DocumentationCreate a webhook endpoint

Create a webhook endpoint

Register POST /webhooks/endpoints with webhooks:manage scope.

Register a public HTTPS URL to receive signed event deliveries from MailingCore. Required scope: webhooks:manage.

Create endpoint

POST /webhooks/endpoints
Authorization: Bearer mc_live_xxxx
X-Tenant-Id: clxxxxxxxx
Content-Type: application/json
{
  "url": "https://your-saas.com/webhooks/mailingcore",
  "events": [
    "contact.unsubscribed",
    "email.bounced",
    "email.complained"
  ],
  "secret": "whsec_your_shared_secret_min_32_chars"
}
FieldRules
urlPublic HTTPS endpoint on your server
eventsSubset of supported types — see Event catalog
secretShared HMAC key; store in your env vars. Used to verify X-MailingCore-Signature

Response (201 Created) includes the endpoint id and the secret (save it immediately — it is not shown again in full).

  1. Provision API key

    Create a key with webhooks:manage (plus other scopes your integration needs). See API keys and scopes.

  2. Implement the receiver

    Accept POST, read the raw body, verify HMAC signature, respond 200 quickly.

  3. Register the endpoint

    Call POST /webhooks/endpoints with your production URL and the minimal event list.

  4. Send a test event

    Trigger a test send or unsubscribe in staging and confirm delivery in Deliveries log.

Example: B2B integrator events

A SaaS product that syncs contacts and runs campaigns typically subscribes to:

EventWhy
contact.unsubscribedRevoke newsletter consent in your app when a user clicks hosted unsubscribe
email.bounced (hard)Mark invalid addresses and stop future sends
email.complainedRevoke consent and alert operators

Optional: email.delivered, email.opened, email.clicked for engagement metrics.

Manage endpoints

ActionEndpoint
ListGET /webhooks/endpoints
Disable / enablePATCH /webhooks/endpoints/:id/toggle
Delivery logGET /webhooks/endpoints/:id/deliveries?limit=20
DeleteDELETE /webhooks/endpoints/:id

Related