Agent402 / tools / skill-webhook-debug

Skill: Webhook debug

FREE with proof-of-work · or $0.050 in USDC · POST /api/skill/webhook-debug

Bundled execution of the Webhook debug workflow — A webhook hit your endpoint and you need to confirm it's authentic, valid, and safe to log. Pretty-print the payload, decode any JWT auth header, verify the HMAC signature against the raw body, schema-validate the parsed JSON, translate timestamps to human time, redact sensitive fields before they hit your log pipeline, and pull out URLs/emails/IPs for fast indexing. Seven pure-CPU tools — the canonical webhook-receiver debugging round-trip. One x402 payment runs 7 underlying tools (json-format, jwt-decode, hmac, json-validate, time-convert, redact, extract-entities); partial-success per step.

Input

FieldTypeDescription
rawBody *stringthe raw webhook body as received on the wire (single-line JSON string)
signingSecret *stringthe shared webhook signing secret from the provider dashboard

Example output

{
  "pack": "webhook-debug",
  "args": {
    "rawBody": "{\"id\":\"evt_3O2eYxL5d8\",\"type\":\"checkout.session.completed\",\"created\":1750982400,\"data\":{\"object\":{\"id\":\"cs_test_a1b2c3\",\"customer_email\":\"alice@example.com\",\"amount_total\":4999,\"client_ip\":\"203.0.113.42\",\"success_url\":\"https://app.example.com/orders/cs_test_a1b2c3\"}}}",
    "signingSecret": "whsec_demo_secret_do_not_use"
  },
  "steps": [
    {
      "slug": "json-format",
      "ok": true,
      "result": {}
    },
    {
      "slug": "jwt-decode",
      "ok": true,
      "result": {}
    },
    {
      "slug": "hmac",
      "ok": true,
      "result": {}
    },
    {
      "slug": "json-validate",
      "ok": true,
      "result": {}
    },
    {
      "slug": "time-convert",
      "ok": true,
      "result": {}
    },
    {
      "slug": "redact",
      "ok": true,
      "result": {}
    },
    {
      "slug": "extract-entities",
      "ok": true,
      "result": {}
    }
  ],
  "summary": "7/7 steps succeeded"
}

Try it — see the 402 challenge (free)

curl -i -X POST https://agent402.tools/api/skill/webhook-debug \
  -H "Content-Type: application/json" \
  -d '{"rawBody":"{\"id\":\"evt_3O2eYxL5d8\",\"type\":\"checkout.session.completed\",\"created\":1750982400,\"data\":{\"object\":{\"id\":\"cs_test_a1b2c3\",\"customer_email\":\"alice@example.com\",\"amount_total\":4999,\"client_ip\":\"203.0.113.42\",\"success_url\":\"https://app.example.com/orders/cs_test_a1b2c3\"}}}","signingSecret":"whsec_demo_secret_do_not_use"}'

The response is HTTP 402 Payment Required with exact payment requirements. Any x402 v2 client pays automatically and retries:

Paid call (JavaScript agent)

import { wrapFetchWithPayment } from "@x402/fetch";
import { x402Client } from "@x402/core/client";
import { registerExactEvmScheme } from "@x402/evm/exact/client";
import { privateKeyToAccount } from "viem/accounts";

const client = new x402Client();
registerExactEvmScheme(client, { signer: privateKeyToAccount(KEY) });
const payFetch = wrapFetchWithPayment(fetch, client);

const res = await payFetch("https://agent402.tools/api/skill/webhook-debug", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    "rawBody": "{\"id\":\"evt_3O2eYxL5d8\",\"type\":\"checkout.session.completed\",\"created\":1750982400,\"data\":{\"object\":{\"id\":\"cs_test_a1b2c3\",\"customer_email\":\"alice@example.com\",\"amount_total\":4999,\"client_ip\":\"203.0.113.42\",\"success_url\":\"https://app.example.com/orders/cs_test_a1b2c3\"}}}",
    "signingSecret": "whsec_demo_secret_do_not_use"
  }),
});

No wallet? Pay with compute

This is a pure-CPU tool, so an agent without a wallet can pay with proof-of-work instead of USDC: fetch a challenge, solve the sha256 puzzle (16 leading zero bits — a fraction of a second of CPU, no money, no AI tokens), and resend with the X-Pow-Solution header.

import { createHash } from "node:crypto";
const lz = (b) => { let t = 0; for (const x of b) { if (!x) { t += 8; continue; } t += Math.clz32(x) - 24; break; } return t; };
const c = await (await fetch("https://agent402.tools/api/pow/challenge?slug=skill-webhook-debug")).json();
let n = 0;
while (lz(createHash("sha256").update(c.challenge + ":" + n).digest()) < c.difficulty) n++;
await fetch("https://agent402.tools/api/skill/webhook-debug", { method: "POST", headers: { "X-Pow-Solution": c.token + ":" + n, "Content-Type": "application/json" }, body: JSON.stringify({"rawBody":"{\"id\":\"evt_3O2eYxL5d8\",\"type\":\"checkout.session.completed\",\"created\":1750982400,\"data\":{\"object\":{\"id\":\"cs_test_a1b2c3\",\"customer_email\":\"alice@example.com\",\"amount_total\":4999,\"client_ip\":\"203.0.113.42\",\"success_url\":\"https://app.example.com/orders/cs_test_a1b2c3\"}}}","signingSecret":"whsec_demo_secret_do_not_use"}) });

Related tools

Skill: Security audit

USDC $0.12 · POST /api/skill/security-audit

Bundled execution of the Security audit workflow — Enumerate a domain's external attack surface in one workflow: certs, …

Skill: Email deliverability

USDC $0.10 · POST /api/skill/email-deliverability

Bundled execution of the Email deliverability workflow — Diagnose why a domain's email lands in spam: SPF posture, DMARC…

Skill: Financial research

USDC $1.50 · POST /api/skill/financial-research

Bundled execution of the Financial research workflow — Pull SEC filings, real-time quotes, historical prices, and macro …