Webhooks
Webhooks let you receive delivery events in real time. Configure a URL in the dashboard and MoSend will POST to it every time an event occurs.
Available events
| Event | Description |
|---|---|
email.delivered | The email was delivered to the recipient's server. |
email.opened | The recipient opened the email (requires tracking pixel). |
email.clicked | The recipient clicked a link. |
email.bounced | The email bounced and could not be delivered. |
email.complained | The recipient marked the email as spam. |
Payload
MoSend sends a POST with a JSON body like this:
{
"event": "email.delivered",
"created_at": "2026-04-14T10:24:02Z",
"data": {
"email_id": "em_7a3f9b2c1d8e",
"to": "usuario@ejemplo.com",
"from": "hola@tudominio.com",
"subject": "Bienvenido"
}
}Signature
Every request includes an X-MoSend-Signature header with an HMAC-SHA256 of the body, using the webhook secret. Verify it before processing the event.
import crypto from 'node:crypto';
function verify(signature, rawBody, secret) {
const expected = crypto
.createHmac('sha256', secret)
.update(rawBody)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected),
);
}import hmac, hashlib
def verify(signature: str, raw_body: bytes, secret: str) -> bool:
expected = hmac.new(
secret.encode(), raw_body, hashlib.sha256
).hexdigest()
return hmac.compare_digest(signature, expected)