Debugbits

Webhook Signature Validator

Verify webhook signatures with confidence.

Paste the exact payload, signing secret, and signature header. We compute the expected signature and explain mismatches for Stripe, GitHub, Shopify, and Slack.

Providers Stripe, GitHub, Shopify, Slack
Runs Locally in your browser
Output Expected signature

Webhook input

Stripe uses the `Stripe-Signature` header with `t=` and `v1=` values.

Use the exact raw body your webhook handler receives. Any whitespace or newline changes will invalidate the signature. Slack and Stripe also require the raw request timestamp.

Diagnostics

Waiting for input

Summary

--

Expected signature

--

Issues

  • Waiting for input.

Webhook signature tips

Raw body matters

Use the exact payload bytes. JSON reformatting will break signatures.

Timestamp checks

Stripe/Slack signatures include a timestamp. Use the same value from headers.

Secret mismatches

Verify you are using the endpoint-specific signing secret, not an API key.

Related tools

JWT Decoder

Inspect headers, payloads, and signature validity.

OAuth 2.0 Error Explainer

Turn OAuth errors into clear causes and fix steps.

JSON Schema Validator

Validate payloads and pinpoint schema violations.

Base64 Encoder / Decoder

Decode headers or payloads before validating signatures.

Timestamp / Epoch Debugger

Verify timestamp inputs for Slack and Stripe.

cURL / Fetch / Axios Converter

Recreate webhook POSTs in different clients.

Regex Editor

Test signature parsing patterns.

Explore the full toolkit.

Jump into another utility or browse everything in one place.

Browse all tools Back to home Suggest a tool