Deploy Webhooks
Simple webhook client and server demo apps.
webhook-server
Just deployed
webhook-client
Just deployed
Deploy and Host Webhooks on Railway
A minimal but realistic webhook client-server demo. The server receives signed webhook payloads and verifies them using HMAC-SHA256. The client provides a Streamlit UI to send signed or unsigned requests to any webhook endpoint — a practical introduction to the full webhook security pattern.
About Hosting Webhooks
This Railway template deploys two services: a Node.js/Express webhook server and a Streamlit webhook client. The server exposes a parameterised /webhook/:event endpoint that accepts any event name, optionally verifies an HMAC-SHA256 signature against a shared secret, logs the event type and payload, and returns the received data as JSON. The client sends HTTP POST requests with a configurable URL, event type, JSON payload, and optional shared secret — if a secret is provided, the payload is signed automatically before sending. Both services are pre-configured to communicate over Railway's private internal network.
Common Use Cases
- Learning the webhook security pattern — understand how HMAC-SHA256 payload signing works end-to-end, with a client that signs requests and a server that verifies them using a shared secret, mirroring how real providers like GitHub, Stripe, and Twilio secure webhooks
- Testing and debugging webhook integrations — use the client as a lightweight alternative to curl or Postman for sending structured JSON payloads with custom headers and signatures to any webhook endpoint, including third-party services
- Starting point for custom webhook infrastructure — extend the parameterised server route to handle specific event types, add persistence, queue processing, or notification logic on top of a working, security-aware foundation
Dependencies for Webhooks Hosting
- Node.js webhook server — built from the
server/directory; no external dependencies beyond Express and cors - Streamlit webhook client — built from the
client/directory; communicates with the server over Railway's internal network atwebhook-server.railway.internal - No database or persistent volume required
Deployment Dependencies
- webhook-client-server GitHub repository
- Getting Started with Webhooks: Part 1 — Webhook Servers
- Getting Started with Webhooks: Part 2 — Webhook Clients
Implementation Details
Server endpoints:
| Method | Path | Description |
|---|---|---|
GET | / | Server info and available endpoints |
GET | /health | Health check — returns { "status": "ok" } |
POST | /webhook/:event | Receives webhook for any event name |
Signature verification — set WEBHOOK_SECRET on the server service to enable HMAC-SHA256 verification. The server expects:
X-Webhook-Signature: sha256=
Requests with a missing or invalid signature return 401 Unauthorized. If WEBHOOK_SECRET is not set, all requests are accepted — useful for open testing.
Enabling signatures end-to-end:
- Set
WEBHOOK_SECRETon the server service to a strong random string - Enter the same value in the client's Webhook Secret field before sending
- The client signs the payload automatically; the server verifies it on receipt
Why Deploy Webhooks on Railway?
Railway is a singular platform to deploy your infrastructure stack. Railway will host your infrastructure so you don't have to deal with configuration, while allowing you to vertically and horizontally scale it.
By deploying Webhooks on Railway, you are one step closer to supporting a complete full-stack application with minimal burden. Host your servers, databases, AI agents, and more on Railway.
Template Content
webhook-server
alphasecio/webhook-client-serverwebhook-client
alphasecio/webhook-client-server