Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.fluxomail.com/llms.txt

Use this file to discover all available pages before exploring further.

If you receive webhooks from Fluxomail (or plan to for specialized integrations), verify each request using an HMAC signature header. Signature
  • Header: fluxomail-signature (or X-Fluxomail-Signature)
  • Algorithm: HMAC‑SHA256 with your shared secret
  • Format: sha256=<hex> or raw <hex> digest
SDK helper (Node) 
import { webhooks } from '@fluxomail/sdk'

// rawBody: exact request body as a string (do not JSON.parse before verifying)
const ok = webhooks.verifyHmacSignature(rawBody, req.headers, { secret: process.env.FLUXOMAIL_WEBHOOK_SECRET! })
if (!ok) return res.status(401).end('invalid signature')

const out = webhooks.verifyAndParse(rawBody, req.headers, { secret: process.env.FLUXOMAIL_WEBHOOK_SECRET! })
if (!out.ok) return res.status(401).end('invalid signature')
for (const evt of out.events) {
  // handle event (evt.id, evt.type, evt.data)
}
Express example (raw body) 
import express from 'express'
import bodyParser from 'body-parser'
import { webhooks } from '@fluxomail/sdk'

const app = express()
app.post('/webhooks/fluxomail', bodyParser.text({ type: '*/*' }), (req, res) => {
  const raw = req.body as string
  const ok = webhooks.verifyHmacSignature(raw, req.headers as any, { secret: process.env.FLUXOMAIL_WEBHOOK_SECRET! })
  if (!ok) return res.status(401).end('invalid signature')
  const out = webhooks.verifyAndParse(raw, req.headers as any, { secret: process.env.FLUXOMAIL_WEBHOOK_SECRET! })
  if (!out.ok) return res.status(401).end('invalid signature')
  // process out.events
  return res.status(200).end('ok')
})
Next.js App Router example 
// app/api/fluxomail/webhook/route.ts
import { webhooks } from '@fluxomail/sdk'

export const runtime = 'nodejs'
export async function POST(request: Request) {
  const raw = await request.text()
  const ok = webhooks.verifyHmacSignature(raw, request.headers, { secret: process.env.FLUXOMAIL_WEBHOOK_SECRET! })
  if (!ok) return new Response('invalid signature', { status: 401 })
  const out = webhooks.verifyAndParse(raw, request.headers, { secret: process.env.FLUXOMAIL_WEBHOOK_SECRET! })
  if (!out.ok) return new Response('invalid signature', { status: 401 })
  // process out.events
  return new Response('ok', { status: 200 })
}
Payloads
  • Single event: { id, type, created, data }
  • Batched array: [ { id, type, created, data }, ... ]
  • Envelope { events: [...] } is also supported by the parser
Tips
  • Always verify before parsing JSON.
  • Keep secrets on the server; never expose them to browsers or client apps.
  • Handle retries idempotently (events include a stable id).
See also: SDKs & Clients