A drop-in inbox between Stripe or Shopify and your handler. Verifies signatures, stores raw payloads and headers, retries failures with backoff, and lets you replay any event from a dashboard — without changing a line of your handler code.
Point Stripe or Shopify at our ingest URL. Keep your existing endpoint code untouched — the URL swap is the only change in your stack.
# Stripe or Shopify → Webhooks → Edit endpoint https://inbox.sidelabs.dev/ingest/stripe/src_acme_stripe
The provider signature is checked against your signing secret. Full payload + headers retained for the entire retention window — append-only, ClickHouse-backed.
POST /ingest/stripe/src_acme_stripe 200 OK
# stored: evt_1Q2nWxKa9Rm6PzQy verified: true
Same payload, same provider headers. Your handler can't tell the difference. We add only an X-Inbox-Event-Id for traceability.
→ POST https://api.acme.com/stripe-webhook
Stripe-Signature: t=1735689600,v1=...
→ 200 OK (84ms)
Exponential backoff (1m → 5m → 15m → 1h → 4h, up to 5 attempts). Anything still failing is one click away in the dashboard. Per-event auto-retry pause via the API.
attempt 1 504 GATEWAY_TIMEOUT attempt 2 5XX (retrying in 5m) attempt 3 200 OK (delivered)
Stripe and Shopify signatures are verified before forwarding. Failed signatures land in a separate bucket — never silently forwarded to your handler.
Single event replay re-fires through your forwarder with the original payload and provider headers intact. Original timestamp preserved.
Events that exhaust retries stay marked failed and queryable from the dashboard. Inspect the failure, fix the handler, replay when ready. Per-event auto-retry pause via API.
Filter by event id, type, status, source, or time window. Fast at 100M+ events — ClickHouse-backed, partitioned by month.
30 days on Pro, 90 days on Business. Raw events and delivery attempts both — not the 3-day debugger window you get from a forwarding tunnel.
URL swap. Your handler keeps its route, signature check, and framework. Leave anytime by pointing the provider back at yourself — your data goes with you.
| Webhook Inbox | DIY (SQS / Lambda / PG) | |
|---|---|---|
| Time to working setup | 5 minutes | 2–5 days |
| Provider signature verification | Built-in, before storage | You write it in the handler |
| Replay UI | One click per event | SQS re-drive + hope you saved the body |
| Per-event retry pause | PATCH /api/events/<id>/retry | Build a flag table + worker logic |
| 30-day searchable archive | ClickHouse, included | CloudWatch + JSON.stringify diving |
| Cost at 1M events / mo | Flat $99 (Business) | ≈$40–80 infra + your time |
| Vendor lock-in | URL swap, leave anytime | None (it's yours) |
| Webhook Inbox | Inngest / Trigger.dev | |
|---|---|---|
| Migration cost | URL swap | Rewrite handlers as workflows |
| Keeps your existing handler | Yes, untouched | No — workflow steps |
| Provider-specific recipes | Stripe and Shopify | Generic step functions |
| Long-running tasks | Out of scope | Yes |
| Step functions / fan-out | Out of scope | Yes |
| Right tool when… | You only need to not lose events | You're rebuilding async logic |
| Webhook Inbox | Hookdeck | |
|---|---|---|
| Scope | Inbound provider recovery | Full event gateway (in + out) |
| 30-day retention | $19 / mo (Pro) | $39 / mo Team |
| Provider recipes | Stripe and Shopify | Generic gateway |
| Self-hosted option | Yes, single-binary Go | Cloud only |
| SOC2 / SSO / SAML | Not yet | Yes (Growth+) |
| Right tool when… | One big provider, no enterprise needs | Full gateway, multi-direction |
Try the recovery inbox against a single Stripe or Shopify source. No card.
For SaaS teams running production webhooks across a few providers.
For teams whose billing pipeline depends on every event landing.
Need to run the inbox inside your own VPC? Email support@sidelabs.dev for self-hosted pricing.
You give us a provider signing secret and your existing handler URL. We give you an ingest URL to paste into Stripe or Shopify. From that moment, every provider event is captured, verified, and forwarded — and any failure is one click away in the inbox.
Full instructions, including how we verify signatures and what headers we forward, live in the setup guide.
Stripe guide Shopify guide# 1. Create your source in Webhook Inbox curl -X POST https://inbox.sidelabs.dev/api/sources \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ --data '{ "id": "src_acme_stripe", "signing_secret": "whsec_...", "destination_url": "https://api.acme.com/stripe-webhook", "timeout_ms": 10000 }' # 2. In Stripe or Shopify → Webhooks → Add endpoint: # https://inbox.sidelabs.dev/ingest/stripe/src_acme_stripe # 3. Copy the provider signing secret and save via the same POST. # Done. Failed deliveries land here: open https://inbox.sidelabs.dev/app/
Point Stripe or Shopify at our ingest URL. We'll catch what your handler drops.