Where can I find a real GitHub webhook payload to test with?

Three places: (1) Settings → Webhooks → [your webhook] → Recent Deliveries on any GitHub repo. (2) The github.event context in any GitHub Actions log. (3) The webhooks page of your custom GitHub App.

Why is the commits array sometimes empty?

For deletion events (deleted=true) or branch creation without new commits. Also for pushes that contain only merge commits with no new file changes — though usually the array has at least the merge commit.

How do I distinguish a fork PR from a same-repo PR?

Compare pull_request.head.repo.full_name to pull_request.base.repo.full_name. If they differ, it's from a fork — important for security since fork PRs run with restricted GITHUB_TOKEN permissions.

What does the "type" field on sender mean?

User, Bot, or Organization. Bot covers GitHub Apps and built-in automations like dependabot. Filter on type=User if you only want human-triggered events.

Are all GitHub webhook events JSON?

Yes, for the JSON content-type (the default). GitHub also supports application/x-www-form-urlencoded, but only legacy integrations use it. You can configure the format per-webhook in repo settings.

GitHub Webhook JSON Formatter

Pretty-print GitHub webhook JSON in your browser. Pre-loaded with a real push event sample. Inspect commits, repository, sender, and head_commit fields.

Indent:

Input

847 chars

Output

0 chars

GitHub Webhooks Are the Backbone of CI/CD

Every push, PR, issue comment, and workflow run can fire a webhook. The payloads are deeply nested — a single pull_request event can be 50KB+ of JSON — and you'll spend a lot of time scanning them while debugging GitHub Actions, Probot apps, or Slack/Discord notifiers. This page is pre-loaded with a representative push event so you can see the canonical structure. Replace it with your own captured payload (from github.event in Actions logs, your webhook receiver's logs, or the GitHub UI's "Recent Deliveries" tab).

The Three Levels of Every GitHub Event

Most webhook payloads share a three-level shape:

Event-specific top-level fields — For push: ref, before, after, commits[], head_commit. For pull_request: action, number, pull_request object. For issues: action, issue. The action field on *.{opened,closed,edited,...} events is what you switch on in your handler.
repository — The repo where the event happened. Always present. full_name, owner.login, default_branch, private are the most-used fields.
sender — The user who triggered the event. login, id, type (User vs Bot vs Organization). For automated events, type=Bot.

Common GitHub Webhook Tasks

"Did this push happen on the default branch?" Compare ref (e.g., refs/heads/main) against repository.default_branch (e.g., main). The ref includes the refs/heads/ prefix; the default branch doesn't.

"Was this a force push?" Check the forced boolean on the push event. true means git history was rewritten — flag it loudly in your security tooling.

"Who actually opened this PR?" Use pull_request.user.login, not sender.login. The sender of a pull_request.opened event is the same person, but for pull_request.synchronize (new commits pushed), sender is the pusher while pull_request.user is the original PR author.

"What files changed in this push?" Walk commits[].added, commits[].removed, and commits[].modified arrays. For pushes with more than 20 commits, GitHub truncates the array — fall back to the Compare API (compare URL).

Verifying GitHub Signatures

GitHub signs every webhook with HMAC-SHA256 using your webhook secret. The signature lives in the X-Hub-Signature-256 header. Verify it before parsing the body in production. Use a constant-time comparison — string equality is vulnerable to timing attacks.

Related Tools

Generic JSON Formatter
Stripe Webhook Formatter
Discord Webhook Formatter
Hash Generator — for HMAC-SHA256 signature verification

Common Use Cases

Stripe Webhook JSON Formatter

Format and inspect Stripe webhook payloads — auto-pretty-print events like charge.succeeded, invoice.paid, and customer.subscription.updated.

GitHub Webhook JSON Formatter

Format and inspect GitHub webhook payloads — auto-pretty-print push, pull_request, issues, and workflow_run events.

Discord Webhook JSON Formatter

Format and validate Discord webhook payloads — pretty-print embeds, fields, allowed_mentions, and component arrays.

Slack Webhook & Event JSON Formatter

Format Slack webhook payloads, Block Kit messages, and Events API JSON — pretty-print and validate against Slack's schemas.

JSON to YAML: Practical Guide for Kubernetes, Helm, Docker

Convert JSON to YAML for Kubernetes, Helm, and Docker Compose. Covers yq, Python, js-yaml, multiline strings, boolean hazards, and null handling.

JSONPath Tutorial: Querying JSON Data Like a Pro

Master JSONPath syntax for querying JSON data. Learn expressions, filters, recursive descent, and practical examples for API responses and config files.

CSV to JSON Conversion: Methods, Libraries, and Best Practices

Learn how to convert CSV to JSON in JavaScript, Python, and the command line. Covers delimiter handling, type inference, and common edge cases.

JSON vs XML: A Complete Comparison for 2026

Compare JSON and XML side by side. Learn the differences in syntax, performance, readability, and when to use each format in your projects.

GitHub Webhook JSON Formatter

GitHub Webhooks Are the Backbone of CI/CD

The Three Levels of Every GitHub Event

Common GitHub Webhook Tasks

Verifying GitHub Signatures

Related Tools

Common Use Cases

Related Articles