Forem: Mock Bolt

Stop using ngrok just to inspect webhooks — 5-second alternative

Mock Bolt — Sat, 25 Apr 2026 07:02:28 +0000

Every time I integrate a third-party webhook I do the same annoying dance:

Start a local server
Open a terminal, run ngrok http 3000
Copy the URL
Paste it into the webhook dashboard
Trigger a test event
Stare at the ngrok terminal output

That's 5 minutes of setup before I've written a single line of handler code.
And the URL changes every restart.

The read-only trap

The next tool most developers reach for is webhook.site.
It's much faster — you get a URL instantly, no install.

But it has one big limitation: it's read-only.

Your webhook source gets a fixed 200 OK with no body. That means you can't test:

How your code handles a 422 response (retry logic)
Whether your handler correctly parses a 201 with a payload
What actually gets returned to the calling service

For pure inspection ("what does Stripe actually send?") it's fine.
For anything more, you're stuck.

What I use instead

MockBolt is an instant mock API — paste JSON,
get a live public HTTPS endpoint in seconds. Every request is logged in real time.

For webhook testing it means you get both sides:

See the full incoming request (body, headers, IP, timing)
Control exactly what goes back to the webhook source

No install. No account. No CLI. No local server.

Testing a Stripe webhook in 60 seconds

Step 1 — Create the endpoint

Go to mockbolt.com, paste the response Stripe expects back:

{
  "received": true
}

Set status code to 200. Click Generate Mock.
You get a URL like https://mockbolt.com/b/7f3d2c1a-...

Step 2 — Add it in Stripe

Dashboard → Developers → Webhooks → Add endpoint → paste your MockBolt URL.

Step 3 — Send a test event

Click "Send test webhook" → pick payment_intent.succeeded.

Open the MockBolt manage tab. The full Stripe payload appears in the
real-time inspector instantly — headers, body, everything Stripe sends.

No terminal. No restart. No port forwarding.

Testing a GitHub webhook

Same flow:

{ "status": "ok" }

Status 200. Generate Mock. Copy URL.

Repo → Settings → Webhooks → Add webhook → paste URL.
Select application/json. Choose events (push, pull_request, etc.)

GitHub fires a ping immediately when you save. You'll see the full
ping payload arrive in MockBolt within 2 seconds.

Testing a Shopify order webhook

Shopify expects 200 with an empty body on success:

{}

Add the endpoint in your Shopify Partners app settings.
Trigger a test order from the Shopify admin.
See the exact orders/create payload — line items, customer, totals, everything.

When to use each tool

Situation	Best tool
Just need to see what payload a webhook sends	webhook.site or MockBolt
Need to control the response (status + body)	MockBolt
Need to forward to your local running server	ngrok
Testing retry logic end-to-end	MockBolt
Permanent staging webhook endpoint	MockBolt ($2 one-time, never expires)
Debugging a webhook that fires infrequently	MockBolt (auto-extends if active)

One more thing: request replay

MockBolt logs every request. There's a replay button (↩) on each row —
re-sends the exact request to your endpoint with one click.

Useful when you want to test a handler change without triggering
a new real event from Stripe/GitHub/Shopify.

Try it

→ mockbolt.com/webhook-testing

Create a free endpoint in 5 seconds. No account, no install.

What webhook services are you integrating? Drop a comment and I'll show
the exact payload setup for each one.

Stop setting up json-server for every prototype. There's a faster way.

Mock Bolt — Mon, 20 Apr 2026 17:37:13 +0000

You're building a frontend. The backend isn't ready. You need one endpoint that returns a list of users.

So you do what you always do:

npm install -g json-server
mkdir mock-server && cd mock-server
touch db.json

Then you write the JSON, configure the routes, figure out why CORS is blocking your React app, fix it, run the server — and 15 minutes later you finally have a GET /users endpoint returning fake data.

For something you'll throw away tomorrow.

I've done this probably 200 times. Every single time I think: there has to be a faster way.

What I actually tried first

Postman mock servers — require an account, a workspace, a collection. Too much setup for a throwaway endpoint.

Beeceptor — requires signup. Gets in the way.

Mockoon — great tool, but runs locally. Useless when you want to share the endpoint with a teammate or test from a mobile device.

RequestBin — receives requests, doesn't respond with data.

A quick Express server — still requires Node, a file, and remembering to kill the process later.

None of these solve the actual problem: I want to paste JSON and get a URL. Right now. From any machine. Without installing anything.

What I built

I spent a weekend building MockBolt — paste JSON, get a live API endpoint instantly.

No account. No install. No CLI. No local server.

Here's the full flow:

Go to mockbolt.com
Paste your JSON response
Pick which HTTP methods it should accept
Optionally set a custom status code, response delay, or custom headers
Click Generate

You get a URL like https://mockbolt.com/b/abc123. That's your live API. Takes about 10 seconds.

Using it from a React app

useEffect(() => {
  fetch('https://mockbolt.com/b/abc123')
    .then(res => res.json())
    .then(data => setUsers(data.users));
}, []);

No proxy config. No CORS headers to set. Access-Control-Allow-Origin: * is open by default.

Things I use it for constantly

Testing error handling

Set the status code to 500 or 503, point your app at it, verify your error boundary actually works.

fetch('https://mockbolt.com/b/your-endpoint')
  .then(res => {
    if (!res.ok) throw new Error(`Server error: ${res.status}`);
    return res.json();
  })
  .catch(err => console.error('Caught:', err));

Frontend before backend is ready

Share the mock URL with your team. Everyone points at the same endpoint. When the real API is ready — swap one URL.

Demoing to clients

Spin up a mock with realistic data, build the UI on top of it, demo without any backend running. Works from their browser, their phone, anywhere.

Workshops and tutorials

I've run internal workshops where I needed everyone to hit the same API instantly. Creating a mock took 10 seconds. No one installed anything.

Testing Postman collections

Point a collection at a mock endpoint to verify request structure and headers before the real endpoint exists.

Simulating a slow API

Set response delay to 2000ms and your mock simulates a slow server:

// Your loading skeleton should show for 2 seconds
// Your timeout logic should kick in at the right time
// This exercises real fetch lifecycle — not a fake setTimeout
fetch('https://mockbolt.com/b/your-slow-endpoint')

Way more realistic than wrapping mock data in setTimeout inside your component. It exercises actual fetch lifecycle including cancellation and AbortController behavior.

Competitor comparison

Feature	MockBolt	Beeceptor	Mockoon	json-server
No signup	✅	❌	✅	✅
No install	✅	✅	❌	❌
Live in < 10s	✅	❌	❌	❌
Open CORS	✅	✅	✅	❌
Response delay	✅	✅	✅	❌
Custom headers	✅	✅	✅	❌
Shareable URL	✅	✅	❌	❌

Tech stack

Backend: FastAPI + PostgreSQL, async SQLAlchemy
Frontend: React 18, TypeScript, Tailwind CSS, Vite
Hosting: AWS Lightsail behind Cloudflare
Payments: Lemon Squeezy (HMAC-signed webhooks)

The webhook validation was the most interesting part to build — mode-aware HMAC secrets, idempotent payment recording, atomic upgrade transactions. Worth a separate post if anyone's interested.

What MockBolt can do today

Since I originally wrote this article, MockBolt has shipped a lot.
Here's what it actually supports now:

Real-time request inspector — every hit is logged with method, IP, country, query params, request body, and response time. Updates live as requests come in.
Request replay — re-send any logged request with one click (great for testing handler changes)
Error rate simulation — randomly return errors at a configurable %, or trigger errors on a specific header value
IP allowlist — restrict which IPs can hit your endpoint
Dynamic variables — {{uuid}}, {{timestamp}}, {{randomInt}}, {{name}} replaced at serve time
Webhook testing — point any webhook source (Stripe, GitHub, Shopify) at a MockBolt URL and inspect the full payload in real time
Vault — anonymous account (no email) that saves all your mocks in one dashboard
Activity-based TTL — free mocks that get 10+ requests in 7 days auto-extend (don't expire)

For permanent endpoints: $2 one-time per mock, never expires.

Full feature breakdown: mockbolt.com/pricing

Try it: mockbolt.com
No signup. Takes 10 seconds. Let it expire or delete it when you're done.

Happy to answer questions in the comments — especially if you have use cases I haven't thought of.

I was tired of json-server — so I built a free mock API tool (no signup needed)

Mock Bolt — Sat, 11 Apr 2026 06:21:45 +0000

Every frontend project I start hits the same wall.

I have a UI to build. I know what the API responses should look like. But the backend isn't ready yet.

So I spend 15–20 minutes doing the same setup ritual:

npm install -g json-server
# create db.json
# configure routes
# run json-server --watch db.json --port 3001

And that's the fast version. If I need CORS headers, custom status codes, or simulated delay, it gets longer.

I built MockBolt to remove that setup time entirely.

What MockBolt does

Paste JSON → click Generate → get a live public API URL.

That's it. No npm install. No terminal tab. No local port.

curl https://mockbolt.com/b/7f3d2c1a-9b8e-4f5a-b6d0-3e2c1f4a8b7d
# returns your JSON immediately

The endpoint:

Supports all HTTP methods (GET, POST, PUT, PATCH, DELETE)
Returns your JSON with the right status code
Has open CORS — works from any browser origin
Accepts custom response headers
Can simulate latency up to 10 seconds

Each mock gives you two URLs:

Public URL — share this with your frontend or teammates
Management URL — keep this private; edit payload, status code, methods, and delay anytime

No account. No email. No credit card. Free for 24 hours.

A real example

Say I'm building a frontend that needs a /users endpoint but the backend isn't ready. In MockBolt:

1. Paste this JSON:

{
  "users": [
    { "id": 1, "name": "Alice", "role": "admin" },
    { "id": 2, "name": "Bob", "role": "viewer" }
  ],
  "total": 2
}

2. Select GET, click Generate Endpoint

3. Get a URL like https://mockbolt.com/b/e8bdb0ce-8ed9-44a8-adcc-b0af6a054443

4. Hit it immediately:

curl https://mockbolt.com/b/e8bdb0ce-8ed9-44a8-adcc-b0af6a054443
# {"users":[{"id":1,"name":"Alice","role":"admin"},{"id":2,"name":"Bob","role":"viewer"}],"total":2}

Done in under 30 seconds.

Testing error states and slow responses

MockBolt lets you set any status code from 100 to 599 and add a response delay.

Want to test how your app handles a 503 Service Unavailable? Set the status code, generate the endpoint, point your error-state tests at it.

Want to test loading spinners and skeleton screens? Set a 2000ms delay.

The copy-as-code panel also generates ready-to-run snippets in curl, fetch, axios, and Python requests — paste directly into your test file.

How I built it

Stack:

Backend: FastAPI (Python) + PostgreSQL
Frontend: React + TypeScript + Vite + Tailwind CSS
Deployed on AWS Lightsail behind Cloudflare

A few interesting decisions along the way:

Rate limiting behind Cloudflare — slowapi needs to read CF-Connecting-IP instead of request.client.host (which returns the Docker bridge IP behind Nginx). Took a couple of iterations to get this right.

Hit count accuracy — early on the counter was off because Cloudflare was caching GET responses. Fixed it with aggressive cache-busting headers: Cache-Control: no-cache, no-store, must-revalidate, max-age=0.

Anonymous management — instead of accounts, each mock gets a UUID secret token as the only credential. Tradeoff: if you lose the management URL you can't recover it. But it removes signup friction entirely and means zero user data to protect.

What's shipped since launch

I've shipped a lot since this article. Here's what MockBolt does now:

Request inspector (the big one)
Every request to your mock is logged — method, IP, country flag, query params,
request body, response time. Updates live via streaming as hits come in.
Free tier shows last 25 requests. Premium shows full history with CSV export.

Request replay
↩ button on every log row. Resends the exact request to your endpoint.
Useful when you tweak a handler and want to re-test without triggering a new real event.

Webhook testing
MockBolt turns out to be a great webhook testing tool too — point Stripe, GitHub,
or Shopify at your URL, trigger an event, see the full payload instantly.
Unlike webhook.site, you also control what goes back to the caller.

Error simulation

Random error rate: "return 500 on 20% of requests"
Header-triggered: "if X-Test: true header → return 422"

IP allowlist
Restrict which IPs can reach your endpoint.

Dynamic variables
{{uuid}}, {{timestamp}}, {{randomInt}}, {{name}} replaced at serve time.

Vault (anonymous accounts)
Create a vault with one click — no email, no password, just a key saved in your browser.
All mocks link to it automatically. Dashboard shows hit counts, expiry, payment history.

Activity-based TTL
Free mocks that get 10+ requests in 7 days auto-extend — they don't expire while active.

→ mockbolt.com — still free, still no signup

Try it

👉 mockbolt.com

Free, requires zero setup, works from any browser or terminal.

Would love your feedback — especially on:

Is the public URL + secret management URL flow clear on first use?
What would make this a daily tool for you vs. a one-off utility?

Solo project, built over a few weekends. Happy to answer questions about the stack or any of the design decisions.