Introducing WebhookRelay: Modern .NET Open Source Webhook Management

Introducing WebhookRelay: A Modern .NET Open Source Webhook Management Platform

WebhookRelay is an open-source, self-hosted management platform built specifically for the (beta) .NET ecosystem. It leverages ASP.NET Core 8 and System.Threading.Channels to handle high-performance, in-process queueing for webhook ingestion and delivery.

Why This Matters

Managing webhooks at scale requires handling diverse HMAC algorithms from providers like Stripe and GitHub, which often leads to complex custom code or expensive vendor lock-in. WebhookRelay addresses this by providing a unified infrastructure with built-in signature verification and exponential backoff retries. This approach bridges the gap between unreliable network delivery and the consistency required by mission-critical enterprise integrations.

Key Insights

• Multi-provider ingestion supports Stripe, GitHub, and Twilio with native signature verification out of the box (2026).
• High-performance queuing uses System.Threading.Channels for efficient, in-process event handling without external dependencies.
• Security is prioritized via constant-time HMAC comparisons to mitigate timing attacks during provider validation.
• Real-time observability is achieved through ASP.NET Core SignalR and a React 19 dashboard for live syntax-highlighted event monitoring.
• Infrastructure flexibility allows switching between SQLite, SQL Server, and PostgreSQL via simple configuration changes.

Working Examples

Configuration for SQLite database provider.

{
  "DatabaseProvider": "Sqlite",
  "ConnectionStrings": {
    "DefaultConnection": "Data Source=webhookrelay.db"
  }
}

Command to send a signed webhook to the relay.

SECRET="your-signing-secret"
PAYLOAD='{"event":"payment.completed","amount":100}'
SIG=$(echo -n "$PAYLOAD" | openssl dgst -sha256 -hmac "$SECRET" | awk '{print $2}')
curl -X POST https://localhost:5001/webhooks/<endpoint-id> \
-H "Content-Type: application/json" \
-H "x-webhook-signature: sha256=$SIG" \
-H "x-webhook-event: payment.completed" \
-H "x-webhook-id: evt-$(date +%s)" \
-d "$PAYLOAD"

Example of Stripe webhook handler with routing rules.

{
  "endpoint": "stripe-payments",
  "targets": [
    {
      "url": "https://api.myapp.com/payments",
      "rules": [{ "path": "$.type", "operator": "equals", "value": "payment_intent.succeeded" }]
    },
    {
      "url": "https://analytics.myapp.com/events",
      "rules": [{ "path": "$.type", "operator": "contains", "value": "payment" }]
    }
  ]
}

Practical Applications

• E-commerce Integration: Routing Stripe webhooks to specific targets based on payment status; Pitfall: Failing to verify HMAC signatures leading to spoofing vulnerabilities.
• CI/CD Automation: Fanning out GitHub webhooks to multiple notification and build systems; Pitfall: Lack of idempotent processing causing duplicate build triggers.
• Multi-System Coordination: Synchronizing CRM data across Salesforce and HubSpot simultaneously; Pitfall: Insufficient retry mechanisms during network outages causing data loss.

References:

• https://dev.to/vikrant_bagal_afae3e25ca7/introducing-webhookrelay-a-modern-net-open-source-webhook-management-platform-457e
• https://github.com/vrbagal/webhook-relay.git