Guide
~8 min read

HookRelay: A Modern RequestBin Alternative for Webhook Debugging

A complete, step-by-step walkthrough of using HookRelay in place of RequestBin — ephemeral inspector URLs, real-time payload streaming, parallel fan-out to multiple downstream targets, and a progressive web app you can install on iOS and Android in a single tap.

Why developers replace RequestBin

RequestBin popularized the idea of a disposable HTTPS endpoint you could point a webhook at and inspect the raw payload. The original open-source project has been deprecated for years, the hosted successor moved behind a paid tier, and most of the community forks stop at "show me the request" — they don't help you stage payloads against your real services, they don't fan out, and they don't ship updates in real time.

HookRelay was built to close that gap. Every endpoint is ephemeral, every request is streamed live to the inspector over a WebSocket, and every endpoint can forward to one or many downstream URLs in parallel — so "debugging a webhook" and "load-testing my staging environment" use the same tool.

How HookRelay differs

Ephemeral by design
Endpoints live as long as you need them; logs auto-delete after 24 hours. No cleanup, no orphaned data, no leaked secrets sitting in a bin from last quarter.
Real-time log stream
Every request appears in the inspector the moment it lands — no polling, no refresh. Built on a Realtime channel so latency is measured in tens of milliseconds.
Fan-out & load balancing
Add one target or fifty. Incoming requests are forwarded in parallel with retries and exponential backoff, then every result is logged so you can see exactly which target accepted what.
Safe-by-default relay
Targets must be HTTPS. Loopback, private, link-local, and cloud-metadata addresses are blocked at the relay so a misconfigured endpoint can't be turned into an SSRF gadget.
1

Create an endpoint

Sign in, open the dashboard, and click Create endpoint. Give it a name you'll recognize in two days when you come back to it — "Stripe webhook test", "Shopify orders/create", "GitHub PR sync". You can create as many endpoints as you want; each one is isolated and gets its own relay URL.

The endpoint name is local to your account. It never leaves your inspector — providers only ever see the opaque relay URL.
2

Copy the relay URL

The dashboard shows the public relay URL next to each endpoint. Tap the copy icon and you're done. The URL looks like:

https://hookrelay.lovable.app/relay/<endpoint-id>

Anything that can hit an HTTPS URL — Stripe, GitHub, Shopify, Twilio, Linear, Slack, a Postman runner, a curl one-liner — can send to it.

3

Point a provider (or curl) at it

You can paste the URL into any webhook provider's dashboard, but the fastest sanity check is a one-line curl from your laptop:

curl -X POST https://hookrelay.lovable.app/relay/<endpoint-id> \
  -H "Content-Type: application/json" \
  -d '{"event":"ping","ts":"2026-06-18T00:00:00Z"}'

If the inspector tab is open, the request shows up before the curl process exits.

4

Inspect payloads in real time

Click any log row to open the inspector drawer. You get the verb, full header list, raw body, and — if it parses as JSON — a pretty tree view. Filter by method, status, or substring to pinpoint the one weird request out of hundreds.

This is the part that usually wins people over from a static bin: you don't refresh, you don't poll, you just watch traffic land.

5

Add fan-out targets

Open the endpoint, paste an HTTPS URL into Targets, and hit add. Every incoming request now forwards to every active target in parallel, with retries and exponential backoff. Toggle a target off to mute it without losing the configuration.

Common patterns:

6

Replay and debug

Every relay attempt — status code, round-trip time, retry count, the first chunk of any error body — is captured on the original log entry. When a downstream rejects a request, you don't have to guess why; you can see the response inline.

Need a hand sharing a payload with a teammate? Copy any log row's curl command from the inspector and they can replay it locally.

Install the app on iOS & Android

HookRelay ships as a progressive web app — no App Store wait, no Play Store review.

On iOS (iPhone & iPad)

  1. 1Open hookrelay.lovable.app in Safari (not an in-app browser or Chrome on iOS).
  2. 2Tap the Share button in the toolbar.
  3. 3Choose Add to Home Screen from the action sheet.
  4. 4Confirm the name and tap Add. The HookRelay icon appears on your home screen and launches full-screen.

On Android

  1. 1Open hookrelay.lovable.app in Chrome (Edge and Brave work too).
  2. 2Watch for the Install banner at the bottom of the page, or open the browser menu () and choose Install app / Add to Home Screen.
  3. 3Confirm. Android places the icon on your launcher and registers it like a native app.
  4. 4Open it from the launcher — it runs in its own task, without the browser chrome.
You'll also see a one-tap Install banner inside the app itself the first time you visit. It uses the browser's native install prompt on Android and falls back to a guided "Add to Home Screen" sheet on iOS.

Frequently asked questions

Is HookRelay a drop-in RequestBin replacement?

For the inspector use case, yes — point your provider at the relay URL and watch payloads land. HookRelay adds fan-out, retries, and a real-time log stream, but you don't have to use any of them to get the "show me the request" experience.

How long are logs kept?

24 hours. Endpoints stay until you delete them; the request history rolls off automatically so old payloads don't pile up.

Can I use HookRelay in production?

HookRelay is purpose-built for debugging, staging, and traffic-shadowing. For production webhook ingestion, point your provider directly at your service and use HookRelay as a side-channel mirror.

Does the installed app work offline?

The app shell installs to your home screen and launches full-screen, but the inspector itself needs network access — it streams live traffic from the relay, which means no internet, no new logs.

What gets blocked at the relay?

Non-HTTPS URLs, loopback, link-local, RFC-1918 private ranges, and cloud metadata addresses. The relay enforces this so a misconfigured target can't be used to probe internal services.

Ready to stop hunting through logs?

Create your first relay endpoint in under a minute.