Does smee.io modify the request body?

No. It relays the raw bytes, so X-Device-Signature verification works exactly as in production — recompute hex(HMAC-SHA256(secret, timestamp + "." + body)) and compare.

Do I need to install anything?

Only Node — run the client with npx smee-client, no global install or tunnel binary required.

Is smee.io safe for production webhooks?

No. Channels are public and guessable. Use it for local development with throwaway signing secrets; for staging or production prefer a private tunnel or your real endpoint.

← All tools

Our notes

Forwarding UnifyPort webhooks to localhost with smee.io

UnifyPort delivers events to a public HTTPS URL. smee.io bridges that to your laptop with nothing but a Node client — no tunnel binary, no account.

Open smee.io → UnifyPort webhook docs

What smee.io solves

smee.io is a GitHub-maintained proxy: open it once and you get a public channel URL. Anything POSTed to that channel is re-broadcast to every connected client. Run the small smee-client on your machine and it replays each request against your local handler — so a webhook from the public internet reaches localhost without installing tunnel software.

Five-minute setup for a UnifyPort handler

Assuming your handler listens on port 3000:

1. Open smee.io and press Start a new channel. Copy the channel URL.
2. Register it via POST /v1/webhook-endpoints — set url to the channel and subscribed_events to ["*"] while iterating.
3. Run the client and point it at your local route:
4. Trigger an event provider-side — a Telegram DM, a WhatsApp message — and watch it arrive on localhost:3000.

npx smee-client -u https://smee.io/<channel> -t http://localhost:3000/events

Signature verification still works

smee forwards the raw body untouched, so the bytes your handler sees are exactly what UnifyPort signed. Verification is identical to production — recompute and compare against X-Device-Signature:

X-Device-Signature = hex( HMAC-SHA256( secret, timestamp + "." + raw_body ) )

To confirm by hand before writing code, run the same algorithm in our CyberChef walkthrough or offline with DevToys.

When smee.io is not the right answer

Anything production-shaped. The channel is public and guessable — assume anyone could read or inject traffic. Use throwaway secrets only.
High-frequency or latency-sensitive tests. The public relay adds a hop; a local tunnel like ngrok with its 4040 inspector is steadier.
You also need to inspect other HTTP traffic. smee only relays its channel; ngrok or Pipedream RequestBin give you a fuller view.

Common questions

Does smee.io modify the request body?: No. It relays the raw bytes, so X-Device-Signature verification works exactly as in production — recompute hex(HMAC-SHA256(secret, timestamp + "." + body)) and compare.
Do I need to install anything?: Only Node — run the client with npx smee-client, no global install or tunnel binary required.
Is smee.io safe for production webhooks?: No. Channels are public and guessable. Use it for local development with throwaway signing secrets; for staging or production prefer a private tunnel or your real endpoint.

Recommended UnifyPort dev loop

One account dedicated to local dev, the smee client running in a terminal pane, and your handler reloading on save. When a delivery looks off, re-trigger from the provider or replay from your handler logs — and verify the signature with CyberChef if it ever stops matching.