Skip to main content

GitHub Repository Webhooks

This guide covers how to use ngrok to integrate your localhost app with GitHub to allow GitHub to send notifications to your localhost app anytime an event takes place in a GitHub repository.

By integrating ngrok with GitHub, you can:

  • Develop and test GitHub webhooks locally, eliminating the time in deploying your development code to a public environment and setting it up in HTTPS.
  • Inspect and troubleshoot requests from GitHub in real-time via the inspection UI and API
  • Modify and Replay GitHub Webhook requests with a single click and without spending time reproducing events manually in GitHub
  • Secure your app with GitHub webhook validation provided by ngrok. Invalid requests are blocked by ngrok before reaching your app

Step 1: Start your app

For this tutorial, we'll use sample NodeJS app available on GitHub.

To install this sample, run the following commands in a terminal:

Loading…

This will get the project installed locally.

Now you can launch the app by running the following command:

Loading…

The app runs by default on port 3000.

You can validate that the app is up and running by visiting http://localhost:3000. The application logs request headers and body in the terminal and a message in the browser.

Step 2: Launch ngrok

Once your app is running successfully on localhost, let's get it on the internet securely using ngrok!

  1. If you're not an ngrok user yet, just sign up for ngrok for free.

  2. Download the ngrok agent.

  3. Go to the ngrok dashboard and copy your Authtoken.
    Tip: The ngrok agent uses the auth token to log into your account when you start a tunnel.

  4. Start ngrok by running the following command:

    Loading…
  5. ngrok will display a URL where your localhost application is exposed to the internet (copy this URL for use with GitHub). ngrok agent running

Step 3: Integrate GitHub

GitHub can trigger webhook calls to external applications whenever events happen in a repository. To register for such events, follow the instructions below:

  1. Sign in to GitHub.

  2. Select a repository from Your Repository list. Tip: If you don't have a repository, create a new empty one.

  3. In the repository page, click Settings and then select Webhooks from the left menu.

  4. Add a new webhook by clicking Add webhook.

  5. In the Payload URL, use the URL provided by the ngrok agent to expose your application to the internet (i.e., https://1a2b-3c4d-5e6f-7g8h-9i0j.ngrok.app). Payload URL

  6. Select the Content type of the data submitted from GitHub to your application as application/json.

  7. Choose which events you would like to trigger this webhook. For this example, select Just the push event.

  8. Make sure your webhook is active, and then click Add webhook.

Run Webhooks with GitHub and ngrok

After you add a webhook to your GitHub repository, GitHub will submit a post request to your application through ngrok.

To review the content of this request on GitHub:

  1. Select the webhook you've just created.

  2. Click the Recent Deliveries tab.

  3. Select the ID of the delivery.

Compare the headers and the body of this delivery with the information received by your application, and then confirm they contain the same data.

Note: Different messages are sent to your application depending on the trigger event you choose.

Because you've selected Just the push event in this example, to trigger new calls from GitHub to your application, you need to push content to your GitHub repository. To resend any request, click Redeliver in the Recent Deliveries' tab of your GitHub Manage webhook page.

GitHub Recent Deliveries

Inspecting requests

ngrok's Traffic Inspector captures all requests made through your ngrok endpoint to your localhost app. Click on any request to view detailed information about both the request and response.

info

By default, accounts only collect traffic metadata to avoid exposing secrets. You must enable full capture in the Observability section of your account settings to capture complete request and response data.

Use the traffic inspector to:

  • Validate webhook payloads and response data
  • Debug request headers, methods, and status codes
  • Troubleshoot integration issues without adding logging to your app

Replaying requests

Test your webhook handling code without triggering new events from your service using the Traffic Inspector's replay feature:

  1. Send a test webhook from your service to generate traffic in your Traffic Inspector.

  2. Select the request you want to replay in the traffic inspector.

  3. Choose your replay option:

    • Click Replay to send the exact same request again
    • Select Replay with modifications to edit the request before sending
  4. Modify the request (optional): Edit any part of the original request, such as changing field values in the request body.

  5. Send the request by clicking Replay.

Your local application will receive the replayed request and log the data to the terminal.

Secure webhook requests

The ngrok signature webhook verification feature allows ngrok to assert that requests from your GitHub webhook are the only traffic allowed to make calls to your localhost app.

Note: This ngrok feature is limited to 500 validations per month on free ngrok accounts. For unlimited, upgrade to Pro or Enterprise.

This is a quick step to add extra protection to your application.

  1. Create a file named github_policy.yml, replacing {your secret} with your Secret from GitHub:

    Loading…
  2. Restart your ngrok agent by running the command:

    Loading…
  3. Resend one of the messages from your GitHub webhook.

Verify that your local application receives the request and logs information to the terminal.