Receive webhooks
The relay side of Emithook: give a provider a stable place to send to, and Emithook acknowledges instantly, verifies authenticity, and routes the event to your systems — losing nothing if you're down. This page is the map; follow the links for detail.
How an event arrives
A provider can reach you four ways. All of them mint a time-sortable event id and enter the same pipeline (ack & durably buffer → verify → route → audit → deliver):
| Ingress | What it is | Availability |
|---|---|---|
| HTTPS edge | A provider POSTs to <ingest-domain>/<slug>. Acked + durably buffered at the edge in <100 ms (never dropped); verified in the processing plane. | Available |
| Queue ingestion | You produce to your own broker (SQS/SNS, Pub/Sub, Kafka, AMQP, NATS, Redis…) and Emithook consumes it. Removes per-request cost for high-volume senders. | Available |
| Inbound email (MX) | Mail to <alias>@in.<ingest-domain> is parsed (headers, bodies, attachments) into an event after SPF/DKIM/DMARC checks. | Available |
| Send API | A direct API call — see Send. | Available |
Webhooks and email share one dedicated ingest domain (<ingest-domain>), kept separate from the marketing/console site for a hard cookie boundary off the auth domain plus reputation isolation. <ingest-domain> is a placeholder — the real name is an operator choice and config-driven (the edge is domain-agnostic). See the glossary for precise definitions.
Endpoints & provider presets
An inbound endpoint is the entry you hand to a provider. Picking a provider preset (Shopify, Stripe, Slack, Meta, Razorpay, generic…) configures two things automatically:
- Signature verification — e.g. Shopify
X-Shopify-Hmac-Sha256, StripeStripe-Signature(300 s tolerance), Slackv0=(5-min replay window), MetaX-Hub-Signature-256. This runs in the processing plane, not at the edge (the edge accepts and buffers first): a verified event is routed, while a bad signature is quarantined — durable and inspectable, but never delivered (not a401at the edge, never silently dropped). - The synchronous handshake the provider expects — Meta/WhatsApp
hub.challengeecho, Slackurl_verification, or a plain200, answered at the edge.
Zero DNS: a new endpoint is live immediately on the shared <ingest-domain>. A custom domain is optional branding — for webhooks you CNAME your subdomain to our ingest host (TLS auto-provisioned via Cloudflare for SaaS); for email you publish MX + SPF/DKIM/DMARC records (delivered via SES).
Routing, filters & transformations
Each endpoint carries one or more routes that fan an incoming event out to one or more destinations. A route can:
- Filter — header/path/JSON-path match to drop or conditionally route events. Available
- Transform — reshape/enrich/redact the payload with sandboxed JS, versioned and testable against a saved sample. Available
Unroutable events are never dropped — they're parked and become replayable once a route exists.
Reliability you get for free
Once an event is in, delivery is signed, retried with backoff + jitter, circuit-broken per destination, and dead-lettered (replayable) on final failure. The full contract is in API conventions → delivery semantics.
Tutorials
- Receive a Shopify webhook — a complete inbound walkthrough: verify, fan out to an API and a queue, replay.
Next
- Send webhooks — the outbound half of the engine.
- Destinations & validation — where events go.
- API reference · CLI · MCP server