Register an endpoint that receives signed event deliveries as email moves through the pipeline. The HMAC signing secret is returned once, on this call only.
POST /v1/webhooks
Body
HTTPS endpoint that receives the event POSTs. Each delivery is signed with the secret returned below.
Events to subscribe to. One or more of accepted, queued, sending, sent, delivery, bounce, complaint, open, click, delivery_delayed, rejected, rendering_failure, failed, inbound_received, inbound_rejected.
The secret is shown once. signingSecret is returned only on this response and is redacted on every later read. Store it now. If you lose it, delete the endpoint and create a new one.
Request
curl https://api.drin.run/v1/webhooks \
-H "Authorization: Bearer $DRIN_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"url": "https://example.com/hooks/drin",
"eventTypes": ["delivery", "bounce", "complaint"]
}'
Response
Returns 201 Created with the endpoint. New endpoints start enabled.
{
"id": "wh_3kQ9p2",
"url": "https://example.com/hooks/drin",
"enabled": true,
"eventTypes": ["delivery", "bounce", "complaint"],
"signingSecret": "whsec_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0"
}
Verify deliveries. The SDK ships a constant-time verifier: drin.webhooks.verify(rawBody, header, signingSecret) checks the Drin-Signature header and returns the parsed payload. See Webhooks. 