Agentic Webhook Testing with MCP

|6 min read
Contents

AI coding assistants are great at writing code. They're not so great at verifying that code works against real external services. Webhook integrations are a particularly painful example — the assistant can write a handler, but it can't trigger a Stripe payment, wait for the webhook, and confirm the handler actually processed it.

CatchHook's MCP server bridges that gap. It gives your AI assistant 20 tools to work with your webhook endpoints directly: create endpoints, wait for traffic, inspect payloads, diagnose failures, compare events, and more. The debugging loop that used to involve bouncing between your editor, CatchHook's dashboard, and Stripe's dashboard can happen entirely in conversation.

Setup

1. Create an API Token

Go to Account Settings → API Tokens in CatchHook. Create a token with both read and write scopes.

2. Configure Your Editor

Claude Code:

claude mcp add catchhook --transport http \
  --url https://catchhook.app/mcp \
  --header "Authorization: Bearer YOUR_TOKEN"

Cursor — add to .cursor/mcp.json:

{
  "mcpServers": {
    "catchhook": {
      "url": "https://catchhook.app/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_TOKEN"
      }
    }
  }
}

Windsurf — add to ~/.codeium/windsurf/mcp_config.json:

{
  "mcpServers": {
    "catchhook": {
      "serverUrl": "https://catchhook.app/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_TOKEN"
      }
    }
  }
}

Codex CLI:

export CATCHHOOK_TOKEN="YOUR_TOKEN"
codex mcp add catchhook --url https://catchhook.app/mcp \
  --bearer-token-env-var CATCHHOOK_TOKEN

Workflow: Building a Stripe Webhook Handler

Here's what an end-to-end agentic workflow looks like. Each step is just a natural language request to your assistant.

Step 1: Create an Endpoint

Create a CatchHook endpoint called stripe-checkout-dev

The assistant calls create_endpoint and returns the webhook URL. Paste this into Stripe's webhook settings.

Step 2: Wait for Traffic

Wait for the next Stripe checkout.session.completed event on that endpoint

The assistant calls wait_for_request with the provider and event type filters. It blocks until a matching webhook arrives (up to 30 seconds), then shows the full payload with provider context.

While it's waiting, go trigger the event — complete a checkout flow in Stripe's test mode.

Step 3: Inspect the Payload

Show me the full request details

The assistant calls get_request and shows headers, body, provider detection, event type, and signature status. Now you both know exactly what data the handler needs to work with.

Step 4: Write the Handler

Write a Rails controller action to handle this Stripe checkout event

The assistant has seen the real payload. It writes a handler that matches the actual data shape — not a guess from Stripe's documentation examples.

Step 5: Diagnose Issues

Diagnose request req_abc123

The assistant calls diagnose_request and gets back signature verification status, provider setup checks, and recommended next steps. If the signing secret isn't configured, it'll tell you. If the signature format is wrong, it explains why.

Step 6: Compare Events

Compare this checkout event with the previous one

The assistant calls compare_requests with both request IDs. The diff highlights provider-aware differences — not just raw JSON changes, but semantic ones like "amount changed from $20 to $50" or "customer ID is different."

Step 7: Test Locally via Tunnel

For actually getting the webhook to your local server, you'll want to start the CatchHook tunnel in a separate terminal:

npx @catchhook/tunnel start --provider stripe --port 3000

Then ask your assistant to send a test request or wait for the next event. The tunnel handles delivery to localhost — the MCP tools handle the inspection, diagnosis, and comparison from within your editor.

Step 8: Verify and Iterate

Wait for the next checkout event and diagnose it

The assistant chains wait_for_request and diagnose_request. You trigger another checkout in Stripe, and the assistant confirms the webhook arrived, checks signature status, and flags anything unusual. If your handler returns a 500, you can inspect what went wrong without leaving the editor.

Available MCP Tools

Endpoint Management

Tool What it does
list_endpoints List all endpoints with URLs, tunnel status, provider info
get_endpoint Endpoint details including provider setup checks
create_endpoint Create a webhook or email endpoint
delete_endpoint Delete an endpoint and its captured requests

Request Inspection

Tool What it does
list_requests List requests with provider, event type, and signature filters
get_request Full request: headers, body, query params, provider context
delete_request Delete a single request
delete_all_requests Delete all requests on an endpoint

Agentic Workflow

Tool What it does
wait_for_request Block until a matching webhook arrives (up to 30s)
send_test_request Send a test webhook to verify endpoint connectivity

Replay and Forwarding

Tool What it does
replay_request Replay to a public target URL with safety warnings
list_actions List endpoint actions
create_action Create an endpoint action with steps
delete_action Remove an action
get_action_runs View action execution traces

Analysis and Diagnostics

Tool What it does
diagnose_request Provider detection, signature check, setup status, replay risk
compare_requests Provider-aware diff highlighting semantic changes
get_endpoint_metrics Request counts, error rates, status breakdown

Alerts

Tool What it does
list_alerts List endpoint alerts
create_alert Create alerts for missing webhooks, errors, volume spikes

Tips for Effective Agentic Testing

Be specific about what you want

"Wait for the next Stripe invoice.paid event" works way better than "wait for something." The filters on wait_for_request narrow the search so you're not sifting through noise.

Use compare for regression testing

After changing your handler, trigger the same event type again and compare the two requests. The diff tells you whether the provider sent different data or your handler is just responding differently to the same input.

Diagnose before reading code

When a webhook handler fails, the instinct is to read the code. But if the signature is failing because the secret isn't configured, no amount of code reading will find that. Ask the assistant to diagnose the request first — it'll save you the trip.

Pair MCP tools with the tunnel

MCP tools are great for inspection, diagnosis, and comparison from within your editor. The tunnel is what actually gets webhooks to your local server. Use them together: tunnel for delivery, MCP for understanding what was delivered and whether your handler got it right.

Authentication and Security

MCP tokens use the same API token system as CatchHook's REST API. Tokens require:

  • read scope for inspection and listing tools
  • write scope for creating endpoints, replaying, and managing actions

Tokens are account-scoped — the assistant can only access your endpoints and requests. Create and manage tokens in Account Settings → API Tokens.

Try it yourself

Start catching webhooks in under 30 seconds. No credit card required.