Developer Guide

Written by Casper Fenger Jensen • Updated 2026-04-14

How to Test Webhooks on Localhost Over HTTPS

Receive webhooks on a local app over HTTPS without opening inbound firewall rules or keeping a manually configured reverse proxy around for development.

Webhook testing is one of the most practical reasons to give localhost a secure public URL. Bore lets Stripe, GitHub, Slack, or a custom integration post into a local machine over HTTPS while you keep the receiving app on localhost.

test webhooks localhost httpswebhook tunnel localhosthttps webhook local development

Install Bore

curl -sL https://bore.dk/install.sh | bash

Useful for Stripe, GitHub, Slack, and custom senders

No inbound network setup

Stable URLs help avoid reconfiguring webhook targets

How It Works

Simple local workflow, real HTTPS externally

Step 1

Run the webhook receiver locally

Start the local server that will accept webhook calls.

Step 2

Expose the receiver with Bore

Create the public HTTPS URL for the webhook sender.

bore up 3000

Step 3

Register that URL with the provider

Use the Bore hostname in the webhook provider configuration instead of localhost.

Step 4

Reuse the same namespace for later sessions

Persistent namespaces reduce repeated provider reconfiguration across debugging sessions.

Where Bore Differs

Bore can keep HTTPS on reserved child hosts too

Most tunnel workflows stop at one public hostname. Bore can keep your main app on one HTTPS namespace and reserve a child host like `api.<namespace>.bore.dk` for a second local service.

bore host add <namespace> api
bore host set-port <namespace> api 3001

That matters when frontend and API origins need to stay separate in local development, or when webhook, auth, and admin traffic should not all share one hostname.

FAQ

Common questions

How do I test webhooks on localhost over HTTPS?

Expose the local webhook receiver with Bore and register the resulting HTTPS URL in the provider. That is usually much simpler than maintaining your own public ingress for development.

Why do stable webhook URLs matter?

Changing webhook targets repeatedly wastes time and increases the chance of stale configuration. A persistent namespace reduces that friction.

Can I route webhooks to a dedicated child host?

Yes. Bore can reserve a child host so webhook traffic uses a separate HTTPS hostname from the main app.

Related Guides

More HTTPS development guides

View all guides

How to Test Secure Cookies and Auth Flows in Local Development

Use a real HTTPS origin in development for secure cookies, browser auth behavior, embedded flows, and feature checks that do not behave the same way on plain HTTP localhost.

How to Use OAuth Callbacks With Localhost HTTPS

Handle OAuth and SSO callback flows in local development with a real HTTPS URL instead of trying to fit providers around plain localhost.

How to Expose a Local API Over HTTPS

Put a local API on a real HTTPS URL for browser clients, mobile apps, webhook callbacks, and partner integrations without adding local TLS complexity.

How to Open Localhost on HTTPS From Your Phone or Another Device

Test a local app or API on a phone, tablet, or another laptop over HTTPS without opening your whole machine to the internet or sharing raw LAN URLs.