Webhooks

Push delivery-related events to your own HTTPS endpoint for automation and alerting.

Register an endpoint

Open Webhooks → Register Webhook. Enter a publicly reachable HTTPS URL and select which event types you care about. After saving, Piisend delivers JSON payloads when those events occur.

Event types

Subscribe to one or more of these when creating a webhook:

  • delivery
  • bounce
  • complaint
  • open
  • click

Payload shape

Each delivery is a POST with a JSON body:

{
  "type": "delivery",
  "data": { /* event-specific fields */ },
  "timestamp": "2026-05-19T12:00:00.000000"
}

Security

Webhook deliveries are signed. Open a webhook’s Details page to view or rotate the signing secret. Validate every request before trusting the body.

Request headers:

  • X-Webhook-Signature — HMAC-SHA256 hex digest of the raw JSON body
  • X-Webhook-Timestamp — UTC ISO timestamp when the delivery was sent
import crypto from "crypto";

function verifyWebhook(body: string, signature: string, secret: string): boolean {
  const expected = crypto.createHmac("sha256", secret).update(body).digest("hex");
  return crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
}

Testing

Use the test action from the webhooks table to send a sample payload to your URL and confirm connectivity, TLS, and signature verification in your environment.

See also

Logs for in-app timelines in addition to outbound webhooks.

Documentation

Integrate with the REST API

Quickstart, API reference, and webhooks—everything you need to send from your app.

QuickstartAPI reference