests?source_id=src_q6z62b6py5o79b&from=now-1h&to=now&limit=20&include=data" \
  -H "Authorization: Bearer $FASTHOOK_API_KEY" \
  -H "x-team-id: $FASTHOOK_TEAM_ID"

Test assertions

Keep assertions close to the evidence. Assert the request status, the event status, the destination attempt status, and the receiver-side idempotency record. Avoid relying only on the provider dashboard, because it may show that a request was delivered even when downstream business logic failed after returning 200.

Webhook test matrix

Test	Expected evidence	Why it matters
Happy path	Accepted request, routed event, successful attempt.	Proves the full route works.
Bad auth	Rejected request with auth cause.	Prevents forged provider traffic.
Receiver failure	Failed attempt with response body.	Proves retry and recovery workflow.