DEV Community

Cover image for webhookstorage is live
Ben Sammons
Ben Sammons

Posted on • Originally published at webhookstorage.com

webhookstorage is live

#webhooks #aws #api #automation

webhookstorage is a small, focused service: it receives webhook payloads that are too large for your automation platform, stores them in S3, and gives your workflow a signed link to fetch the full body on demand. It is live, it is accepting traffic, and the free tier does not require a credit card.

What it does

webhookstorage sits between the system sending your webhooks and the platform consuming them. When a webhook arrives, we store the full payload in S3 and send your automation tool a lightweight notification with a signed download link. Your workflow fetches the payload when it actually needs it — no size limits, no silent drops.

That is the entire product. Receive, store, retrieve. One static IP you can allowlist. Per-endpoint secrets for authentication. Signed S3 links that expire in 15 minutes. An event trail so you can re-fetch anything that failed downstream.

Why this exists

I kept running into the same problem. Zapier, Make, and n8n all have request-body size limits — usually somewhere between 5 and 16 MB. When a Shopify order payload, a product catalog export, or an image-heavy webhook exceeds that limit, the automation platform silently drops it or returns a vague error. The webhook sender thinks it succeeded. The consumer never got the data. Nobody finds out until something downstream breaks.

The workarounds are all ugly: strip fields from the payload, split it into multiple requests, poll an API later for the full body. Each one adds complexity and fragility. The clean fix is to separate transport from processing — accept the full payload once, store it durably, and hand the consumer a small reference it can fetch on demand.

That is what webhookstorage does. I built it because I needed it, and because the alternatives were either expensive enterprise middleware or duct-tape scripts that break on the next schema change.

What it costs

There are two tiers for self-serve and a business option if you need more.

Free: 5 webhooks per month, 1-day payload retention, no credit card required, yours forever. Same endpoints, same signed links, same static IP as paying customers. Enough to prove the integration works end-to-end before you commit anything.

Activated: $25 one-time activation, which includes $25 in credits. After the credits are consumed, it is $0.03 per webhook and $0.10 per GB-month of storage. 7-day payload retention. No subscriptions, no seat licenses, no overage surprises.

Business: Custom limits, retention policies, and support. If your team needs something the self-serve plans do not cover, book a call and we will figure it out together.

How it works, technically

The ingest endpoint runs on AWS behind a Network Load Balancer with a fixed Elastic IP. Payloads are written to S3 with KMS encryption and per-tenant key isolation. Event metadata — timestamp, size, content type, sender IP — goes into DynamoDB. The outbound notification to your automation platform is a small JSON object: event ID, endpoint ID, payload size, and a presigned S3 download URL.

Your automation tool receives that notification, makes an HTTP GET to the signed URL, and gets the full payload. No API key needed for the download itself — the signature in the URL handles authorization. The link expires in 15 minutes, but the payload stays in storage for your retention period. You can retrieve it again through the API or dashboard at any time before it expires.

Authentication is per-endpoint. Each endpoint gets its own endpoint secret and outbound URL. You can run one endpoint or a hundred — they are isolated from each other. If you need to rotate a secret, the old one keeps working until you explicitly revoke it.

What is already shipped

This is not a landing page for a waitlist. The product is live and accepting traffic. Here is what you can use today: endpoint management with per-endpoint secrets and outbound URLs, webhook ingest up to 250 MB per payload, S3 storage with signed retrieval links, a full event trail, API key management, integration guides for Shopify, Zapier, Make, and n8n, and a usage dashboard with daily charts.

The codebase is TypeScript end to end. The frontend is Preact with zero runtime dependencies — no npm packages in the browser bundle. The backend is SST v3 on AWS with Hono, Lambda, DynamoDB, and S3. Auth is WorkOS AuthKit. Billing is Stripe metered.

Who this is for

If you are an automation builder whose Zapier or Make scenarios break on large payloads, this solves it. If you are an ops team that needs a fixed IP for webhook traffic and per-endpoint auth, this provides both. If you run an agency with multiple clients and need isolated webhook routing, each client gets their own endpoint.

If you are a developer who just wants to capture and inspect webhook payloads during development, the free tier does that without any payment setup.

What is next

The core product is stable and I am using it in production. Near-term priorities are additional platform guides, webhook signature verification for more source providers, and retention policy controls per endpoint. Longer-term, I am looking at event replay, payload transformation rules, and a CLI for local development.

If you have a use case that does not fit the current product, I want to hear about it.

Get started

  • Free: 5 webhooks/month, 1-day retention, no credit card. Sign up and start sending test payloads.
  • Activated: $25 one-time activation (includes $25 in credits). $0.03/webhook + $0.10/GB-month after credits. 7-day retention.
  • Business: Custom limits, retention, and support. Book a call.

Check out the integration guides and API docs.

Top comments (0)