Stripe webhook logging and replay is live

Stripe webhook logging and replay shipped today. It's the first non-monitoring product feature in the Observare bundle, and it's available right now to anyone on the £5/month plan.

If you've ever spent an afternoon trying to debug a Stripe webhook in your local dev environment, you already know the pitch. If you haven't — let me explain why I built this.

The problem

Stripe webhooks are how your app finds out about real things happening in production: a customer paid you, a subscription was created, a card got declined. They're load-bearing infrastructure. And they're
frustrating to work with for three reasons:

1. You can't see them. Stripe sends a webhook, your server returns 200, the event is gone. If your handler had a bug, you find out hours later when something downstream breaks. Good luck reproducing it.

2. You can't replay them. Stripe's dashboard lets you re-deliver events from the last 30 days, but only to the same URL — so if you want to test a fix locally, you have to point Stripe at a tunnel or wait for a real customer to trigger the event again.

3. The tools that solve this aren't bundled. Hookdeck and Svix both do this well — but they're separate logins, separate dashboards, separate bills, and the smallest tiers start where indie devs would rather not be paying yet.

What's now in your dashboard

Open the new Tools → Stripe Webhooks section. You can create up to 10 webhook endpoints, each with its own URL.

For each endpoint, you tell Observare a name and (when you're ready) paste in the signing secret that Stripe gives you. From that moment on:

• Stripe sends events to your Observare URL. We verify the signature using your stored signing secret, store the full event payload + headers, and return 200 so Stripe doesn't retry.

• You see every event the moment it lands. Filter by All / Failed, search by event type (charge.succeeded, customer.subscription.updated, etc), click any event to see the full JSON payload
  pretty-printed.

• You replay any event with one click. Configure a replay URL (your staging environment, your localhost via ngrok, anywhere public). Click Replay on a stored event and Observare POSTs it to that URL with a freshly-signed Stripe-Signature header — your handler validates it exactly like a real Stripe event. Or switch the endpoint to "cURL mode" and Observare gives you a runnable command to copy-paste into your terminal instead.

• You get alerted when verification fails. Opt-in per endpoint. If your signing secret falls out of sync with Stripe's (e.g. you rotated it and forgot to update Observare), you get one email per 24 hours
  until you fix it — not a flood, just a heads-up.

Some details I'm proud of

A couple of decisions baked in that I want to call out, because they took some thought:

• We always return 200 to Stripe, even when the signature fails. This is the opposite of what most tutorials say. The reasoning: if we return a 4xx, Stripe retries the same broken event for three days,
  every retry hits our deduplication and gets discarded — pure noise. Returning 200 says "received, your event is safe with us" while still surfacing the failure prominently in your event log so you actually notice it.

• Replay signs with the source endpoint's secret, not the destination's. We don't ask you for a separate dev environment signing secret. The replay POST is signed with the same secret that received the
  event. That means your dev handler — which presumably is using the same Stripe signing secret as your production handler in test mode — will validate the replay correctly without any extra setup.

• SSRF guard on replay destinations. You can't accidentally (or maliciously) point replay at 127.0.0.1, RFC1918 ranges, link-local addresses, or cloud metadata IPs. Replay does a DNS lookup before
  fetching and refuses anything that resolves to a private address.

• 60 days of event history, automatic cleanup, no manual gardening. Plenty of headroom to debug something that happened last month.

How much does it cost

It costs nothing extra. The webhook logger is included in the existing £5/month subscription, alongside uptime / SSL / port / cron heartbeat monitoring and email + SMS alerts. There are no per-event fees, no overage charges, and no separate billing. The only soft limit is 10 endpoints per account and a 100,000 events/month banner that's purely informational — events still get received and logged either way.

What's next

The next feature on the roadmap is public branded status pages — every customer gets a hosted status page that surfaces their monitors, brandable, sharable, fronting the same data their dashboard shows.
After that: more alert channels (Slack, Discord, WhatsApp, generic webhook), and then the agent for local/internal monitoring.

If any of this is useful to you, the bundle is £5/month and I'm taking beta testers — hit the contact form on the marketing site if you want in.