Webhooks API

Set up webhooks to receive real-time notifications about email events, form submissions, and other actions in your Metigan account.

Create Webhook

create-webhook.tsTypeScript

import Metigan from 'metigan';

const metigan = new Metigan({
  apiKey: 'your_api_key'
});

// Create a webhook
const webhook = await metigan.webhooks.create({
  url: 'https://your-app.com/webhooks/metigan',
  events: [
    'email.sent',
    'email.delivered',
    'email.bounced',
    'email.opened',
    'email.clicked',
    'form.submitted'
  ],
  secret: 'your_webhook_secret' // For signature verification
});

console.log('Webhook created:', webhook.id);

Webhook Events

Available webhook events you can subscribe to:

Event	Description
email.sent	Email was successfully sent
email.delivered	Email was delivered to recipient
email.opened	Recipient opened the email
email.clicked	Recipient clicked a link
email.bounced	Email bounced
form.submitted	Form submission received

Verify Webhook Signature

verify-webhook.tsTypeScript

import crypto from 'crypto';

function verifyWebhookSignature(
  payload: string,
  signature: string,
  secret: string
): boolean {
  const expectedSignature = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expectedSignature)
  );
}

// In your webhook endpoint
app.post('/webhooks/metigan', (req, res) => {
  const signature = req.headers['x-metigan-signature'];
  const payload = JSON.stringify(req.body);
  
  if (!verifyWebhookSignature(payload, signature!, process.env.WEBHOOK_SECRET!)) {
    return res.status(401).send('Invalid signature');
  }
  
  // Process webhook event
  const event = req.body;
  console.log('Webhook event:', event.type, event.data);
  
  res.status(200).send('OK');
});

Security

Always verify webhook signatures to ensure the request is from Metigan. Never trust webhook payloads without verification.