# Testing webhooks

During the development phase (opens new window) in Sandbox, you need to receive and process webhooks, just like you would in Production.

Receiving and processing webhooks is essential to validating that your code will behave as expected once pushed into production.

Lock icon

Security – Development exposure

You should consider the security implications of exposing your development environment to the internet.

There are two main ways of achieving this:

# Using a port forwarding service Easy

Some commercial services can offer you a customized domain name, and redirect requests sent to this domain, towards your development machine or server, allowing for the reception of webhooks. These have the advantage of being able to run behind a firewall, and do not require any changes to your router configuration or DNS zone.

Lock icon

Security – Webhook exposure

You should consider the security implications of having webhooks transit through a third party's infrastructure. Careful reading of their TCU is recommended.

# NGRok (opens new window)

Ngrok exposes your development machine or server to the public internet over a secure tunnel, using a locally installed helper program.

Webhooks are forwared to your development machine or server.

  • Download and run a program (opens new window) on your development machine or server and provide it the port (opens new window) of your web application (./ngrok http {portOfYourApplication}).
  • The application automatically configures and provides you with a domain name that redirects to your development machine.
  • Traffic is relayed through to the ngrok process running on your machine and then on to your web application.
ngrok

# RequestCatcher (opens new window)

RequestCatcher exposes requests sent to a subdomain directly in your browser. It doesn't require the creation of an account or the installation of an helper program.

Webhooks are visible to you, but are not forwared to your development machine or server.

  • Go to the webpage (opens new window) and enter a subdomain of your choice
  • The webpage automatically updates to display all requests sent to this subdomain
Request Catcher

# Mocklab (opens new window)

Mocklab allows you to graphically program an API (such as accepting POST requests and answering with 200 HTTP Status Code), and display any request sent to it in your Mocklab dashboard.

Webhooks are visible to you, but are not forwared to your development machine or server.

Mocklab

# Subscribe to webhooks

You can follow the normal subscription procedure using the domain name provided by one of these services as the webhook endpoint.

The AWS certificate verifications steps of the subscription procedure are a nice to have but can be skipped.

# Manually setting-up port forwarding Technical

This is a manual process, whereby, somebody with access to your router configuration, exposes your development machine or server to internet, allowing for the reception of webhooks.

Paperclip icon

Prerequisites – This is a fancy note

# Configure a domain name

# Using your own domain (static IP)

You need to connect to your domain name customer interface, go to the DNS zone, and add an A type entry (such as sandbox.{my-domain-name.io} => 12.345.6.789), pointing to your internet access' IP. Your domain name provider likely has a detailed documentation regarding this step.

# Using a Dynamic DNS service (dynamic IP)

If you use a Dynamic DNS service, you need to connect to your Dynamic DNS customer interface, where you will be asked to choose or customize a domain name.

The second step is to install a helper program on your development machine or server. This program will notify the Dynamic DNS service of any IP address change. The Dynamic DNS service will then automatically update the DNS zone to point the domain to your new IP address.

# Configure port forwarding

You need to connect to your router, go to the NAT rules, and add an inbound NAT forwarding rule

  • from the port 443
  • to the port 443
  • to the IP of your development machine or server.

Your router manufacturer likely has a detailed documentation regarding this step.

# Subscribe to webhooks

You can follow the normal subscription procedure using your newly created domain name as the webhook endpoint.

The AWS certificate verifications steps of the subscription procedure are a nice to have but can be skipped.

Updated on: 3/7/2024, 3:05:48 PM