Payloader launched today. It’s a webhook inspection and debugging platform that captures incoming requests, identifies the platform that sent them, and gives you a human-readable view of what actually arrived. You can replay any request to any URL, forward webhooks to your local environment, verify HMAC signatures, and get notified when something lands. It’s at payloader.dev.
This is how we got here.
The Problem
Every time we build a new product — StatementPro, SettleBooks, Abner, the rest — we’re integrating with third-party webhooks within the first week. Stripe fires events when subscriptions change. GitHub fires events when pull requests merge. Shopify fires events when orders come in. The list is long.
The debugging loop for webhooks is miserable. Something fires, your handler does something unexpected, and you’re trying to figure out what actually arrived. Did the payload have the fields you expected? Was the signature header present? Did your handler even receive the request? You’re piecing together logs, re-reading documentation, and manually constructing curl commands to test edge cases.
Tools like ngrok exist to expose local ports, and they have a web inspector that helps. But they’re tunnel tools first and don’t give you persistent storage, platform-specific parsing, or any real structure around managing endpoints over time. What we wanted was a dedicated place to manage webhook endpoints, see what’s coming in, understand it immediately, and replay requests without jumping between tools.
What Payloader Does
You create an endpoint in Payloader and get a unique URL. Point any webhook-sending service at that URL. Every request that arrives is captured in full: headers, body, method, remote IP, timestamp. Nothing is discarded.
Platform detection runs on every request. Payloader recognizes Stripe, GitHub, Shopify, Slack, HubSpot, Intercom, Linear, SendGrid, Twilio, Datadog, PagerDuty, Square, Segment, Braintree, Paddle, Zendesk, Vercel, AWS SNS, and others. When it identifies the platform, it extracts the event type and builds a plain-English summary. A Stripe payment_intent.succeeded event shows up as “Payment of $49.00 succeeded for [email protected]” instead of a wall of JSON. For platforms we don’t recognize natively, Team and Business plans can enable AI-powered analysis that attempts to make sense of the payload.
Replay lets you resend any captured request to any target URL. This matters more than it sounds. When you’re debugging a handler and you fix a bug, you don’t want to wait for the external service to fire again or manually construct a test payload. You pull up the real request that caused the problem and send it again.
Forwarding turns an endpoint into a proxy. Set a forwarding URL, and incoming requests get relayed to your target automatically. Two modes: async (Payloader responds 200 immediately and retries on failure) and passthrough (the full response from your server comes back to the sender). Useful for routing production webhooks to a staging environment while maintaining visibility.
HMAC signature verification is available on the Business plan. Add your signing secret, specify the header and algorithm, and Payloader verifies the signature on every incoming request. You can see immediately whether a request was signed correctly, which is useful when you’re debugging signature mismatch errors without having to trace through your own verification code.
Notifications send to email, Slack, or Discord when requests arrive. You can filter by platform or event type, so you only get notified about the events that matter for a given endpoint.
Retention is 90 days on Developer, 365 days on Team, and unlimited on Business.
Technical Decisions
Payloader has three main pieces: a Django application, a Go-based receiver service, and a CLI.
The receiver is written in Go and sits in front of the database. It handles all inbound webhook traffic: parsing headers and bodies, writing requests to the database, and pushing events to Redis for downstream processing. It’s stateless and fast. Django never touches inbound webhook requests directly. The reason for the split is throughput and reliability: Go handles the write-heavy ingest path without the overhead of the Python runtime, and the receiver can scale independently of the application.
Django handles everything else: user accounts, workspaces, the dashboard, API endpoints, billing. It’s where all the application logic lives. Celery workers run platform detection and notification delivery asynchronously so the receiver’s response time isn’t tied to those operations.
Platform detection is a registry of detectors, one per platform. Each detector has a detect() method that looks at the headers and body to determine whether it recognizes the request, and an analyze() method that extracts the event type, summary, and key fields if it does. Adding a new platform is a matter of writing a small class and registering it. There’s no ML involved; detection is rule-based and deterministic.
The CLI is a Go binary that talks to the Payloader API. payloader endpoints list shows your endpoints. payloader requests list <slug> shows recent requests. payloader requests replay <id> --url https://... replays a specific request. It’s useful in a terminal-first workflow where you’d rather not switch to a browser to check what came in.
Forwarding has two modes by design. Async mode is the right default: Payloader acknowledges the incoming request immediately with a 200, then relays it to your server. If your server is down or slow, the sender doesn’t know. Payloader queues retries. Passthrough mode makes Payloader wait for your server’s response and return it to the sender, which is useful when the sender cares about the response body.
Plans
Developer: 1 user, up to 10 endpoints, 90-day request history. Team: up to 5 users, up to 20 endpoints, 365-day history, AI intelligence. Business: unlimited users, unlimited endpoints, unlimited history, HMAC verification, full AI intelligence, priority support.
All plans start with a 14-day free trial.
Try It
Payloader is live at payloader.dev. Create an endpoint, point a webhook at it, and you’ll see what arrives within seconds.
Questions? [email protected].