Auto-Generate a Webhook Handler From a Real Payload
Most "webhook handler example" snippets you find online are generic: they assume a payload shape, skip signature verification, or get the raw-body handling wrong. So you copy one, then spend an hour adapting it to the actual event your provider sends.
Anonymily flips that around. It reads a real payload you actually captured and generates a complete, runnable handler grounded in that exact event — in Express, Next.js, or NestJS — with correct raw-body signature verification already wired in. No guessing at field names, no boilerplate from memory.
The pain: boilerplate that doesn't match reality
Writing a handler from scratch means:
- Reading the provider docs to learn the event's field structure (and hoping they're current).
- Getting raw-body signature verification right for your framework (the #1 webhook bug — see HMAC verification).
- Writing the
switchon event type, the parsing, the2xxresponse, the error handling. - Discovering, after all that, that the real payload has a field nested differently than the docs implied.
The fastest way to write a correct handler is to start from a real event, not a documented ideal.
The Anonymily way: generate from a captured request
Step 1 — Capture a real event
npx @anonymilyhq/cli listen 3000
Trigger a real event, or synthesize a signed one so you don't touch production:
npx @anonymilyhq/cli trigger stripe payment_intent.succeeded --hook <hookId> --token <PAT>
Now that exact request — body, headers, detected provider, signature result — is in the hook's history.
Step 2 — Generate the handler
In your editor (MCP): just ask Claude or Cursor —
"Generate a Next.js handler for the last request on hook
ab12cd34."
That calls the generate_handler tool. Or via the API, choosing the framework:
curl -X POST \
https://api.anonymily.com/v1/hooks/<hookId>/requests/<requestId>/handler \
-H "Authorization: Bearer $ANONYMILY_TOKEN" \
-H "Content-Type: application/json" \
-d '{"framework":"nextjs"}'
Supported framework values: express (default), nextjs, nestjs.
Step 3 — Get a complete, runnable file
The response is the actual source, a suggested filename, and a one-line description:
{
"framework": "nextjs",
"filename": "route.ts",
"description": "Next.js App Router route that verifies the Stripe signature and handles payment_intent.succeeded.",
"code": "import { NextRequest, NextResponse } from 'next/server';\nimport Stripe from 'stripe';\n..."
}
Because it's grounded in your real payload, the generated handler references the actual fields that arrived (data.object.amount, the real event type), reads the raw body before parsing for signature verification, and returns a fast 2xx. It's a correct starting point, not a generic stub.
What "grounded in the real payload" gets you
| Generic snippet from docs | Anonymily-generated handler |
|---|---|
| Assumes a payload shape | Built from the actual captured payload |
| Often skips signature verification | Raw-body HMAC verification wired in |
| Generic framework code | Targeted to Express / Next.js / NestJS, with the right raw-body idiom for each |
| You map fields by hand | References the real fields the event contains |
The framework-specific detail matters: for Next.js it uses the App Router route with raw-body access; for NestJS it uses the @RawBody() decorator / raw parsing; for Express it uses express.raw(...). Each is the correct way to preserve the bytes signature verification depends on.
From failure → fix in one flow
Pair this with AI diagnosis: when a webhook fails, diagnose it to learn the root cause, then generate a corrected handler from the same captured request. Capture → diagnose → generate → replay to confirm:
# confirm the generated handler works against the exact same event
npx @anonymilyhq/cli replay <hookId> <requestId>
Always review generated code
Treat the output as an excellent first draft: verify the business logic, wire it to your real datastore, make it idempotent on the event ID, and move heavy work to a background job. The point is to skip the boilerplate and the field-mapping, not to skip the review.
Next steps
- AI webhook debugging — diagnose the failure before you regenerate.
- How to verify webhook signatures (HMAC) — what the generated raw-body code is protecting you from.
- How to test webhooks locally — capture the payload you'll generate from.
TL;DR
Don't hand-write webhook boilerplate from docs that may not match the real event. Capture a real payload, then have Anonymily generate a complete Express/Next.js/NestJS handler grounded in it — with correct raw-body signature verification — from your editor or one API call:
npx @anonymilyhq/cli listen 3000