- Develop and test CircleCI webhooks locally without deploying to a public environment or setting up HTTPS.
- Inspect and troubleshoot requests from CircleCI in real time via the inspection UI and API.
- Modify and replay CircleCI webhook requests with a single click instead of reproducing events manually in your CircleCI account.
- Secure your app with CircleCI webhook validation provided by ngrok. Invalid requests are blocked by ngrok before reaching your app.
What you’ll need
- An ngrok account and your authtoken.
- The ngrok agent installed.
- Node.js installed (for the sample app, or use your own app).
- A CircleCI account.
1. Start your app
For this tutorial, you can use the sample Node.js app on GitHub. To install the sample, run the following in a terminal:http://localhost:3000.
The app logs request headers and body in the terminal and shows a message in the browser.
2. Expose your app with ngrok
Once your app is running locally, you’re ready to put it online securely using ngrok.- Copy your ngrok authtoken from the dashboard.
-
Start ngrok:
- Copy the URL ngrok displays. Your app is now exposed at that URL for use with CircleCI.
3. Configure CircleCI to send webhooks
CircleCI can send webhook requests to your app when events occur in your account. To register for those events:- Sign in to CircleCI.
- On the All Pipelines page, click the name of your pipeline.
If you don’t have a pipeline, create a new one.
- On your pipeline page, click Project Settings and then Webhooks in the left menu.
- On the Webhooks page, click Add Webhook.
- On the Add Webhook page, enter a name in Webhook name, enter your ngrok URL in Receiver URL (for example,
https://1a2b-3c4d-5e6f-7g8h-9i0j.ngrok.app), enter a value in Secret token (for example,MySecretToken), check Workflow Completed and Job Completed under Events, and click Add Webhook. - On the Webhooks page, click your webhook and then click Test Ping Event.
Run webhooks with CircleCI and ngrok
CircleCI sends different request body contents depending on the event. To trigger new calls from CircleCI to your app:- On the Pipeline page, click Rerun workflow from start under the Action column for your pipeline.
If you’re on Project Settings, click < at the top left to return to your pipeline page.
Inspecting requests
ngrok’s Traffic Inspector captures all requests made through your ngrok endpoint to your localhost app. Select any request to view detailed information about both the request and response.To avoid exposing secrets, accounts only collect traffic metadata by default.
You must enable full capture in the Observability section of your account settings to capture complete request and response data.
- Validate webhook payloads and response data
- Debug request headers, methods, and status codes
- Troubleshoot integration issues without adding logging to your app
Replaying requests
Test your webhook handling code without triggering new events from your service using the Traffic Inspector’s replay feature:- Send a test webhook from your service to generate traffic in your Traffic Inspector.
- Select the request you want to replay in the traffic inspector.
-
Choose your replay option:
- Click Replay to send the exact same request again
- Select Replay with modifications to edit the request before sending
- (Optional) Modify the request: Edit any part of the original request, such as changing field values in the request body.
- Send the request by clicking Replay.
Secure webhook requests
ngrok can verify that incoming requests are from your CircleCI webhook so only that traffic reaches your app.Webhook verification is limited to 500 validations per month on free accounts.
If you need more, you can upgrade to Hobbyist or Pay-as-you-go.
See TPU Pricing for details.
-
Create a Traffic Policy file named
circleci_policy.yml. Replace{your secret token}with the value you entered in Secret token when you registered the webhook: -
Restart ngrok with the policy file:
- Rerun your workflow from start in CircleCI to trigger the webhook.