Register a webhook scoped to an inbox
Register a webhook pre-scoped to this inbox — the endpoint only receives events for this one inbox. Otherwise identical to `POST /webhooks`: `url` must be HTTPS, `event_types` must list at least one type, and the response includes the one-time signing secret. Supplying `inbox_ids` in the body overrides the path scope.
Register a webhook pre-scoped to this inbox — the endpoint only receives
events for this one inbox. Otherwise identical to POST /webhooks: url
must be HTTPS, event_types must list at least one type, and the
response includes the one-time signing secret. Supplying inbox_ids in
the body overrides the path scope.
The per-tenant API key. Sent as the x-api-key request header. The key
is tenant-scoped.
In: header
Path Parameters
The inbox's opaque id (e.g. inb_…).
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
The body for registering a webhook.
Response Body
application/json
application/json
application/json
application/json
application/json
application/json
curl -X POST "https://example.com/inboxes/string/webhooks" \ -H "Content-Type: application/json" \ -d '{ "url": "http://example.com", "event_types": [ "message.received" ] }'{ "webhook_id": "string", "url": "http://example.com", "event_types": [ "message.received" ], "inbox_ids": [ "string" ], "enabled": true, "client_id": "string", "created_at": "2019-08-24T14:15:22Z", "updated_at": "2019-08-24T14:15:22Z", "secret": "string"}{ "webhook_id": "string", "url": "http://example.com", "event_types": [ "message.received" ], "inbox_ids": [ "string" ], "enabled": true, "client_id": "string", "created_at": "2019-08-24T14:15:22Z", "updated_at": "2019-08-24T14:15:22Z", "secret": "string"}{ "name": "string", "message": "string"}{ "name": "string", "message": "string"}{ "name": "validation", "errors": { "property1": "string", "property2": "string" }}{ "name": "string", "message": "string"}List an inbox's threads (thin list) GET
Lists the inbox's threads, most-recently-active first, paginated. Each entry is the **thin** thread (no `messages[]` — fetch those with get-thread). Threads labeled `spam` or `unauthenticated` are excluded unless the matching `include_*` flag is set; opting into `spam` additionally requires the key's `label_spam_read` permission. An inbox with no mail returns an empty list; an unknown/cross-tenant inbox is a `404`.
Register a webhook POST
Register a webhook endpoint. `url` must be HTTPS and `event_types` must list at least one event type; `inbox_ids` (max 10) optionally scopes the endpoint to specific inboxes (omit for all of the tenant's inboxes). Supply a `client_id` for idempotency — repeating a create with the same `client_id` returns the existing webhook (`200`). The response includes the endpoint's **signing secret** (`whsec_…`), returned **only** here — store it now to verify deliveries.