Webhooks
SipherMail can send HTTP POST requests to your server when email events occur — new email received, email sent, delivery status updates, and more.
Configure a webhook
- Go to Settings → API & Integrations → Webhooks → Add Endpoint.
- Enter your HTTPS endpoint URL.
- Select the events you want to receive.
- Copy the signing secret — used to verify payloads.
Events
| Event | Description |
|---|---|
email.received | New email arrived in inbox |
email.sent | Email sent successfully |
email.bounced | Delivery permanently failed |
email.opened | Recipient opened the email (if tracking enabled) |
Payload format
POST https://yourapp.com/webhook/siphermail
Content-Type: application/json
X-SipherMail-Signature: sha256=...
{
"event": "email.received",
"timestamp": "2026-05-24T20:00:00Z",
"data": {
"uid": 12345,
"from": "sender@example.com",
"subject": "Hello",
"folder": "INBOX"
}
}Verify signatures
// Node.js example
const crypto = require('crypto');
function verifyWebhook(payload, signature, secret) {
const expected = 'sha256=' + crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}Retry policy
Failed webhook deliveries (non-2xx response or timeout) are retried up to 5 times with exponential backoff (1 min, 5 min, 15 min, 1 hr, 6 hr). After 5 failures, the webhook is disabled and you receive an email notification.