Paddle Webhooks
How to Test Paddle Webhooks Locally (2026)
Paddle Billing sends webhooks for transaction, subscription, and customer events. Paddle signs each webhook with HMAC-SHA256 using your notification destination's secret key; the Paddle-Signature header carries a timestamp and the signature in a ts=...;h1=... format.
Signature Header
Paddle-Signature
Algorithm
HMAC-SHA256 (signed payload: timestamp:rawBody)
Setup Guide
- 1Create a free HookSense endpoint at hooksense.com
- 2Copy your unique webhook URL
- 3In Paddle → Developer Tools → Notifications → New destination
- 4Paste your HookSense URL and select the events you want to receive
- 5Copy the destination's secret key (pdl_ntfset_...) and add it to HookSense
- 6Use Paddle's 'Send simulated event' to fire a test webhook
- 7Watch the webhook appear in HookSense in real-time
Common Paddle Webhook Events
transaction.completedtransaction.paidtransaction.billedsubscription.createdsubscription.updatedsubscription.canceledsubscription.past_duecustomer.createdForward to Localhost
Use HookSense CLI to forward Paddle webhooks directly to your local development server:
npx hooksense listen -p 3000 --path /api/integrations/paddleNo ngrok or tunnel setup required. Install with npm i -g hooksense or use npx.
Tips & Best Practices
- The signed payload is timestamp:rawBody — verify against the raw, unparsed body
- Paddle enforces a 5-second timestamp tolerance by default to block replay attacks
- This is for Paddle Billing — Paddle Classic uses a different (RSA p_signature) scheme
- Use HookSense's simulated-event captures to build CI fixtures for subscription lifecycle tests
Related
Start Testing Paddle Webhooks
Create a free endpoint and receive your first Paddle webhook in seconds.
Get Started Free