catchbin Join the waitlist
Launching as a public beta — second half of 2026

Permanent webhook URLs. Inspect, replay, and debug — without losing history.

One tool that replaces webhook.site and ngrok — permanent webhook URLs, 30-day history, localhost forwarding, and signature debugging that tells you why verification failed.

catchbin launches as a public beta in the second half of 2026. Join the waitlist to get in early — it isn't open yet.

No spam. One email when we launch.

dashboard.catchbin.io / endpoint / abc123
stripe.payment_intent.succeeded 200 OK 14ms
github.pull_request.opened queued
shopify.orders.create 500 ERR 22ms
247 events captured today live
Free

For everyone, at launch

A free tier is available to anyone who signs up. Permanent webhook URLs are included — they don't expire.

Bin Crew
limited

For the early supporters

A limited number of Bin Crew accounts at launch — more generous than the free tier, and free for life for the developers who claim them.

Paid

For heavier use

Paid tiers handle solo developers and teams with higher-volume traffic. Permanent webhook URLs are included on every plan, including the free tier.

Exact limits and pricing aren't finalised yet. The waitlist gets first word when they are.

If you integrate Stripe, you've done this dance

You configured a webhook.site URL, copied it into the Stripe dashboard, watched events flow in for an afternoon — then came back a week later to find the URL had expired. The history is gone. You reconfigure Stripe.

Next attempt: the Stripe CLI. It forwards to localhost, which is what you wanted, except it only works for Stripe and only while your laptop is open. Your teammate can't reproduce the bug because the events never reached anywhere persistent.

So you pay for ngrok, pay for webhook.site Pro, glue them together, and the first signature failure you hit comes back as invalid signature — no indication of which byte, which header, or which middleware silently rewrote the body.

How it works

Three components: a permanent receiver, durable storage, and a small CLI that tunnels into your dev machine.

01

Catch

Stripe, GitHub, Shopify, or any generic POST hits your permanent catchbin URL. The URL is yours forever — it does not expire when your trial ends.

02

Store

Every byte is persisted for 30 days, encrypted at rest. Headers, raw body, timestamp, source IP. Searchable, exportable, replayable.

03

Forward / Replay

Pipe live events to localhost through the Go CLI, or replay any historical event to staging with a re-signed payload your handler will accept.

SIGNATURE DEBUGGER

Stop guessing why signatures fail.

When verification fails, catchbin compares what was signed against what arrived and tells you which assumption broke. Most failures are body-mutation issues introduced by a framework middleware between the wire and your handler.

  • Byte-level body comparison
  • Timestamp tolerance analysis
  • Secret format and header structure checks
evt_3PqZk2RxC7Lm1Q8F
signature failed
  • Raw body byte count: 1,847 received vs. 1,852 signed → mismatch
    Middleware is likely modifying body before handler sees it.
  • Timestamp age: 42s (within tolerance)
    Webhook arrived 42 seconds after Stripe signed it.
  • Secret format: starts with whsec_ (looks correct)
    Matches Stripe's secret prefix convention.
  • Header format: valid
    stripe-signature includes t=, v1=, and v0= as expected.

One command. Live on localhost.

The CLI is a single Go binary. No daemon, optional config file.

~/projects/api 
$ catchbin forward abc123 localhost:3000

 Connected to catchbin cloud receiver
 Forwarding endpoint: abc123 → localhost:3000

  [10:42:01] stripe.payment_intent.succeeded200 OK (14ms)
  [10:42:38] stripe.customer.updated200 OK (9ms)
  [10:44:55] stripe.charge.failed500 ERR (22ms)

Get in before catchbin opens.

Public beta lands in the second half of 2026. The waitlist hears first.

No spam. One email when we launch.