GitHub Repository Webhooks

This guide covers how to use ngrok to integrate your localhost app with GitHub to allow GitHub to send notifications to your localhost app anytime an event takes place in a GitHub repository.

By integrating ngrok with GitHub, you can:


  1. Launch your local webhook listener.
    npm start
  2. Launch ngrok.
    ngrok http 3000
  3. Configure GitHub webhook with your ngrok URL.

  4. Bonus! Use ngrok like a PRO.

Start your app

For this tutorial, we'll use sample NodeJS app available on GitHub.

To install this sample, run the following commands in a terminal:

git clone
cd ngrok-webhook-nodejs-sample
npm install

This will get the project installed locally.

Now you can launch the app by running the following command:

npm start

The app runs by default on port 3000.

You can validate that the app is up and running by visiting http://localhost:3000. The application logs request headers and body in the terminal and a message in the browser.

Download and Launch ngrok

Once your app is running successfully on localhost, let's get it on the internet securely using ngrok!

  1. If you're not an ngrok user yet, just sign up for a free account
  2. Download the ngrok agent
  3. Go to the ngrok dashboard and copy your authtoken.
    Tip: The ngrok agent uses the authtoken to log into your account when you start a tunnel.
  4. Add the authtoken to your ngrok agent:
    ngrok config add-authtoken [authtoken]
  5. Start ngrok by running the following command:

    ngrok http 3000

  6. ngrok will display a URL where your localhost application is available on the internet (copy this URL for use with GitHub).
    ngrok agent running

Integrate ngrok and GitHub

GitHub can trigger webhook calls to external applications whenever events happen in a repository. To register for such events, follow the instructions below:

  1. Sign in to GitHub.

  2. Select a repository from Your Repository list. Tip: If you don't have a repository, create a new one or fork an existing repository.

  3. In the repository page, click Settings and then select Webhooks from the left menu.

  4. Add a new webhook by clicking Add webhook.

  5. In the Payload URL, use the URL provided by the ngrok agent where your application is available on the internet (i.e., Payload URL

  6. Select the Content type of the data submitted from GitHub to your application as application/json.

  7. Choose which events you would like to trigger this webhook. For this example, select Just the push event.

  8. Make sure your webhook is active, and then click Add webhook.

Run Webhooks with GitHub and ngrok

After you add a webhook to your GitHub repository, GitHub will submit a post request to your application through ngrok.

To review the content of this request on GitHub:

  1. Select the webhook you've just created.

  2. Click the Recent Deliveries tab.

  3. Select the ID of the delivery.

Compare the headers and the body of this delivery with the information received by your application, and then confirm they contain the same data.

Note: Different messages are sent to your application depending on the trigger event you choose.

Because you've selected just the push event in this example, to trigger new calls from GitHub to your application, you need to push content to your GitHub repository. To resend any request, click Redeliver in the Recent Deliveries' tab of your GitHub Manage webhook page.

GitHub Recent Deliveries

Inspecting requests

When you launch the ngrok agent on your local machine, you can see two links: one for the tunnel to your app (it ends up in unless you're using custom domains) and a local URL for the Web Interface (a.k.a Request Inspector).

The Request Inspector shows all the requests made through your ngrok tunnel to your localhost app. When you click on a request, you can see details of both the request and the response.

Seeing requests is an excellent way of validating the data sent to and retrieved by your app via the ngrok tunnel. That alone can save you some time dissecting and logging HTTP request and response headers, methods, bodies, and response codes within your app just to confirm you are getting what you expect.

To inspect GitHub's event requests, launch the ngrok web interface (i.e., and then click one of the requests sent by GitHub.

From the results, review the response body, header, and other details:

ngrok Request Inspector

Replaying requests

The ngrok Request Inspector provides a replay function that you can use to test your code without retriggering new events from GitHub. To replay a request:

  1. In the ngrok inspection interface (i.e., http://localhost:4040), select a request from GitHub.

  2. Click Replay to execute the same request to your application or select Replay with modifications to modify the content of the original request before sending the request.

  3. If you choose to Replay with modifications, you can modify any content from the original request. Optionally, modify the request header with different content. For example, modify the X-Github-Event header with the value MyCustomPush.

  4. If you choose to Replay with modifications, you can modify any content from the original request. For example, you can modify the X-Github-Event header field with the value MyCustomPush.

  5. Click Replay.

Verify that your local application receives the request and logs the corresponding information to the terminal.

Add additional security using ngrok signature webhook verification

The ngrok signature webhook verification feature allows ngrok to assert that requests from your GitHub webhook are the only traffic allowed to make calls to your localhost app.

Note: This ngrok feature requires a Pro or Enterprise license.

This is a quick step to add extra protection to your application.

  1. In the Add webhook page, provide a value to the Secret field.

  2. Restart your ngrok agent by running the command, replacing {your secret} with your Secret from GitHub:

    ngrok http 3000 --verify-webhook github --verify-webhook-secret {your secret}

  3. Resend one of the messages from your GitHub webhook.

Verify that your local application receives the request and logs information to the terminal.