PayPal Webhooks
How to Test PayPal Webhooks Locally (2026)
PayPal sends webhooks for payment, order, subscription, and dispute events. Unlike most providers, PayPal does not use a shared HMAC secret — it signs each webhook with an RSA certificate (SHA256withRSA), which you verify either by downloading the cert from the Paypal-Cert-Url header or by calling PayPal's verify-webhook-signature API.
Signature Header
Paypal-Transmission-Sig
Algorithm
SHA256withRSA (cert-based, not shared-secret HMAC)
Setup Guide
- 1Create a free HookSense endpoint at hooksense.com
- 2Copy your unique webhook URL (e.g. https://hook.hooksense.com/w/abc123)
- 3In the PayPal Developer Dashboard → Apps & Credentials → your app → Add Webhook
- 4Paste your HookSense URL and select the event types you want to receive
- 5Trigger an event with the Webhooks simulator or a sandbox transaction
- 6Watch the webhook — including all Paypal-Transmission-* headers — appear in HookSense in real-time
Common PayPal Webhook Events
PAYMENT.CAPTURE.COMPLETEDPAYMENT.CAPTURE.REFUNDEDCHECKOUT.ORDER.APPROVEDCHECKOUT.ORDER.COMPLETEDBILLING.SUBSCRIPTION.ACTIVATEDBILLING.SUBSCRIPTION.CANCELLEDBILLING.SUBSCRIPTION.PAYMENT.FAILEDCUSTOMER.DISPUTE.CREATEDForward to Localhost
Use HookSense CLI to forward PayPal webhooks directly to your local development server:
npx hooksense listen -p 3000 --path /api/integrations/paypalNo ngrok or tunnel setup required. Install with npm i -g hooksense or use npx.
Tips & Best Practices
- PayPal uses RSA cert verification, not a shared HMAC secret — verify against the cert at Paypal-Cert-Url or call POST /v1/notifications/verify-webhook-signature
- HookSense captures all five Paypal-Transmission-* headers so you can debug verification failures
- Use the PayPal Webhooks simulator to fire test events without a real transaction
- Sandbox and live events hit the same endpoint — use HookSense search to tell them apart
Related
Start Testing PayPal Webhooks
Create a free endpoint and receive your first PayPal webhook in seconds.
Get Started Free