I had an unusual problem yesterday, where I needed to configure a third-party service to send status updates to our application. The third-party service accepts a URL of my choosing, to which it'll post some set of data about the update. This is often referred to as a "web hook" and is a very common practice.
The problem was that their documentation about what data they were sending was incomplete. So how do you know what to expect in that case? You could write code that accepts anything and then refactor it later, but that's a lot of wasted effort - and I had no idea if it was posting values in the querystring, the headers, or using a JSON body, or a
x-www-form-urlencoded body, or something else entirely.
A little bit of searching for solutions turned up some sites that solve this problem (I should've figured). You use them as the URL for your web hook, and they'll just take whatever's thrown their way and display the results to you - then you know exactly what the response will be.
Okay, Hookbin is the only free one I found that is easy to setup and works reliably. I mean, everything else I found either periodically goes down or is dead, so the bar was low, but this one really is nice.
Select the "Make it Private" box (unless you know it's something you'd like to share) and press "Create New Endpoint". That generates a new "Hookbin Endpoint", which is just a randomly generated URL for you to use as a webhook.
Here I used one with the third-party service. It ends up they're sending a
x-www-form-urlencoded body, so the body contains a bunch of key/value pairs (i.e. Called, ToState, Direction, etc).
- Public endpoints can be viewed by anyone with a link.
- Private endpoints are only viewable from the browser used to create them.
- Each endpoint stores 100 results; older results are deleted.
- Each endpoint is kept active and accessible for 7 days from creation, then deleted.
- Third party vendors/hosts provide the infrastructure to run Hookbin.
The limitations are clearly spelled out, as well as the fact that the maintainer of this tool uses other services to support it. In general, I'd still suggest using this only for testing (not production).
RequestBin was actually the first one I came across, but unfortunately it's very flaky, frequently showing an "Application error" message; it seems to go down a lot. When it's working though, it's good.
Just select the "Private" checkbox and click "Create a RequestBin". You'll be given a randomly generated URL, similar to Hookbin, which you can use - something like:
Here I sent it a few sample
POSTS from Postman - a JSON body, some querystring parameters, and an
x-www-form-urlencoded body, respectively.
Nice and easy to read.. when it's working. :p
I really wanted to like this one - it was so easy to setup. And it looks like it has worked with great success, in the past.. on and off... somewhat recently.
You should be able to click the green "Create Bin" button, then the blue "Create Bin" button (leave everything empty), and then copy the URL (basically a GUID) that's in your browser and post to it.
Unfortunately it's been down for months and no one's responded, so this one may be dead. Someone posted their bin from when the site was working, so you can see what it's supposed to look like. It's opensourced on GitHub - feel free to take a stab at fixing it. ;p
Even when it is working, there's nothing in their docs about how long they hold on to the requests they intercept, or what they might do with the data.
There are quite a few other sites too, but unfortunately many of them have problems. RequestBin is undependable, HTTP Responder throws a 500 "internal application error", and APICombo won't even load (site can't be reached).
I found a nice looking one called Runscope, but their most basic option is $79/month, out of my price-range. But the fact that they charge for their service hopefully it means it's always available when you need it, and they probably provide a wider array of features too. There's another free one called WebHook but I couldn't find anything about it, or its terms and policies, or about the company Quantisle that owns it, so I didn't even try it.
Speaking of which, always check for privacy policies and terms of service. Be aware of what data they're intercepting, and stick to using them for testing purposes - unless it's a service that guarantees privacy and control over your data. Don't post things like API keys and auth tokens and passwords, or customer data that you don't want to share, or anything that should be kept confidential!