Skip to main content

Webhook Testing

Dashboard Testing

The easiest way to test your webhooks is directly from the DeePsy dashboard.

Built-in Test Feature

Once your webhook is created and authorized, you can test it directly from the dashboard:

  1. Go to your webhook settings at deepsy.fr/dashboard/user/webhooks
  2. Click on your webhook
  3. Use the test feature to send sample events
  4. View both the request payload and your server's response

The test feature uses real data when available, falling back to realistic fake data when needed. This gives you a true representation of what your webhook will receive in production.

Local Development Setup

Making Your Local Server Accessible

For development and testing, you need to expose your local server to the internet. See our Setup Guide for detailed instructions on using ngrok, serveo, or other tunneling solutions.

Test Webhook Server

You can use the webhook servers from our Setup Guide for testing. They're designed to log all incoming requests and responses, making debugging easy.

Alternatively, here's a simple test server:

const express = require('express');
const app = express();

// Use raw body parser for signature verification
app.use('/webhooks/deepsy', express.raw({type: 'application/json'}));

app.post('/webhooks/deepsy', (req, res) => {
    console.log('=== Webhook Received ===');
    console.log('Headers:', req.headers);
    console.log('Raw Body:', req.body.toString());

    try {
        const event = JSON.parse(req.body);
        console.log('Parsed Event:', JSON.stringify(event, null, 2));
    } catch (e) {
        console.log('Failed to parse JSON:', e.message);
    }

    console.log('========================');

    // Always respond with 200
    res.status(200).send('OK');
});

// Health check endpoint
app.get('/health', (req, res) => {
    res.status(200).json({
        status: 'ok',
        timestamp: new Date().toISOString()
    });
});

const port = process.env.PORT || 1234;
app.listen(port, () => {
    console.log(`Test webhook server running on port ${port}`);
});

API Testing

Built-in Test Endpoint

DeePsy provides a test endpoint to send sample events to your webhook:

curl -X POST "https://deepsy.fr/api/v1/webhooks/{webhook_id}/test-with-real-data" \
  -H "Authorization: Bearer deepsy-dev-your-api-key-here" \
  -H "Content-Type: application/json" \
  -d '{
    "event_type": "candidate.test_completed",
    "company_id": "company-uuid"
  }'

Testing Different Event Types

Test various event types to ensure your webhook handles them correctly:

# Test email events
curl -X POST "https://deepsy.fr/api/v1/webhooks/{webhook_id}/test-with-real-data" \
  -H "Authorization: Bearer deepsy-dev-your-api-key-here" \
  -H "Content-Type: application/json" \
  -d '{"event_type": "email.delivered", "company_id": "company-uuid"}'

# Test campaign events
curl -X POST "https://deepsy.fr/api/v1/webhooks/{webhook_id}/test-with-real-data" \
  -H "Authorization: Bearer deepsy-dev-your-api-key-here" \
  -H "Content-Type: application/json" \
  -d '{"event_type": "campaign.created", "company_id": "company-uuid"}'

# Test candidate events
curl -X POST "https://deepsy.fr/api/v1/webhooks/{webhook_id}/test-with-real-data" \
  -H "Authorization: Bearer deepsy-dev-your-api-key-here" \
  -H "Content-Type: application/json" \
  -d '{"event_type": "candidate.evaluation_completed", "company_id": "company-uuid"}'

Automated Testing

Unit Tests for Webhook Handlers

const { expect } = require('chai');
const { verifyWebhookSignature, processWebhookEvent } = require('./webhook-handler');

describe('Webhook Handler', () => {
    describe('Signature Verification', () => {
        it('should verify valid signatures', () => {
            const payload = '{"event":"test"}';
            const secret = 'whsec_test123';
            const signature = createTestSignature(payload, secret);

            expect(verifyWebhookSignature(payload, signature, secret)).to.be.true;
        });

        it('should reject invalid signatures', () => {
            const payload = '{"event":"test"}';
            const secret = 'whsec_test123';
            const invalidSignature = 'sha256=invalid';

            expect(verifyWebhookSignature(payload, invalidSignature, secret)).to.be.false;
        });
    });

    describe('Event Processing', () => {
        it('should process candidate.test_completed events', () => {
            const event = {
                event: 'candidate.test_completed',
                company_id: 'test-company',
                data: {
                    candidate_id: 'test-candidate',
                    campaign_id: 'test-campaign',
                    raw_score: 85.5
                }
            };

            const result = processWebhookEvent(event);
            expect(result.processed).to.be.true;
            expect(result.event).to.equal('candidate.test_completed');
        });
    });
});

function createTestSignature(payload, secret) {
    const crypto = require('crypto');
    const hash = crypto.createHmac('sha256', secret).update(payload).digest('hex');
    return `sha256=${hash}`;
}

Integration Tests

const request = require('supertest');
const app = require('./app');

describe('Webhook Endpoint Integration', () => {
    it('should accept valid webhook requests', async () => {
        const payload = {
            event: 'candidate.test_completed',
            company_id: 'test-company',
            timestamp: new Date().toISOString(),
            data: {
                candidate_id: 'test-candidate'
            }
        };

        const response = await request(app)
            .post('/webhooks/deepsy')
            .send(payload)
            .set('Content-Type', 'application/json')
            .set('X-Webhook-Signature', createValidSignature(payload));

        expect(response.status).toBe(200);
    });

    it('should reject requests with invalid signatures', async () => {
        const payload = { event: 'test' };

        const response = await request(app)
            .post('/webhooks/deepsy')
            .send(payload)
            .set('Content-Type', 'application/json')
            .set('X-Webhook-Signature', 'invalid-signature');

        expect(response.status).toBe(401);
    });
});

Testing Tools and Services

Webhook Testing Services

ngrok.com

Paid service for exposing local servers to the internet, we already talked about it in the Setup Guide.

serveo.net

Free alternative to ngrok, though it can be unstable. We also mentioned it in the Setup Guide.

webhook.site

Free service for testing webhooks:

  1. Visit webhook.site
  2. Copy the unique URL provided
  3. Use this URL as your webhook endpoint during testing
  4. View received requests in real-time

RequestBin

We haven't test it ourselves, but it seems like another webhook testing service:

  1. Visit requestbin.com
  2. Create a new bin
  3. Use the bin URL for webhook testing

Debug Logging

Add comprehensive logging to your webhook handler:

const debug = require('debug')('webhook');

app.post('/webhooks/deepsy', (req, res) => {
    debug('Received webhook request');
    debug('Headers: %O', req.headers);
    debug('Body: %O', req.body);

    try {
        const isValid = verifySignature(req.body, req.headers['x-webhook-signature']);
        debug('Signature valid: %s', isValid);

        if (!isValid) {
            debug('Signature verification failed');
            return res.status(401).send('Unauthorized');
        }

        processWebhookEvent(req.body);
        debug('Event processed successfully');
        res.status(200).send('OK');
    } catch (error) {
        debug('Error processing webhook: %O', error);
        res.status(500).send('Error');
    }
});

Production Monitoring

For production webhook monitoring and troubleshooting common issues, see our dedicated Troubleshooting Guide.

Next Steps

Now that you know how to test webhooks:

Need Help?

If you encounter issues during testing: