Testing Webhooks Locally
Receive Cresora webhooks on your local development machine.
To test webhooks locally, you need a publicly accessible HTTPS URL that tunnels to your local server.
Option 1 — ngrok (recommended)
# Install ngrok: https://ngrok.com/download
# Start your local server on port 3000
npm run dev
# In another terminal, start the tunnel
ngrok http 3000ngrok prints a URL like https://abc123.ngrok.io. Use this as your webhook endpoint URL in the Partner Portal.
ngrok free accounts generate a new URL each session. For stable development, use a static domain with ngrok's paid tier or one of the alternatives below.
Option 2 — Cloudflare Tunnel
# Install cloudflared: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/
cloudflared tunnel --url http://localhost:3000Option 3 — VS Code / GitHub Codespaces port forwarding
If you're using VS Code or a Codespace, forward your port and set the visibility to Public.
Registering your tunnel URL
- Go to Partner Portal → API Settings → Webhooks → Add Endpoint
- Enter your tunnel URL (e.g.
https://abc123.ngrok.io/webhooks/cresora) - Click Send test event to verify the endpoint is reachable
Triggering test events
From the Partner Portal you can send test deliveries for any event type without making a real API call. Or trigger events naturally by creating test payments in the sandbox.
Verifying signature in development
Use your endpoint's signing secret (from the Partner Portal) in your local environment:
# .env.local (never commit this)
CRESORA_WEBHOOK_SECRET=whsec_xxxxxxxxxxxxxxxxxxconst secret = process.env.CRESORA_WEBHOOK_SECRET;
verifyWebhook(req, secret);Never hardcode the signing secret in your code. Always load it from an environment variable or secrets manager.