Hey PH 👋 maker here.

Let me share why Tern exists.

The breaking point

While building Hookflo, I integrated Stripe, Clerk, WorkOS, Sentry, GitHub.

Every one had its own:

signature algorithm
headers
verification quirks

Each integration meant writing a new verification layer from scratch.

And the worst bugs here are the silent ones.

One wrong header name → HMAC verification passes garbage data
One pre-parsed JSON body → crypto verification breaks

I lost hours debugging this the first time. You probably have too.

At some point I thought:

Why am I solving this problem over and over again?

So I abstracted it once properly for everyone.

What Tern solves

Raw body parsing hell
Most frameworks parse JSON before your handler runs.
That breaks HMAC verification.
Tern handles raw body access correctly across:
Next.js • Express • Cloudflare Workers • Hono
Boilerplate per provider
Stripe verification code
Clerk verification code
GitHub verification code
Different algorithms. Different headers.
Tern collapses all of this into a few lines of code.
“Verified but lost”
Signature is valid. Your handler throws.
Provider retries.
Now you either:
process the event twice or lose it entirely
Tern adds a reliability layer to prevent that.
Localhost testing pain
Testing webhooks locally usually means:

ngrok
Cloudflare Tunnel
provider-specific CLIs

Just to receive a POST request.

Tern reduces a lot of that friction.

Reliability layer

After solving verification, the next request developers had was reliability.

So I added an optional reliability layer powered by Upstash QStash.

• automatic retries
• deduplication
• dead-letter queue
• programmatic replay
• Slack & Discord alerts

Enable it with one line.

BYOK model — use your own Upstash account.

Tern stays free and open source.

What’s inside

✅ 15+ platforms
Stripe, Clerk, GitHub, Shopify, Polar, Razorpay, Replicate, Fal AI, WorkOS, LemonSqueezy, Paddle, Doppler, Sentry, Grafana, GitLab, Vercel + custom HMAC

✅ Zero dependencies
Pure TypeScript using the Web Crypto API

✅ Timing-safe verification by default

✅ Switch providers at runtime

✅ Guaranteed delivery
Retries • exponential backoff • DLQ • deduplication

✅ Slack & Discord alerting

✅ MIT licensed
Self-hostable. Tern stores zero keys.

Goal: absorb every webhook pain so developers don’t have to.

⭐ If you like it, a GitHub star means a lot.

Feedback, platform requests, webhook war stories — drop them below.

Hey PH 👋 maker here.

Let me share why Tern exists.

The breaking point

While building Hookflo, I integrated Stripe, Clerk, WorkOS, Sentry, GitHub.

Every one had its own:

signature algorithm
headers
verification quirks

Each integration meant writing a new verification layer from scratch.

And the worst bugs here are the silent ones.

One wrong header name → HMAC verification passes garbage data
One pre-parsed JSON body → crypto verification breaks

I lost hours debugging this the first time. You probably have too.

At some point I thought:

Why am I solving this problem over and over again?

So I abstracted it once properly for everyone.

What Tern solves

Raw body parsing hell
Most frameworks parse JSON before your handler runs.
That breaks HMAC verification.
Tern handles raw body access correctly across:
Next.js • Express • Cloudflare Workers • Hono
Boilerplate per provider
Stripe verification code
Clerk verification code
GitHub verification code
Different algorithms. Different headers.
Tern collapses all of this into a few lines of code.
“Verified but lost”
Signature is valid. Your handler throws.
Provider retries.
Now you either:
process the event twice or lose it entirely
Tern adds a reliability layer to prevent that.
Localhost testing pain
Testing webhooks locally usually means:

ngrok
Cloudflare Tunnel
provider-specific CLIs

Just to receive a POST request.

Tern reduces a lot of that friction.

Reliability layer

After solving verification, the next request developers had was reliability.

So I added an optional reliability layer powered by Upstash QStash.

• automatic retries
• deduplication
• dead-letter queue
• programmatic replay
• Slack & Discord alerts

Enable it with one line.

BYOK model — use your own Upstash account.

Tern stays free and open source.

What’s inside

✅ 15+ platforms
Stripe, Clerk, GitHub, Shopify, Polar, Razorpay, Replicate, Fal AI, WorkOS, LemonSqueezy, Paddle, Doppler, Sentry, Grafana, GitLab, Vercel + custom HMAC

✅ Zero dependencies
Pure TypeScript using the Web Crypto API

✅ Timing-safe verification by default

✅ Switch providers at runtime

✅ Guaranteed delivery
Retries • exponential backoff • DLQ • deduplication

✅ Slack & Discord alerting

✅ MIT licensed
Self-hostable. Tern stores zero keys.

Goal: absorb every webhook pain so developers don’t have to.

⭐ If you like it, a GitHub star means a lot.

Feedback, platform requests, webhook war stories — drop them below.

Tern

Reliable inbound webhooks across 15+ platforms.

Reliable inbound webhooks across 15+ platforms.

The breaking point

What Tern solves

Reliability layer

What’s inside

Forum Threads

How are you currently handling incoming webhooks across multiple providers?

Forum Threads

How are you currently handling incoming webhooks across multiple providers?

The breaking point

What Tern solves

Reliability layer

What’s inside