DEV Community: Jibran Usman The latest articles on DEV Community by Jibran Usman (@jibranusman95). https://dev.to/jibranusman95 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3965902%2F023010ee-a64d-4d53-aba0-1488285dc4d1.jpeg DEV Community: Jibran Usman https://dev.to/jibranusman95 en The webhook inbox pattern: stop writing this controller by hand Jibran Usman Tue, 16 Jun 2026 18:33:10 +0000 https://dev.to/jibranusman95/the-webhook-inbox-pattern-stop-writing-this-controller-by-hand-17an https://dev.to/jibranusman95/the-webhook-inbox-pattern-stop-writing-this-controller-by-hand-17an <p>Every Rails app that takes Stripe webhooks has some version of this controller:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">def</span> <span class="nf">create</span> <span class="n">payload</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="nf">body</span><span class="p">.</span><span class="nf">read</span> <span class="n">sig_header</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="nf">env</span><span class="p">[</span><span class="s2">"HTTP_STRIPE_SIGNATURE"</span><span class="p">]</span> <span class="n">event</span> <span class="o">=</span> <span class="no">Stripe</span><span class="o">::</span><span class="no">Webhook</span><span class="p">.</span><span class="nf">construct_event</span><span class="p">(</span><span class="n">payload</span><span class="p">,</span> <span class="n">sig_header</span><span class="p">,</span> <span class="no">ENV</span><span class="p">[</span><span class="s2">"STRIPE_SECRET"</span><span class="p">])</span> <span class="k">return</span> <span class="n">head</span> <span class="ss">:ok</span> <span class="k">if</span> <span class="no">StripeEvent</span><span class="p">.</span><span class="nf">exists?</span><span class="p">(</span><span class="ss">stripe_id: </span><span class="n">event</span><span class="p">.</span><span class="nf">id</span><span class="p">)</span> <span class="no">StripeEvent</span><span class="p">.</span><span class="nf">create!</span><span class="p">(</span><span class="ss">stripe_id: </span><span class="n">event</span><span class="p">.</span><span class="nf">id</span><span class="p">,</span> <span class="ss">payload: </span><span class="n">payload</span><span class="p">)</span> <span class="no">HandleStripeEventJob</span><span class="p">.</span><span class="nf">perform_later</span><span class="p">(</span><span class="n">event</span><span class="p">.</span><span class="nf">id</span><span class="p">)</span> <span class="n">head</span> <span class="ss">:ok</span> <span class="k">rescue</span> <span class="no">Stripe</span><span class="o">::</span><span class="no">SignatureVerificationError</span> <span class="n">head</span> <span class="ss">:unauthorized</span> <span class="k">rescue</span> <span class="no">ActiveRecord</span><span class="o">::</span><span class="no">RecordNotUnique</span> <span class="n">head</span> <span class="ss">:ok</span> <span class="k">end</span> </code></pre> </div> <p>I've written this in at least four different Rails apps. I've seen it copied from the same three blog posts. And I've had it break in production — twice.</p> <h2> The problem with hand-rolling it </h2> <p>It looks fine. It's not fine.</p> <p><strong>The race condition.</strong> Stripe retries failed webhooks. Two retries can arrive within milliseconds of each other. Both hit <code>StripeEvent.exists?</code> before either has committed a row. Both return false. Both create a row. Now your <code>customer.subscription.created</code> handler has fired twice — you've created two subscriptions, charged the customer twice, sent two welcome emails.</p> <p>The <code>rescue ActiveRecord::RecordNotUnique</code> at the bottom is the fix, but it's easy to miss, and it only works if you have a unique index on <code>stripe_id</code>. Most people add the check but forget the index.</p> <p><strong>The missing replay.</strong> Your handler has a bug. It's been failing silently for 6 hours. You've lost 40 events. You want to reprocess them. Your options are: query the raw payload from wherever you stored it, manually re-trigger the job for each one, and hope you got it right. There's no dashboard showing you what failed, no replay button, no error messages.</p> <p><strong>The tight coupling.</strong> The controller does too much — it verifies, deduplicates, stores, and enqueues, all inline. Every time you add a provider (Shopify, GitHub, Twilio), you copy-paste and adapt. It diverges immediately.</p> <h2> The inbox pattern </h2> <p>The solution is well-known in backend circles. Store every incoming webhook immediately, then process asynchronously. Deduplication happens at the storage layer, not the application layer. Processing failures are recoverable because the original payload is always there.</p> <p>Every blog post about this teaches you to build it yourself. RailsConf 2023 had a whole workshop on it. AppSignal wrote about it. They all show the same ~50 lines and send you on your way.</p> <p>I got tired of writing those 50 lines. So I packaged them.</p> <h2> webhook_inbox </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>bundle add webhook_inbox rails generate webhook_inbox:install rails db:migrate </code></pre> </div> <p>The generator creates the <code>webhook_inbox_events</code> table and an initializer stub.</p> <p>Wire up your controller:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">StripeWebhooksController</span> <span class="o">&lt;</span> <span class="no">ApplicationController</span> <span class="kp">include</span> <span class="no">WebhookInbox</span><span class="o">::</span><span class="no">Receiver</span> <span class="n">receive_from</span> <span class="ss">:stripe</span><span class="p">,</span> <span class="ss">secret: </span><span class="o">-&gt;</span> <span class="p">{</span> <span class="no">ENV</span><span class="p">[</span><span class="s2">"STRIPE_WEBHOOK_SECRET"</span><span class="p">]</span> <span class="p">}</span> <span class="k">def</span> <span class="nf">create</span> <span class="n">receive_webhook!</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Register your handlers:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># config/initializers/webhook_inbox.rb</span> <span class="no">WebhookInbox</span><span class="p">.</span><span class="nf">configure</span> <span class="k">do</span> <span class="o">|</span><span class="n">config</span><span class="o">|</span> <span class="n">config</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="ss">:stripe</span><span class="p">,</span> <span class="s2">"customer.subscription.created"</span><span class="p">)</span> <span class="k">do</span> <span class="o">|</span><span class="n">event</span><span class="o">|</span> <span class="no">CreateSubscriptionJob</span><span class="p">.</span><span class="nf">perform_later</span><span class="p">(</span><span class="n">event</span><span class="p">.</span><span class="nf">parsed_payload</span><span class="p">)</span> <span class="k">end</span> <span class="n">config</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="ss">:stripe</span><span class="p">,</span> <span class="s2">"invoice.payment_failed"</span><span class="p">)</span> <span class="k">do</span> <span class="o">|</span><span class="n">event</span><span class="o">|</span> <span class="no">NotifyPaymentFailedJob</span><span class="p">.</span><span class="nf">perform_later</span><span class="p">(</span><span class="n">event</span><span class="p">.</span><span class="nf">parsed_payload</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>That's it. <code>receive_webhook!</code> runs the full pipeline:</p> <ol> <li>Verifies the Stripe signature → <code>401</code> on failure</li> <li>Inserts the event into the DB — the unique constraint on <code>[provider, event_id]</code> is the deduplication mechanism, not application code</li> <li>Enqueues <code>WebhookInbox::ProcessJob</code> via ActiveJob</li> <li>Responds <code>200 OK</code> </li> </ol> <p>The race condition is gone. The DB unique constraint is enforced at the transaction level. Two simultaneous identical deliveries can't both succeed — one will hit <code>ActiveRecord::RecordNotUnique</code> and return <code>200</code> silently. No double processing.</p> <h2> Why the DB constraint, not application code </h2> <p>The critical design decision is putting deduplication in the database, not the controller.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">add_index</span> <span class="ss">:webhook_inbox_events</span><span class="p">,</span> <span class="p">[</span><span class="ss">:provider</span><span class="p">,</span> <span class="ss">:event_id</span><span class="p">],</span> <span class="ss">unique: </span><span class="kp">true</span> </code></pre> </div> <p>Application-level checks (<code>exists?</code> before <code>create!</code>) have a TOCTOU (time-of-check-time-of-use) race: two processes can both read false from <code>exists?</code> before either has written. Database constraints don't have this problem — they're enforced atomically at the transaction level by the DB engine.</p> <p>The constraint works on SQLite, PostgreSQL, and MySQL. No Redis, no distributed locks, no external services.</p> <h2> Replay and visibility </h2> <p>Every event is stored with its full payload, status, attempt count, and any error message from failures.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">WebhookInbox</span><span class="o">::</span><span class="no">Event</span><span class="p">.</span><span class="nf">failed</span><span class="p">.</span><span class="nf">each</span><span class="p">(</span><span class="o">&amp;</span><span class="ss">:retry!</span><span class="p">)</span> <span class="no">WebhookInbox</span><span class="o">::</span><span class="no">Event</span><span class="p">.</span><span class="nf">for_provider</span><span class="p">(</span><span class="ss">:stripe</span><span class="p">).</span><span class="nf">where</span><span class="p">(</span><span class="ss">event_type: </span><span class="s2">"invoice.payment_failed"</span><span class="p">)</span> <span class="n">event</span><span class="p">.</span><span class="nf">status</span> <span class="c1"># =&gt; "failed"</span> <span class="n">event</span><span class="p">.</span><span class="nf">error_message</span> <span class="c1"># =&gt; "RuntimeError: customer not found\n app/jobs/..."</span> <span class="n">event</span><span class="p">.</span><span class="nf">attempts</span> <span class="c1"># =&gt; 3</span> <span class="n">event</span><span class="p">.</span><span class="nf">retry!</span> <span class="c1"># → re-enqueues the handler job</span> </code></pre> </div> <p>Mount the dashboard in <code>config/routes.rb</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">mount</span> <span class="no">WebhookInbox</span><span class="o">::</span><span class="no">Engine</span> <span class="o">=&gt;</span> <span class="s2">"/webhook_inbox"</span> </code></pre> </div> <p>The dashboard shows all events with status badges, full JSON payload, and a replay button per event. When something goes wrong at 2am, you want to see exactly what failed and reprocess it from a browser — not dig through logs.</p> <h2> Testing </h2> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># spec/rails_helper.rb</span> <span class="nb">require</span> <span class="s2">"webhook_inbox/rspec"</span> <span class="no">RSpec</span><span class="p">.</span><span class="nf">describe</span> <span class="s2">"Stripe billing"</span><span class="p">,</span> <span class="ss">type: :request</span> <span class="k">do</span> <span class="n">it</span> <span class="s2">"creates a subscription on webhook"</span> <span class="k">do</span> <span class="n">deliver_webhook</span><span class="p">(</span><span class="ss">:stripe</span><span class="p">,</span> <span class="s2">"customer.subscription.created"</span><span class="p">,</span> <span class="ss">payload: </span><span class="p">{</span> <span class="ss">data: </span><span class="p">{</span> <span class="ss">object: </span><span class="p">{</span> <span class="ss">id: </span><span class="s2">"sub_123"</span><span class="p">,</span> <span class="ss">customer: </span><span class="s2">"cus_456"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">})</span> <span class="n">perform_enqueued_jobs</span> <span class="n">expect</span><span class="p">(</span><span class="no">Subscription</span><span class="p">.</span><span class="nf">find_by</span><span class="p">(</span><span class="ss">stripe_id: </span><span class="s2">"sub_123"</span><span class="p">)).</span><span class="nf">to</span> <span class="n">be_active</span> <span class="k">end</span> <span class="n">it</span> <span class="s2">"ignores duplicate deliveries"</span> <span class="k">do</span> <span class="mi">2</span><span class="p">.</span><span class="nf">times</span> <span class="k">do</span> <span class="n">deliver_webhook</span><span class="p">(</span><span class="ss">:stripe</span><span class="p">,</span> <span class="s2">"customer.subscription.created"</span><span class="p">,</span> <span class="ss">event_id: </span><span class="s2">"evt_fixed_id"</span><span class="p">,</span> <span class="ss">payload: </span><span class="p">{})</span> <span class="k">end</span> <span class="n">expect</span><span class="p">(</span><span class="no">WebhookInbox</span><span class="o">::</span><span class="no">Event</span><span class="p">.</span><span class="nf">count</span><span class="p">).</span><span class="nf">to</span> <span class="n">eq</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p><code>deliver_webhook</code> signs the request with HMAC-SHA256 the same way Stripe does. The signature passes real verification — no mocking of the signature check, no bypassing the controller logic.</p> <h2> What about stripe_event? </h2> <p><a href="https://github.com/integrallis/stripe_event" rel="noopener noreferrer">stripe_event</a> is a great event router — 14.5M downloads — and it's not what webhook_inbox replaces. stripe_event routes events to handlers. It has no storage, no deduplication, no replay.</p> <p>If you use stripe_event, webhook_inbox sits underneath it as the storage and dedup layer. They're complementary.</p> <h2> One more thing: body rewinding </h2> <p>One sharp edge that burned me during development: Rails middleware can consume <code>request.body</code> before your controller sees it. If you read the body for signature verification, it's gone by the time you try to read it again for storage.</p> <p>The fix is explicit: <code>request.body.rewind</code> before every read. The gem handles this internally — <code>read_request_body</code> rewinds before reading, and the raw body is passed explicitly to the provider adapter rather than re-reading from the request. It's boring plumbing but it has to be right.</p> <h2> Get it </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>bundle add webhook_inbox rails generate webhook_inbox:install rails db:migrate </code></pre> </div> <p>GitHub: <a href="https://github.com/jibranusman95/webhook_inbox" rel="noopener noreferrer">jibranusman95/webhook_inbox</a></p> <p>If you hit something weird or have a use case I haven't thought of, open an issue. I read them all.</p> ruby rails webdev opensource Why WebMock Stubs Lie (And What To Do About It) Jibran Usman Wed, 03 Jun 2026 06:50:25 +0000 https://dev.to/jibranusman95/why-webmock-stubs-lie-and-what-to-do-about-it-4990 https://dev.to/jibranusman95/why-webmock-stubs-lie-and-what-to-do-about-it-4990 <p>You've written the test. WebMock is set up. The stub returns 200. Everything is green.</p> <p>Then Stripe ships a breaking change, your code sends a malformed request body, and you find out in production.</p> <p>Your tests lied to you.</p> <h2> The Problem With Stubs </h2> <p>WebMock is excellent at what it does. But what it does is intercept HTTP calls and return whatever you told it to return — regardless of whether your request was valid.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">stub_request</span><span class="p">(</span><span class="ss">:post</span><span class="p">,</span> <span class="s2">"https://api.stripe.com/v1/charges"</span><span class="p">)</span> <span class="p">.</span><span class="nf">to_return</span><span class="p">(</span><span class="ss">status: </span><span class="mi">200</span><span class="p">,</span> <span class="ss">body: </span><span class="p">{</span> <span class="ss">id: </span><span class="s2">"ch_123"</span> <span class="p">}.</span><span class="nf">to_json</span><span class="p">)</span> </code></pre> </div> <p>This stub will return 200 whether you send:</p> <ul> <li>A perfectly formed request</li> <li>A request missing the required <code>amount</code> field</li> <li>A request with a completely wrong content type</li> <li>Nothing at all</li> </ul> <p>You're not testing that your integration works. You're testing that your code calls a URL.</p> <h2> VCR Cassettes Are Worse </h2> <p>VCR records real HTTP interactions and replays them. That sounds great until:</p> <ul> <li> <strong>Cassettes go stale.</strong> The API changes, your cassette keeps replaying the old response forever.</li> <li> <strong>Diffs are unreadable.</strong> Cassette files are YAML blobs that nobody wants to review in a PR.</li> <li> <strong>Re-recording is painful.</strong> You need real credentials, a real network, and hope the API behaves the same way twice.</li> <li> <strong>Parallel tests break.</strong> Cassettes aren't built for concurrent access.</li> </ul> <p>You end up with a test suite that passes in CI and quietly lies about your production behaviour for months.</p> <h2> What Actually Helps: A Real Server </h2> <p>What if your test spun up an actual HTTP server — one that could validate your requests, enforce contracts, and simulate real failure modes?</p> <p>That's what <a href="https://github.com/jibranusman95/http_decoy" rel="noopener noreferrer">http_decoy</a> does.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">HttpDecoy</span><span class="p">.</span><span class="nf">define</span><span class="p">(</span><span class="ss">:payments</span><span class="p">)</span> <span class="k">do</span> <span class="n">base_url</span> <span class="s2">"https://payments.example.com"</span> <span class="n">post</span> <span class="s2">"/charge"</span> <span class="k">do</span> <span class="n">requires_body</span> <span class="ss">:amount</span><span class="p">,</span> <span class="ss">:currency</span> <span class="n">respond</span> <span class="ss">status: </span><span class="mi">201</span><span class="p">,</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">id: </span><span class="s2">"ch_123"</span><span class="p">,</span> <span class="ss">status: </span><span class="s2">"success"</span> <span class="p">}</span> <span class="k">end</span> <span class="n">post</span> <span class="s2">"/charge"</span><span class="p">,</span> <span class="ss">scenario: :decline</span> <span class="k">do</span> <span class="n">respond</span> <span class="ss">status: </span><span class="mi">402</span><span class="p">,</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">error: </span><span class="s2">"card_declined"</span> <span class="p">}</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>This is a real WEBrick server running on a random port inside your test process. Your code makes actual HTTP calls to it. WebMock integration is automatic — no config needed.</p> <h2> In Your RSpec Tests </h2> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">RSpec</span><span class="p">.</span><span class="nf">describe</span> <span class="no">PaymentsService</span> <span class="k">do</span> <span class="kp">include</span> <span class="no">HttpDecoy</span><span class="p">.</span><span class="nf">define</span><span class="p">(</span><span class="ss">:payments</span><span class="p">).</span><span class="nf">rspec_helpers</span> <span class="n">fake_server</span> <span class="ss">:payments</span> <span class="n">it</span> <span class="s2">"charges the card"</span> <span class="k">do</span> <span class="n">result</span> <span class="o">=</span> <span class="no">PaymentsService</span><span class="p">.</span><span class="nf">charge</span><span class="p">(</span><span class="ss">amount: </span><span class="mi">100</span><span class="p">,</span> <span class="ss">currency: </span><span class="s2">"usd"</span><span class="p">)</span> <span class="n">expect</span><span class="p">(</span><span class="n">result</span><span class="p">).</span><span class="nf">to</span> <span class="n">be_success</span> <span class="k">end</span> <span class="n">it</span> <span class="s2">"handles declines gracefully"</span> <span class="k">do</span> <span class="n">with_scenario</span><span class="p">(</span><span class="ss">:decline</span><span class="p">)</span> <span class="k">do</span> <span class="n">result</span> <span class="o">=</span> <span class="no">PaymentsService</span><span class="p">.</span><span class="nf">charge</span><span class="p">(</span><span class="ss">amount: </span><span class="mi">100</span><span class="p">,</span> <span class="ss">currency: </span><span class="s2">"usd"</span><span class="p">)</span> <span class="n">expect</span><span class="p">(</span><span class="n">result</span><span class="p">).</span><span class="nf">to</span> <span class="n">be_declined</span> <span class="k">end</span> <span class="k">end</span> <span class="n">it</span> <span class="s2">"validates the request body"</span> <span class="k">do</span> <span class="n">expect</span> <span class="p">{</span> <span class="no">PaymentsService</span><span class="p">.</span><span class="nf">charge</span><span class="p">(</span><span class="ss">amount: </span><span class="kp">nil</span><span class="p">)</span> <span class="p">}</span> <span class="p">.</span><span class="nf">to</span> <span class="n">raise_error</span><span class="p">(</span><span class="no">PaymentsService</span><span class="o">::</span><span class="no">InvalidRequest</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> </code></pre> </div> <p>Notice what changed: the server validates that <code>amount</code> and <code>currency</code> are present. If your code doesn't send them, the request fails — exactly like the real API would.</p> <h2> What This Catches That WebMock Doesn't </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Scenario</th> <th>WebMock</th> <th>http_decoy</th> </tr> </thead> <tbody> <tr> <td>Missing required field</td> <td>Passes silently</td> <td>Fails the request</td> </tr> <tr> <td>Wrong content type</td> <td>Passes silently</td> <td>Configurable validation</td> </tr> <tr> <td>Stale response format</td> <td>Invisible</td> <td>Update the fake, tests break</td> </tr> <tr> <td>Network timeout simulation</td> <td>Awkward</td> <td><code>raise_error Net::ReadTimeout</code></td> </tr> <tr> <td>Scenario switching</td> <td>Multiple stubs</td> <td><code>with_scenario(:decline)</code></td> </tr> <tr> <td>Request log inspection</td> <td>Not built in</td> <td> <code>have_received_request</code> matcher</td> </tr> </tbody> </table></div> <h2> Scenario Switching </h2> <p>Testing sad paths with WebMock means redefining stubs inside individual tests — messy and hard to reuse. With http_decoy, scenarios are first-class:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="no">HttpDecoy</span><span class="p">.</span><span class="nf">define</span><span class="p">(</span><span class="ss">:payments</span><span class="p">)</span> <span class="k">do</span> <span class="n">base_url</span> <span class="s2">"https://payments.example.com"</span> <span class="n">post</span> <span class="s2">"/charge"</span> <span class="k">do</span> <span class="n">respond</span> <span class="ss">status: </span><span class="mi">201</span><span class="p">,</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">id: </span><span class="s2">"ch_123"</span> <span class="p">}</span> <span class="k">end</span> <span class="n">post</span> <span class="s2">"/charge"</span><span class="p">,</span> <span class="ss">scenario: :rate_limited</span> <span class="k">do</span> <span class="n">respond</span> <span class="ss">status: </span><span class="mi">429</span><span class="p">,</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">error: </span><span class="s2">"rate_limit_exceeded"</span> <span class="p">}</span> <span class="k">end</span> <span class="n">post</span> <span class="s2">"/charge"</span><span class="p">,</span> <span class="ss">scenario: :server_error</span> <span class="k">do</span> <span class="n">respond</span> <span class="ss">status: </span><span class="mi">500</span><span class="p">,</span> <span class="ss">json: </span><span class="p">{</span> <span class="ss">error: </span><span class="s2">"internal_server_error"</span> <span class="p">}</span> <span class="k">end</span> <span class="k">end</span> <span class="c1"># In tests:</span> <span class="n">with_scenario</span><span class="p">(</span><span class="ss">:rate_limited</span><span class="p">)</span> <span class="p">{</span> <span class="no">PaymentsService</span><span class="p">.</span><span class="nf">charge</span><span class="p">(</span><span class="o">...</span><span class="p">)</span> <span class="p">}</span> <span class="n">with_scenario</span><span class="p">(</span><span class="ss">:server_error</span><span class="p">)</span> <span class="p">{</span> <span class="no">PaymentsService</span><span class="p">.</span><span class="nf">charge</span><span class="p">(</span><span class="o">...</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <h2> Inspecting Requests </h2> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="n">it</span> <span class="s2">"sends the correct currency"</span> <span class="k">do</span> <span class="no">PaymentsService</span><span class="p">.</span><span class="nf">charge</span><span class="p">(</span><span class="ss">amount: </span><span class="mi">100</span><span class="p">,</span> <span class="ss">currency: </span><span class="s2">"usd"</span><span class="p">)</span> <span class="n">expect</span><span class="p">(</span><span class="n">payments_server</span><span class="p">).</span><span class="nf">to</span> <span class="n">have_received_request</span><span class="p">(</span><span class="ss">:post</span><span class="p">,</span> <span class="s2">"/charge"</span><span class="p">)</span> <span class="p">.</span><span class="nf">with_body</span><span class="p">(</span><span class="n">including</span><span class="p">(</span><span class="s2">"currency"</span> <span class="o">=&gt;</span> <span class="s2">"usd"</span><span class="p">))</span> <span class="k">end</span> </code></pre> </div> <p>This isn't checking that your code built the right hash. It's checking what actually went over the wire.</p> <h2> Getting Started </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>gem <span class="nb">install </span>http_decoy </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight ruby"><code><span class="c1"># Gemfile</span> <span class="n">gem</span> <span class="s2">"http_decoy"</span><span class="p">,</span> <span class="ss">group: :test</span> </code></pre> </div> <p>Works with WebMock out of the box. No additional config for existing test suites.</p> <p>Full docs and examples: <a href="https://github.com/jibranusman95/http_decoy" rel="noopener noreferrer">https://github.com/jibranusman95/http_decoy</a></p> <h2> The Bottom Line </h2> <p>WebMock is the right tool for unit tests where you want fast, isolated behaviour. But for integration tests that touch real service boundaries, you want a server that enforces contracts — not a stub that returns whatever you asked it to.</p> <p>Your cassettes are lying to you. Ship a fake that tells the truth.</p> <p><em>Built this? Feedback welcome in the comments or open an issue on GitHub.</em></p> ruby testing rails cicd