Skip to main content
This guide walks you through using ngrok to receive HostedHooks webhooks on your localhost app. By integrating ngrok with HostedHooks, you can:
  • Develop and test HostedHooks webhooks locally without deploying to a public environment or setting up HTTPS.
  • Inspect and troubleshoot requests from HostedHooks in real time via the inspection UI and API.
  • Modify and replay HostedHooks webhook requests with a single click instead of reproducing events manually in your HostedHooks account.
  • Secure your app with HostedHooks webhook validation provided by ngrok. Invalid requests are blocked by ngrok before reaching your app.

What you’ll need

1. Start your app

For this tutorial, you can use the sample Node.js app on GitHub. To install the sample, run the following in a terminal: 
git clone https://github.com/ngrok/ngrok-webhook-nodejs-sample.git
cd ngrok-webhook-nodejs-sample
npm install
Then start the app: 
npm start
The app runs on port 3000 by default. You can confirm it’s running by visiting http://localhost:3000. The app logs request headers and body in the terminal and shows a message in the browser.

2. Expose your app with ngrok

Once your app is running locally, you’re ready to put it online securely using ngrok.
The ngrok agent uses your authtoken to authenticate when you start a tunnel.
  • Start ngrok: 
    ngrok http 3000
  • Copy the URL ngrok displays. Your app is now exposed at that URL for use with HostedHooks.

3. Configure HostedHooks to send webhooks

HostedHooks can send webhook requests to your app when events occur in your account. To register for those events:
  • Sign in to HostedHooks.
  • Click Apps and then Setup New App.
  • On Setup Your Application, enter a name in App Name (for example, My App) and click Save App.
  • On the app page, click Create Your Webhook Event (Step 1), enter an event type in Event Type (for example, myapp.event), and click Save Webhook Event.
  • Click Create your first Subscriber (Step 2), enter a name in Subscription Name (for example, My Localhost App), and click Save Subscription.
  • On the subscription page, click + New Endpoint.
  • On New Endpoint, enter your ngrok URL in Webhook URL (for example, https://1a2b-3c4d-5e6f-7g8h-9i0j.ngrok.app), enter 1.0 in Version, enter a description (for example, ngrok), and click Save Endpoint.
  • Go back to the app page and click Subscribe to a webhook event (Step 4).
  • On Details, select your event in Subscribed Events and click Add Event.
  • Go back to the app page and click Send a test webhook message.
Confirm your localhost app receives the event and logs both headers and body in the terminal.

Run webhooks with HostedHooks and ngrok

When you POST to the HostedHooks message endpoint with an event type in the body, HostedHooks routes the message to your app via your ngrok URL. To trigger a call:
  • Run the following (replace APP_ID with your app ID from the HostedHooks app page and API_KEY with your API Key from Settings): 
    curl --request POST --url https://hostedhooks.com/api/v1/apps/APP_ID/messages \
--header 'Authorization: Bearer API_KEY' \
--header 'Content-Type: application/json' --data '{
    "data": {"foo": "bar"},
    "event_type": "myapp.event",
    "version": "1.0",
    "event_id": "00001"
}'
Confirm your localhost app receives the event and logs both headers and body in the terminal. You can verify messages in the HostedHooks Dashboard under Apps, your app, and the Inbound Messages section.

Inspecting requests

ngrok’s Traffic Inspector captures all requests made through your ngrok endpoint to your localhost app. Select any request to view detailed information about both the request and response.
To avoid exposing secrets, accounts only collect traffic metadata by default. You must enable full capture in the Observability section of your account settings to capture complete request and response data.
Use the traffic inspector to:
  • Validate webhook payloads and response data
  • Debug request headers, methods, and status codes
  • Troubleshoot integration issues without adding logging to your app

Replaying requests

Test your webhook handling code without triggering new events from your service using the Traffic Inspector’s replay feature:
  1. Send a test webhook from your service to generate traffic in your Traffic Inspector.
  2. Select the request you want to replay in the traffic inspector.
  3. Choose your replay option:
    • Click Replay to send the exact same request again
    • Select Replay with modifications to edit the request before sending
  4. (Optional) Modify the request: Edit any part of the original request, such as changing field values in the request body.
  5. Send the request by clicking Replay.
Your local application will receive the replayed request and log the data to the terminal.

Secure webhook requests

ngrok can verify that incoming requests are from your HostedHooks webhook so only that traffic reaches your app.
Webhook verification is limited to 500 validations per month on free accounts. If you need more, you can upgrade to Hobbyist or Pay-as-you-go. See TPU Pricing for details.
To add verification:
  • In the HostedHooks Dashboard, go to Apps and click your app.
  • In Subscribers, click View, then View in Endpoints.
  • On the Endpoint page, click Reveal next to Signing Secret and copy the value.
  • Create a Traffic Policy file named hostedhooks_policy.yml. Replace {app sign secret} with the value you copied: 
    on_http_request:
  - actions:
      - type: verify-webhook
        config:
          provider: hostedhooks
          secret: "{app sign secret}"
  • Restart ngrok with the policy file: 
    ngrok http 3000 --traffic-policy-file hostedhooks_policy.yml
  • Post a new message to the HostedHooks message endpoint (use a unique event_id in the JSON body).
Your app should receive the request and log it in the terminal.