Overview
Webhooks allow you to receive HTTP POST requests to your server when events occur in useSend, such as when an email is delivered, bounced, or clicked. This enables you to build real-time integrations and automate workflows.Setting up webhooks
1
Create a webhook endpoint
Create an endpoint on your server that can receive POST requests. The endpoint must:
- Accept POST requests with JSON body
- Return a 2xx status code to acknowledge receipt
- Respond within 10 seconds
2
Add webhook in dashboard
Go to Webhooks in your useSend dashboard and create a new webhook:
- Enter your endpoint URL
- Select which events you want to receive
- Copy the signing secret for verification
3
Verify webhook signatures
Always verify webhook signatures to ensure requests are from useSend. See the Signature Verification section below.
Event types
Email events
Contact events
Domain events
Webhook payload
Each webhook request includes a JSON payload with the following structure. See Event data details for details on thedata field for each event type.
Payload fields
Request headers
Each webhook request includes the following headers:Signature verification
Always verify webhook signatures to ensure requests are authentic. The signature is computed as:Using the SDK (Recommended)
Next.js App Router
Express
Verification only
If you only need to verify the signature without parsing:Manual verification
If you prefer to verify manually without the SDK:Retry behavior
If your endpoint doesn’t return a 2xx response, useSend will retry delivery with exponential backoff:
After 6 failed attempts, the webhook call is marked as failed.
Best practices
Respond quickly
Respond quickly
Return a 2xx response as soon as possible. Process webhook data
asynchronously if needed. Requests timeout after 10 seconds.
Handle duplicates
Handle duplicates
Use the
id field in the payload to deduplicate events. In rare cases, the
same event may be delivered more than once.Verify signatures
Verify signatures
Always verify the
X-UseSend-Signature header to ensure requests are from
useSend and haven’t been tampered with.Check timestamps
Check timestamps
The SDK rejects signatures older than 5 minutes by default. This prevents
replay attacks.
Use HTTPS
Use HTTPS
Always use HTTPS endpoints in production to encrypt webhook data in transit.
Testing webhooks
You can send a test webhook from the dashboard to verify your endpoint is working correctly:- Go to Webhooks
- Click on your webhook
- Click “Send Test” to send a test event
webhook.test with the following payload:
Troubleshooting
Webhook not receiving events
Webhook not receiving events
- Verify your endpoint URL is correct and publicly accessible - Check that your endpoint returns a 2xx status code - Ensure the webhook is set to ACTIVE status in the dashboard - Check if the webhook was auto-disabled due to consecutive failures
Signature verification failing
Signature verification failing
- Use the raw request body, not parsed JSON - Ensure you’re using the
correct webhook secret - Check that the timestamp hasn’t expired (5 minute
window) - Verify you’re computing the HMAC correctly:
HMAC-SHA256(secret, "${timestamp}.${rawBody}")
Webhook auto-disabled
Webhook auto-disabled
After 30 consecutive failed calls, webhooks are automatically disabled. Fix
the issue with your endpoint, then re-enable the webhook from the dashboard.
The failure counter resets on the next successful delivery.
Event data details
This section documents thedata field structure for each event type.
Email events
Most email events share a common base structure:email.bounced
Includes additional bounce details:email.failed
Includes failure reason:email.suppressed
Includes suppression details:email.opened
Includes open tracking details:email.clicked
Includes click tracking details:Contact events
All contact events (contact.created, contact.updated, contact.deleted) include:
Domain events
All domain events (domain.created, domain.verified, domain.updated, domain.deleted) include: