Managing Webhooks via API

Create, retrieve, list, and delete webhooks programmatically.

You can now use the Resend API to manage webhooks.

This allows you to manage your webhooks, which will be triggered when certain events happen, like when an email bounces or a contact unsubscribes. There are currently 15 different events that your webhooks can listen to.

The Webhooks API includes five new endpoints:

How to use it

The best way to use these new endpoints is with our SDKs.

Here's an example of how you can create new webhooks:

import { Resend } from 'resend';


const resend = new Resend('re_xxxxxxxxx');


const { data, error } = await resend.webhooks.create({
  endpoint: 'https://example.com/handler',
  events: ['email.sent'],
});

Once you perform a request, the API will return a standard response containing the object type, entity ID, and a signing secret that you can use to verify requests.

{
  "object": "webhook",
  "id": "4dd369bc-aa82-4ff3-97de-514ae3000ee0",
  "signing_secret": "whsec_xxxxxxxxxx"
}

Verify webhook requests

In addition to the five new endpoints, we're also introducing an SDK helper to help verify webhook requests.

You can now use the new verify method as seen in the Next.js example below.

You can get the Resend webhook secret from the webhook details page, accessible from the Webhooks dashboard. It's also included in the response body of calls to create or list webhooks.

export async function POST(req: NextRequest) {
  try {
    const payload = await req.text();


    // Throws an error if the webhook is invalid
    // Otherwise, returns the parsed payload object
    const result = resend.webhooks.verify({
      payload,
      headers: {
        id: req.headers['svix-id'],
        timestamp: req.headers['svix-timestamp'],
        signature: req.headers['svix-signature'],
      },
      webhookSecret: 'whsec_xxxxxxxxxx',
    });


    // Handle the result after validating it
  } catch {
    return new NextResponse('Invalid webhook', { status: 400 });
  }
}

Make sure that you're using the raw request body when verifying webhooks. The cryptographic signature is sensitive to even the slightest change. Some frameworks parse the request as JSON and then stringify it, and this will also break the signature verification.

Learn more about verifying webhook requests.

Get started

Visit the documentation to learn more about managing webhooks via the API.