Webhooks
Webhooks allow us to push raw events we collect about your emails over to your servers. Batches of events are delivered through a POST request to the defined target URL. You can use this endpoint to create and manage webhooks, or you can create one from the app (EU). For inbound relay webhooks, see Relay Webhooks.
Batch Information
-
Any webhook batch that does not receive an HTTP 200 response will be retried for a total of 8 hours before the data is discarded.
-
Each webhook batch contains the header
X-MessageSystems-Batch-ID, which is useful for detecting and prevention of processing duplicate batches. Additionally within each event theevent_idis unique and can also be used in duplicate detection and prevention. -
Webhooks posting to your endpoint will timeout after 10 seconds. For best results, write webhook batches to disk and then process asynchronously to minimize data loss if you have a problem with your database.
-
Webhook batch status is available for 24 hours via the UI or the API.
-
See Best Practices for Managing Webhook Data Streams for more information on how best to consume webhooks.
-
See Webhook Authentication and Security for highly recommended security measures.
-
For further information on our event types see the Webhook Event Reference Guide
Webhook Event Types
You can receive any of the following types of events in webhook payloads.
bounce Event
Remote MTA has permanently rejected a message.
{
"msys": {
"message_event": {
"amp_enabled": true,
"bounce_class": "1",
"campaign_id": "Example Campaign Name",
"click_tracking": true,
"customer_id": "1",
"delv_method": "esmtp",
"device_token": "45c19189783f867973f6e6a5cca60061ffe4fa77c547150563a1192fa9847f8a",
"error_code": "554",
"event_id": "92356927693813856",
"friendly_from": "sender@example.com",
"initial_pixel": true,
"injection_time": "2016-04-18T14:25:07.000Z",
"ip_address": "18.236.253.72",
"ip_pool": "example-ip-pool",
"mailbox_provider": "Gsuite",
"mailbox_provider_region": "Europe - UK",
"message_id": "000443ee14578172be22",
"msg_from": "sender@example.com",
"msg_size": "1337",
"num_retries": "2",
"open_tracking": true,
"rcpt_meta": {
"customKey": "customValue"
},
"rcpt_tags": [
"male",
"US"
],
"rcpt_to": "recipient@example.com",
"rcpt_hash": "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed",
"raw_rcpt_to": "recipient@example.com",
"rcpt_type": "cc",
"raw_reason": "MAIL REFUSED - IP (17.99.99.99) is in black list",
"reason": "MAIL REFUSED - IP (a.b.c.d) is in black list",
"recipient_domain": "example.com",
"recv_method": "esmtp",
"routing_domain": "example.com",
"scheduled_time": "1588348800",
"sending_ip": "18.236.253.72",
"sms_coding": "ASCII",
"sms_dst": "7876712656",
"sms_dst_npi": "E164",
"sms_dst_ton": "International",
"sms_src": "1234",
"sms_src_npi": "E164",
"sms_src_ton": "Unknown",
"subaccount_id": "101",
"subject": "Summer deals are here!",
"template_id": "templ-1234",
"template_version": "1",
"timestamp": "1460989507",
"transactional": "1",
"transmission_id": "65832150921904138",
"type": "bounce"
}
}
}
Events
Â
Indicates whether or not amp format was enabled.
Classification code for a given message (see Bounce Classification Codes).
Campaign of which this message was a part.
Indicates whether or not click tracking was enabled.
SparkPost-customer identifier through which this message was sent.
Protocol by which SparkPost delivered this message.
Token of the device / application targeted by this PUSH notification message. Applies only when delv_method is gcm or apn.
Error code by which the remote server described a failed delivery attempt.
Unique event identifier.
Friendly sender or 'From' header in the original email.
Indicates whether or not initial open pixel tracking was enabled.
Time at which this message was injected into SparkPost.
IP address of the host to which SparkPost delivered this message; in engagement events, the IP address of the host where the HTTP request originated.
IP pool through which this message was sent.
Mailbox Provider of the recipient.
Region of the Mailbox Provider.
SparkPost-cluster-wide unique identifier for this message.
Sender address used on this message's SMTP envelope.
Message's size in bytes.
Number of failed attempts before this message was successfully delivered; when the first attempt succeeds, zero.
Indicates whether or not open tracking was enabled.
Metadata describing the message recipient.
Tags applied to the message which generated this event.
Lowercase version of recipient address used on this message's SMTP envelope.
Hashed version of recipient address used on this message's SMTP envelope.
Actual recipient address used on this message's SMTP envelope.
Indicates that a recipient address appeared in the Cc or Bcc header or the archive JSON array.
Unmodified, exact response returned by the remote server due to a failed delivery attempt.
Canonicalized text of the response returned by the remote server due to a failed delivery attempt.
Domain part of the recipient address used on this message's SMTP envelope.
Protocol by which SparkPost received this message.
Domain receiving this message.
Time at which the email was scheduled to be sent.
IP address through which this message was sent.
Data encoding used in the SMS message.
SMS destination address.
Destination numbering plan identification.
Type of number for the destination address.
SMS source address.
Source numbering plan identification.
Type of number for the source address.
Unique subaccount identifier.
Subject line from the email header.
Slug of the template used to construct this message.
Version of the template used to construct this message.
Event date and time, in Unix timestamp format (integer seconds since 00:00:00 GMT 1970-01-01).
Indicates if the transmission was marked as transactional.
Transmission which originated this message.
Type of event this record describes.
Webhooks Object
Example
{
"name": "Example webhook",
"target": "http://client.example.com/example-webhook",
"events": [
"delivery",
"injection",
"open",
"click"
],
"active": true,
"exception_subaccounts": [
123
],
"custom_headers": {
"x-api-key": "abcd"
},
"auth_type": "basic",
"auth_credentials": {
"username": "basicauthuser",
"password": "mypassword"
}
}
Attributes
Name for webhook
URL of the target to which to POST event batches.
Array of event types this webhook will send. Use the Events Documentation endpoint to list the available event types.
The status of the webhook. When false, the target will no longer receive batches.
Object of custom headers to be used during POST requests to target.
Array of subaccount numbers to prevent receiving events in your webhook (only available for webhooks with Primary and All Subaccounts event source).
Type of authentication to be used during POST requests to target. Read more about webhook authentication.
Possible Values: none, basic, oauth2
Object containing details needed to request authorization token for OAuth 2.0. This is required when auth_type is oauth2.
Object containing credentials needed to make authorized POST requests for Basic Authentication. This is required when auth_type is basic. When auth_type is oauth2, it is generated from auth_request_details.
Deprecated in favor of the auth_type field.
Authentication token to present in the X-MessageSystems-Webhook-Token header of POST requests to target.
The SparkPost Webhooks API uses MaxMind software MaxMind License
Request
POST /api/v1/webhooks{
"name": "Example webhook",
"target": "http://client.example.com/example-webhook",
"custom_headers": {
"x-api-key": "abcd"
},
"auth_type": "oauth2",
"auth_request_details": {
"url": "http://client.example.com/tokens",
"body": {
"client_id": "CLIENT123",
"client_secret": "9sdfj791d2bsbf",
"grant_type": "client_credentials"
}
},
"exception_subaccounts": [
123
],
"events": [
"delivery",
"injection",
"open",
"click"
]
}
Response
{
"results": {
"id": "12affc24-f183-11e3-9234-3c15c2c818c2",
"links": [
{
"href": "/api/v1/webhooks/12affc24-f183-11e3-9234-3c15c2c818c2",
"rel": "urn.msys.webhooks.webhook",
"method": [
"GET",
"PUT"
]
}
]
}
}
Create a Webhook
When a webhook is created, a test POST request is sent to the target URL. If this request does not receive an HTTP 200 response, your request to the Webhook API will fail with HTTP 400 and the webhook will not be created. If created successfully, the webhook will begin to receive event data after 1 minute.
Webhooks only support standard ports, port 80 for HTTP traffic and port 443 for HTTPS traffic. You will not be able to create a webhook using a non-standard port.
Request Body
Name for webhook
URL of the target to which to POST event batches. Only ports 80 for http and 443 for https can be set.
Array of event types this webhook will send. Use the Events Documentation endpoint to list the available event types.
trueThe status of the webhook. When false, the target will no longer receive batches.
Object of custom headers to be used during POST requests to target.
Array of subaccount numbers to prevent receiving events in your webhook (only available for webhooks with Primary and All Subaccounts event source). Must not have duplicate values nor be empty. Integer values only. Max size: 10.
noneType of authentication to be used during POST requests to target. Read more about webhook authentication.
Possible Values: none, basic, oauth2
Object containing details needed to request authorization token for OAuth 2.0. This is required when auth_type is oauth2.
Object containing credentials needed to make authorized POST requests for Basic Authentication. This is required when auth_type is basic. When auth_type is oauth2, it is generated from auth_request_details.
Request
POST /api/v1/webhooks/12affc24-f183-11e3-9234-3c15c2c818c2/validate[
{
"msys": {}
}
]
Response
{
"results": {
"msg": "Test POST to endpoint succeeded",
"response": {
"status": 200,
"headers": {
"Content-Type": "text/plain"
},
"body": "OK"
}
}
}
Validate a Webhook
Parameters
The validation request sends an example message event batch the target URL, validates that the target responds with HTTP 200, and returns information on the response received from the target.
Sample Batch
[
{
"msys": {}
}
]
Request
GET /api/v1/webhooks/12affc24-f183-11e3-9234-3c15c2c818c2?timezone=America/New_YorkResponse
{
"results": {
"name": "Example webhook",
"target": "http://client.example.com/example-webhook",
"events": [
"delivery",
"injection",
"open",
"click"
],
"exception_subaccounts": [
"123"
],
"auth_type": "oauth2",
"auth_request_details": {
"url": "https://oauth.myurl.com/tokens",
"body": {
"client_id": "<oauth client id>",
"client_secret": "<oauth client secret>"
}
},
"auth_credentials": {
"access_token": "<oauth token>",
"expires_in": 3600
},
"auth_token": "",
"custom_headers": {
"x-api-key": "abcd"
},
"active": true,
"links": [
{
"href": "/api/v1/webhooks/12affc24-f183-11e3-9234-3c15c2c818c2/validate",
"rel": "urn.msys.webhooks.validate",
"method": [
"POST"
]
},
{
"href": "/api/v1/webhooks/12affc24-f183-11e3-9234-3c15c2c818c2/batch-status",
"rel": "urn.msys.webhooks.batches",
"method": [
"GET"
]
}
]
}
}
Retrieve a Webhook
Parameters
UTCStandard timezone identification string.
Request
GET /api/v1/webhooks/12affc24-f183-11e3-9234-3c15c2c818c2/batch-status?limit=1000Response
{
"results": [
{
"batch_id": "032d330540298f54f0e8bcc1373f3cfd",
"ts": "2014-07-30T21:38:08.000Z",
"attempts": 7,
"response_code": "200",
"latency": 160
},
{
"batch_id": "13c6764994a8f6b4e29906d5712ca7d",
"ts": "2014-07-30T20:38:08.000Z",
"attempts": 2,
"failure_code": "400",
"response_code": "400",
"latency": 210
}
]
}
Retrieve Batch Status Information
Parameters
Maximum number of results to return.
Batch Status Object
Server response code of the webhook if successful.
Unique identifier of of the requested batch status.
Number of events inside of the batch.
Date the the batch was created was created.
Format: YYYY-MM-DDTHH:MM:SS+-HH:MM
Failure response code if the webhook failed during delivery.
Unique identifier of the webhook associated with the batch.
Number of failed attempts before the batch was delivered. Zero if succeeded on first attempt.
Duration in ms for the entire batch posting HTTP round-trip.
When SparkPost does not get a 200 response from your webhook consumer endpoint then the batch is failed and SparkPost will retry the batch multiple times for a period of 8 hours. Status information is provided on any failed batches and those that successed on retry. Batch status is available in the UI and API for 24 hours.
Request
PUT /api/v1/webhooks/12affc24-f183-11e3-9234-3c15c2c818c2{
"name": "Renamed webhook",
"events": [
"generation_rejection",
"delay"
],
"subaccount_id": 123,
"auth_type": "none",
"custom_headers": {
"x-api-key": "abcd"
}
}
Response
{
"results": {
"id": "12affc24-f183-11e3-9234-3c15c2c818c2",
"links": [
{
"href": "/api/v1/webhooks/12affc24-f183-11e3-9234-3c15c2c818c2/validate",
"rel": "urn.msys.webhooks.validate",
"method": [
"POST"
]
}
]
}
}
Update a Webhook
Parameters
Request Body
Name for webhook.
URL of the target to which to POST event batches. Only ports 80 for http and 443 for https can be set.
Array of event types this webhook will send. Use the Events Documentation endpoint to list the available event types.
The status of the webhook. When false, the target will no longer receive batches.
Object of custom headers to be used during POST requests to target.
Array of subaccount numbers to prevent receiving events in your webhook (only available for webhooks with Primary and All Subaccounts event source). Must not have duplicate values. Integers or empty array. New array values will completely replace the current values. Max size: 10.
The new Subaccount to be set as the Event Source. Can be any integer number (use -1 for Primary and All Subaccounts or 0 for Primary Account only).
Type of authentication to be used during POST requests to target. Read more about webhook authentication.
Possible Values: none, basic, oauth2
Object containing details needed to request authorization token for OAuth 2.0. This is required when auth_type is oauth2.
Object containing credentials needed to make authorized POST requests for Basic Authentication. This is required when auth_type is basic. When auth_type is oauth2, it is generated from auth_request_details.
If you change to the target URL, a test POST request will be sent. If this request does not receive an HTTP 200 response, your request to the Webhooks API will fail with HTTP 400, and the webhook will not be updated.
Any batches already queued for delivery to this webhook will not be affected. For example, if you change the webhook's target URL, batches already queued for delivery will still be POSTed to the previous URL.
Request
DELETE /api/v1/webhooks/12affc24-f183-11e3-9234-3c15c2c818c2Response
// Empty response body
Delete a Webhook
Parameters
This will not affect any webhook batches that are already queued for delivery.
Request
GET /api/v1/webhooks?timezone=America/New_YorkResponse
{
"results": [
{
"id": "a2b83490-10df-11e4-b670-c1ffa86371ff",
"name": "Some webhook",
"target": "http://client.example.com/some-webhook",
"events": [
"delivery",
"injection",
"open",
"click"
],
"auth_type": "basic",
"auth_request_details": {},
"auth_credentials": {
"username": "basicuser",
"password": "somepass"
},
"auth_token": "",
"last_successful": "2014-08-01 16:09:15",
"last_failure": "2014-06-01 15:15:45",
"custom_headers": {
"x-api-key": "abcd"
},
"active": true,
"links": [
{
"href": "/api/v1/webhooks/a2b83490-10df-11e4-b670-c1ffa86371ff",
"rel": "urn.msys.webhooks.webhook",
"method": [
"GET",
"PUT"
]
}
]
},
{
"id": "12affc24-f183-11e3-9234-3c15c2c818c2",
"name": "Example webhook",
"target": "http://client.example.com/example-webhook",
"events": [
"delivery",
"injection",
"open",
"click"
],
"auth_type": "oauth2",
"auth_request_details": {
"url": "https://oauth.myurl.com/tokens",
"body": {
"client_id": "<oauth client id>",
"client_secret": "<oauth client secret>"
}
},
"auth_credentials": {
"access_token": "<oauth token>",
"expires_in": 3600
},
"auth_token": "",
"last_successful": "2014-07-01 16:09:15",
"last_failure": "2014-08-01 15:15:45",
"active": true,
"links": [
{
"href": "/api/v1/webhooks/12affc24-f183-11e3-9234-3c15c2c818c2",
"rel": "urn.msys.webhooks.webhook",
"method": [
"GET",
"PUT"
]
}
]
},
{
"id": "123456-abcd-efgh-7890-123445566778",
"name": "Another webhook",
"target": "http://client.example.com/another-example",
"events": [
"generation_rejection",
"generation_failure"
],
"auth_type": "none",
"auth_request_details": {},
"auth_credentials": {},
"auth_token": "5ebe2294ecd0e0f08eab7690d2a6ee69",
"active": true,
"links": [
{
"href": "/api/v1/webhooks/123456-abcd-efgh-7890-123445566778",
"rel": "urn.msys.webhooks.webhook",
"method": [
"GET",
"PUT"
]
}
]
}
]
}
List all Webhooks
Parameters
UTCStandard timezone identification string.
Returns a list of all your webhooks.
Documentation
Request
GET /api/v1/webhooks/events/documentationResponse
{
"results": {
"message_event": { ... },
"track_event": { ... },
...
}
}
Events Documentation
Returns a list of descriptions of the events, event types, and event fields that could be included in a webhooks batches to your target URL.
Request
GET /api/v1/webhooks/events/samples?events=bounceResponse
{
"results": [
{
"msys": {
"message_event": { ... }
}
}
]
}
Event Samples
Parameters
Event types for which to get a sample payload, use the Events Documentation endpoint to list the available event types, defaults to all event types.
Returns an example of the event data that will be posted by a webhook for the specified events.
The data that will arrive at your target URL during normal operation (as opposed to calls to this endpoint) will not contain the top level results key shown in the example response.