Create a webhook endpoint
Register POST /webhooks/endpoints with webhooks:manage scope.
Register a public HTTPS URL to receive signed event deliveries from MailingCore. Required scope: webhooks:manage.
Create endpoint
POST /webhooks/endpoints
Authorization: Bearer mc_live_xxxx
X-Tenant-Id: clxxxxxxxx
Content-Type: application/json
{
"url": "https://your-saas.com/webhooks/mailingcore",
"events": [
"contact.unsubscribed",
"email.bounced",
"email.complained"
],
"secret": "whsec_your_shared_secret_min_32_chars"
}
| Field | Rules |
|---|---|
url | Public HTTPS endpoint on your server |
events | Subset of supported types — see Event catalog |
secret | Shared HMAC key; store in your env vars. Used to verify X-MailingCore-Signature |
Response (201 Created) includes the endpoint id and the secret (save it immediately — it is not shown again in full).
Provision API key
Create a key with
webhooks:manage(plus other scopes your integration needs). See API keys and scopes.Implement the receiver
Accept
POST, read the raw body, verify HMAC signature, respond 200 quickly.Register the endpoint
Call
POST /webhooks/endpointswith your production URL and the minimal event list.Send a test event
Trigger a test send or unsubscribe in staging and confirm delivery in Deliveries log.
Example: B2B integrator events
A SaaS product that syncs contacts and runs campaigns typically subscribes to:
| Event | Why |
|---|---|
contact.unsubscribed | Revoke newsletter consent in your app when a user clicks hosted unsubscribe |
email.bounced (hard) | Mark invalid addresses and stop future sends |
email.complained | Revoke consent and alert operators |
Optional: email.delivered, email.opened, email.clicked for engagement metrics.
Manage endpoints
| Action | Endpoint |
|---|---|
| List | GET /webhooks/endpoints |
| Disable / enable | PATCH /webhooks/endpoints/:id/toggle |
| Delivery log | GET /webhooks/endpoints/:id/deliveries?limit=20 |
| Delete | DELETE /webhooks/endpoints/:id |