Skip to content

Using Requestb.in#

If you are tempted to use requestb.in to test your webhooks, please don't! I love requestb.in, but the August API sometimes returns a new access token the response, including webhook callbacks. Since the requestb.in bins are not secure (there is no username or password), then anyone who guesses your bin id can get your access token. And with your access token, they can control all your locks.

Private bins might be an improvement, but then you're still sharing your access tokens with the requestb.in folks, so it is still not secure.

Protect your access tokens!

Local Tool#

I'm testing a local instance of RequestBin at /webhooktests

Since I am running it locally, and I've done some basic Auth protection for the page, I feel ok about August developers using it. That is, I don't worry about Auth credentials leaking to a third party quite as much.

It is not configured for heavy use (only one worker) but it could help you with testing webhooks and the async callbacks from the new Remote Pin Management APIs.

Let me know what you think about its utility, if you use it.

/Andy