The Debugging Problem
You're integrating a webhook. Stripe, GitHub, Shopify — the provider says "we'll POST to your endpoint." But what exactly do they send? What headers? What content type? What does the payload look like?
Usually you'd spin up ngrok, write a quick Express server, or use webhook.site (which has a 2-day retention limit). We built something simpler: a free HTTP echo API that mirrors any request back as JSON. Part of WebhookVault.
Echo API: Mirror Any Request
curl -X POST https://webhookvault.anethoth.com/api/v1/echo \
-H "Content-Type: application/json" \
-H "X-Custom-Header: test-value" \
-d '{"event": "payment.completed", "amount": 4999}'{
"method": "POST",
"url": "/api/v1/echo",
"headers": {
"content-type": "application/json",
"x-custom-header": "test-value",
"host": "webhookvault.anethoth.com",
"user-agent": "curl/8.1.2",
"accept": "*/*",
"content-length": "45"
},
"body": "{"event": "payment.completed", "amount": 4999}",
"client_ip": "203.0.113.42",
"timestamp": "2026-04-19T12:00:00Z"
}Any HTTP method works: GET, POST, PUT, PATCH, DELETE, OPTIONS. You can also append custom paths: /api/v1/echo/my/custom/path — the path is included in the response.
Headers Inspector
Sometimes you just want to see what headers a proxy, CDN, or load balancer adds to your requests:
curl https://webhookvault.anethoth.com/api/v1/headers{
"headers": {
"host": "webhookvault.anethoth.com",
"user-agent": "curl/8.1.2",
"accept": "*/*",
"cf-connecting-ip": "203.0.113.42",
"cf-ray": "8abc123def456-IAD",
"x-forwarded-for": "203.0.113.42",
"x-forwarded-proto": "https"
},
"count": 7,
"analysis": {
"auth_type": "none",
"proxy_detected": true,
"cors_origin": null
}
}The analysis field automatically detects: authentication type (Bearer, Basic, API key), proxy/CDN headers (X-Forwarded-For, CF-Connecting-IP), and CORS origin headers. Useful for debugging authentication issues and proxy configurations.
Real-World Use Cases
1. Verify Stripe Webhook Payloads
Before writing your webhook handler, see exactly what Stripe sends:
# Set your Stripe CLI to forward to the echo endpoint
stripe listen --forward-to https://webhookvault.anethoth.com/api/v1/echo
# Trigger a test event
stripe trigger payment_intent.succeededThe echo response shows you the exact headers (including stripe-signature) and payload structure.
2. Debug HTTP Client Libraries
Verify that your HTTP client sends the right headers and body:
import requests
resp = requests.post(
"https://webhookvault.anethoth.com/api/v1/echo",
json={"test": True},
headers={"Authorization": "Bearer sk_test_xxx"}
)
print(resp.json()["headers"]["authorization"])
# "Bearer sk_test_xxx" — confirmed it's sent correctly3. Test CORS Preflight
Check what your browser sends in a CORS preflight:
fetch("https://webhookvault.anethoth.com/api/v1/echo", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ test: true })
}).then(r => r.json()).then(console.log);4. Load Balancer Health Check Verification
Verify what your load balancer sends to backend health checks:
curl https://webhookvault.anethoth.com/api/v1/echo/health \
-H "User-Agent: ELB-HealthChecker/2.0"CORS Enabled
Both endpoints support CORS from any origin, so you can call them from browser-based tools, CodePen experiments, or frontend debugging sessions.
Limits
- Rate limit: 30 requests/minute per IP
- No authentication required
- No data stored — echo responses are generated on the fly, nothing is saved
- Max body size: 1MB
Need More?
The echo API is stateless — it doesn't store requests. If you need to capture, inspect, replay, and forward webhook requests with a persistent endpoint, check out WebhookVault. The free tier includes 3 endpoints with 24-hour request retention. Or try the interactive Webhook Tester to create a temporary capture endpoint in your browser.
Try WebhookVault free
A free HTTP echo API that mirrors any request back as JSON — method, headers, body, IP. Get started with our free tier — no credit card required.
Get started free →