Available Events
| Event | Description |
|---|
email.sent | Email was sent to the recipient |
email.delivered | Email was delivered to inbox |
email.opened | Recipient opened the email |
email.clicked | Recipient clicked a link |
email.bounced | Email bounced (hard or soft) |
email.complained | Recipient marked as spam |
email.failed | Email failed to send |
Create a Webhook
POST/v1/webhooks
Request Body
Events to subscribe to (min: 1)
curl -X POST https://www.unosend.co/api/v1/webhooks \
-H "Authorization: Bearer un_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"url": "https://yourdomain.com/webhooks/unosend",
"events": ["email.delivered", "email.opened", "email.clicked", "email.bounced"]
}'
Response
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"url": "https://yourdomain.com/webhooks/unosend",
"events": ["email.delivered", "email.opened", "email.clicked", "email.bounced"],
"secret": "whsec_xxxxxxxxxxxxxxxxxxxx",
"enabled": true,
"created_at": "2024-01-15T10:30:00.000Z"
}
Important: The signing secret is only returned once during creation. Store it securely to verify webhook signatures.
List Webhooks
GET/v1/webhooks
curl https://www.unosend.co/api/v1/webhooks \
-H "Authorization: Bearer un_your_api_key"
Response
{
"data": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"url": "https://yourdomain.com/webhooks/unosend",
"events": ["email.delivered", "email.opened", "email.clicked", "email.bounced"],
"enabled": true,
"created_at": "2024-01-15T10:30:00.000Z"
}
]
}
Webhook Payload
Webhooks are sent as HTTP POST requests with a JSON payload:
{
"id": "evt_xxxxxxxxxxxxxxxx",
"type": "email.delivered",
"created_at": "2024-01-15T10:30:00.000Z",
"data": {
"email_id": "550e8400-e29b-41d4-a716-446655440000",
"from": "[email protected]",
"to": "[email protected]",
"subject": "Welcome to Unosend",
"timestamp": "2024-01-15T10:30:00.000Z"
}
}
Verify Webhook Signature
Verify the webhook signature to ensure it came from Unosend. The signature is in the X-Unosend-Signature header.
import crypto from 'crypto';
function verifyWebhook(payload, signature, secret) {
const expectedSignature = crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expectedSignature)
);
}
// In your webhook handler
app.post('/webhooks/unosend', (req, res) => {
const signature = req.headers['x-unosend-signature'];
const isValid = verifyWebhook(
JSON.stringify(req.body),
signature,
process.env.WEBHOOK_SECRET
);
if (!isValid) {
return res.status(401).send('Invalid signature');
}
// Process the webhook
const { type, data } = req.body;
console.log('Received:', type, data);
res.status(200).send('OK');
});
Delete Webhook
DELETE/v1/webhooks/:id
curl -X DELETE https://www.unosend.co/api/v1/webhooks/550e8400-e29b-41d4-a716-446655440000 \
-H "Authorization: Bearer un_your_api_key"
