API Reference

Webhook Inspector

Capture, inspect, and replay incoming webhook payloads from any provider

Debug and test webhook integrations from Stripe, GitHub, Shopify, and any other provider. Webhook Inspector captures incoming payloads, verifies signatures, and lets you replay deliveries on demand — eliminating the guesswork of webhook development and reducing integration time from hours to minutes.

provider profilessignature verificationpayload replayreal-time streaming

Endpoint

POST /v1/webhook/inspect

Authentication: Include your API key in the X-API-Key header with every request. All requests go through the API gateway which handles authentication, rate limiting, and usage tracking.

Open Swagger UI (interactive docs)

Request

{
  "profile": "stripe",
  "method": "POST",
  "headers": {
    "Content-Type": "application/json"
  },
  "body": "{\"type\": \"payment_intent.succeeded\"}"
}

Request Fields

Field	Type	Description
`profile`	`string`	Field value
`method`	`string`	Field value
`headers`	`object`	Nested object with properties
`body`	`string`	Field value

Response

{
  "id": "dlv_abc123",
  "profile": "stripe",
  "receivedAt": "2026-03-25T14:30:00Z",
  "method": "POST",
  "headers": {
    "Content-Type": "application/json"
  },
  "bodySize": 256,
  "signatureValid": true
}

Response Fields

Field	Type	Description
`id`	`string`	Unique identifier
`profile`	`string`	Field value
`receivedAt`	`string`	Field value
`method`	`string`	Field value
`headers`	`object`	Nested object with properties
`bodySize`	`integer`	Field value
`signatureValid`	`boolean`	Field value

Error Codes

Status	Meaning
`200`	Request completed successfully
`400`	Bad request — invalid or missing parameters
`401`	Missing or invalid `X-API-Key` header
`429`	Rate limit exceeded — check `Retry-After` header
`500`	Internal server error

Common Error Scenarios

400 Invalid webhook URL

Request that triggers this:

{"url": "not-a-url"}

Error response:

{"type": "/problems/validation-error", "title": "Invalid URL", "status": 400, "detail": "'not-a-url' is not a valid URL"}

How to fix: Provide a valid HTTP or HTTPS URL for the webhook (e.g., https://example.com/webhook).

504 Webhook timeout

Request that triggers this:

{"url": "https://slow-service.example.com"}

Error response:

{"type": "/problems/gateway-timeout", "title": "Gateway Timeout", "status": 504, "detail": "Webhook did not respond within 30 seconds"}

How to fix: Ensure your webhook endpoint responds within 30 seconds. Optimize performance or move heavy processing to async jobs.

Code Examples

curl -X POST /v1/webhook/inspect \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{
  "profile": "stripe",
  "method": "POST",
  "headers": {
    "Content-Type": "application/json"
  },
  "body": "{\"type\": \"payment_intent.succeeded\"}"
}'

// Node.js (18+) or modern browser
const response = await fetch("/v1/webhook/inspect", {
  method: "POST",
  headers: {
    "X-API-Key": "YOUR_API_KEY",
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    "profile": "stripe",
    "method": "POST",
    "headers": {
        "Content-Type": "application/json"
    },
    "body": "{\"type\": \"payment_intent.succeeded\"}"
}),
});

const data = await response.json();
console.log(response.status, data);

import requests

response = requests.post(
    "/v1/webhook/inspect",
    headers={
        "X-API-Key": "YOUR_API_KEY",
        "Content-Type": "application/json",
    },
    json={
    "profile": "stripe",
    "method": "POST",
    "headers": {
        "Content-Type": "application/json"
    },
    "body": "{\"type\": \"payment_intent.succeeded\"}"
},
)

print(response.status_code)
print(response.json())

package main

import (
	"fmt"
	"io"
	"net/http"
	"strings"
)

func main() {
	body := strings.NewReader(`{
  "profile": "stripe",
  "method": "POST",
  "headers": {
    "Content-Type": "application/json"
  },
  "body": "{\"type\": \"payment_intent.succeeded\"}"
}`)
	req, _ := http.NewRequest("POST", "/v1/webhook/inspect", body)
	req.Header.Set("X-API-Key", "YOUR_API_KEY")
	req.Header.Set("Content-Type", "application/json")

	resp, err := http.DefaultClient.Do(req)
	if err != nil {
		panic(err)
	}
	defer resp.Body.Close()

	data, _ := io.ReadAll(resp.Body)
	fmt.Println(resp.StatusCode)
	fmt.Println(string(data))
}

{
  "name": "webhook_inspector",
  "description": "Capture, inspect, and replay incoming webhook payloads from any provider",
  "inputSchema": {
    "type": "object",
    "properties": {
      "api_key": {"type": "string", "description": "Your Orovai API key"},
      "request": {"type": "object", "description": "Request body"}
    },
    "required": ["api_key", "request"]
  },
  "endpoint": "/v1/webhook/inspect",
  "method": "POST",
  "headers": {
    "X-API-Key": "{{api_key}}",
    "Content-Type": "application/json"
  }
}

API Reference