The following is a guest post by Przemek Matylla, who created a tool I suspect will be mighty useful for some of you out there. There is a lot of mystery out there in webdev. What value is this variable at this moment in execution? Why is this property being overridden? What’s causing this scrollbar? There is also a mystery with HTTP requests. What data came along for the ride? What metadata? Is everything there (and not there) as I expect? Hopefully, Przemek’s tool can help.

Update September 2018: This service looks dead. Reader Ankit Jain suggested others like Beeceptor, Mockbin, or (self-hosted) RequestBin.

Update November 2018: Przemek wrote to say that the service was offline due to extreme abuse, but now has been re-written and re-launched and is more resiliant to attacks.

When dealing with webhooks, accepting or sending form data, or simply issuing standard HTTP requests, you can find yourself puzzled about what exactly was in the payload. What were the HTTP headers? What exactly happened to your multipart uploads?

Luckily there’s a nifty tool called Hookbin (disclaimer: I created it) that greatly reduces the pain of debugging HTTP requests. Let’s take a quick look at the tool and what we can achieve with it.

What is Hookbin?

Hookbin is a free service which allows you to intercept, parse, and debug HTTP requests of any kind. By offering a volatile unique URL (called an “Endpoint”), it enables you to issue requests against that endpoint and check what exactly has been transmitted. The are numerous possible use cases. To name a few:

Debugging webhooks from external providers, for example payment systems like Stripe or Recurly before going to production

Debugging forms in your applications to help set up controllers properly

Parsing multipart requests (file uploads)

How To Use Hookbin

The first thing you will see when landing on the Hookbin home page is a large button which reads “Create New Endpoint”. Right below, there’s an option called “Make it Private” to create an Endpoint whose results will only be visible in the browser with which you created it (read below on private Endpoints). For now let’s create a standard Endpoint. Click the button and your browser will navigate to your unique Endpoint’s result list.

At the top of a page you’ll see the actual Endpoint URL which you can use within your applications, for example https://hookb.in/voOD1NJ8 . Note that the domain name for Endpoints is different — hookb.in instead of hookbin.com. Hookbin.com is where you view your requests, while hookb.in is used only for Endpoints.

Hookbin keeps each unique Endpoint alive for 7 days from when it’s been created, and allows you to store up to 100 requests per Endpoint. Once an Endpoint hits that limit, the oldest results will be removed to free up space for new ones.

Once we’ve acquired our unique Endpoint URL we can start playing with it. At the bottom of the page you’ll find several examples of POST requests with a JSON payload against that Endpoint in various programming languages.

Let’s start with something super simple: GET requests. Copy your unique Endpoint URL and navigate to it in a new browser tab. Upon a successful request Hookbin will always return 200 OK status code with a JSON {"success": true}

Cool. Now close the tab and go back to Hookbin.com, where you can view your results (refresh the page).

You’ll see the results of that HTTP GET request stored. Let’s see what’s in the request. Every result is broken down into the following easily collapsible sections:

HTTP Headers (Request and Response)

Query String

Body

File Uploads

Cookies

HTTP Headers

The first section gives you the HTTP headers transmitted in the request. What’s unique about Hookbin is that it gives you both the request and the response headers. It is also important to note that Hookbin filters out any headers which might have been added by proxy servers between the origin of a request and the Hookbin servers. That means you will only actually see the headers you have explicitly set in the request, and those transmitted back with a response. No more noise or unknown headers you have not explicitly set.

Query String

It is very common to transmit data as a part of a URL. All query strings appended to the Endpoint URL will be presented here as key-value pairs. To check how it looks simply append a query string to your unique Endpoint URL, for example ?name=john , open that URL in another tab and go back to Hookbin.com.

Body

This section gives you the POST body of a request, beautifully highlighted. It is now 2016 and most services out there send their data in JSON format. Let’s now issue such a request with cURL and see how it looks:

curl -X POST -H "Content-Type: application/json" -d '{"name": "John", "age": 32, "buddies": ["Paul", "Bob", "Adam"]}' https://hookb.in/voOD1NJ8

Hookbin is request-type-agnostic, meaning it will parse and store all kinds of requests: JSON, XML, YAML, multipart or URL-Encoded.

File Uploads

Who doesn’t send files over HTTP nowadays? Let’s now find out how to intercept mutlipart requests (file uploads) with Hookbin. Assuming you have image.jpg in your current working directory you can upload a file with cURL like so:

Hookbin stores all uploads in ephemeral AWS S3 buckets with TTL (Time To Live, or expiration time) set to 7 days from the moment the file has been uploaded. After that time they are automatically and irreversibly deleted. If you don’t feel like waiting a full 7-day cycle, you may delete individual files on demand with a single click.

Please note that Hookbin will parse and save HTTP requests up to 1MB in size — both body and headers. If you send a request that is larger than 1MB, Hookbin will respond with 413 Request Entity Too Large and reject it.

Cookies

Any HTTP cookies transmitted within the request will be presented here as key-value pairs. Want to try it out? Here’s a cURL one-liner:

curl -X GET --cookie "motto=never_gonna_give_you_up" https://hookb.in/voOD1NJ8

Private Endpoints

Remember that checkbox on Hookbin’s homepage when creating a new Endpoint? When checked the Endpoint you create will become “Private” meaning it will only be viewable in the browser you’ve used to create such endpoint. No one else will have access to stored results.

Adding Notes

What good are stored HTTP requests if we can’t add quick notes to each one of them to keep track of changes in our applications? Hookbin allows you to do this. In the top-right corner of each request you will find a button called “Add Note”. That allows you to store up to 1,000 characters of text. You can delete and edit your notes.

Deleting Results

If you don’t need all stored results you can remove individual ones with the red button labeled “Delete Result” at the top-right corner of each result.

Hidden Features

Hookbin offers a wide-open CORS implementation so you can test HTTP requests from within your JS applications

Hookbin supports method overriding

Security connections only — Hookbin offers only SSL-secured Endpoints and scores A+ grade on SSL Labs test

Hookbin runs in a Highly Available setup

Technology

Hookbin is a pair of Node applications. The “Interceptor” behind hookb.in and the Web interface available at hookbin.com. In front of the Node applications there are Nginx servers running, which are used for SSL termination and preliminary validation of requests which are then reverse-proxied to the Node backends. The Web interface app has been written with Angular and all the assets are delivered by a CDN.

Why did we build Hookbin?

Here at Kraken.io we deal with Webhooks every day, delivering hundreds of thousands (sometimes millions) of them around the world to notify applications of completed image resizing and optimization processing. We first developed the service in-house for our own purposes. Once we realised the product was polished and platform-agnostic we decided to spread the love, making it publicly available. We hope you will find it useful!