HTTP webhook → Email

Any service that can send an HTTP request becomes a source. ingestlayer generates an ingest URL — https://in.ingestlayer.com/whk/<token> — and every POST to it becomes one event.

how events arrive

1. 01

   create the endpoint

   Add an HTTP webhook source. ingestlayer generates a unique URL of the form https://in.ingestlayer.com/whk/<token> that accepts any HTTP POST.

2. 02

   choose auth

   HMAC signing (the default) or a bearer token. In signed mode the sender includes an X-Ingest-Signature header — the hex HMAC-SHA256 of the raw body — which ingestlayer recomputes and compares in constant time, rejecting anything that doesn't match. An unauthenticated mode exists for local testing.

3. 03

   send your events

   POST JSON to the URL. The body becomes the event payload; if it carries a string `type` that becomes the event type, otherwise ingestlayer stamps webhook.in.received. Rename or reshape fields with the transform action downstream.

POST /whk/wh_3f8a HTTP/1.1
Host: in.ingestlayer.com
Content-Type: application/json
X-Ingest-Signature: 9f86d081884c…

{
  "type":     "order.created",
  "order_id": "ord_18f2",
  "amount":   4200,
  "currency": "eur",
  "email":    "ada@acme.com"
}

route it to Email

Send a transactional email to one or more recipients, addressable from event fields.

1. 01

   set the recipient

   Enter a fixed address, or reference an event field like $event.payload.email to route per event.

2. 02

   write subject and body

   Both accept $event.* templates. The body renders as plain text with an optional summary table of the payload.

3. 03

   confirm the sender

   Mail goes out from mail@notify.ingestlayer.com with SPF and DKIM aligned. Set a reply-to if you want responses to reach you.

From:    mail@notify.ingestlayer.com
To:      alerts@acme.com
Subject: Payment failed — acme-inc (€240.00)

A charge failed for acme-inc.
  amount   €240.00
  reason   insufficient_funds
  attempt  2

notes

• —Outbound email is metered against a monthly quota that scales with your plan; over-quota sends are deferred, not dropped.
• —Sending from a fixed ingestlayer domain keeps deliverability high, but the From address is not your own domain.
• —Recipient addresses pulled from event fields are validated at send time; a malformed address dead-letters that delivery.

questions

How do I know a webhook really came from my sender?

Set the source to HMAC or bearer auth. In HMAC mode ingestlayer recomputes HMAC-SHA256 over the raw body and compares it to the X-Ingest-Signature header in constant time, rejecting anything that doesn't match before the event enters the pipeline.

What stops a retry from being processed twice?

Send an X-Ingest-Idempotency-Key header. Ingest is deduplicated on it, so a sender that retries on a timeout still produces exactly one event.

Can I reshape the payload before it lands?

Yes — the body arrives as-is, then the transform action maps it to whatever shape your destination expects, so a third party's field names never leak into your Slack message or your Postgres columns.

HTTP webhook, routed elsewhere

• HTTP webhook → SlackSlack
• HTTP webhook → DiscordDiscord
• HTTP webhook → TelegramTelegram
• HTTP webhook → WebhookWebhook
• HTTP webhook → PostgresPostgres
• HTTP webhook → NotionNotion

other sources, into Email

• Inbound email → Emailemail
• AI agent → Emailagent
• everything you can pipe to Emailhub