Webhooks
SushiSend can push every email event to an HTTPS endpoint of your choice. Events are POSTed as JSON and signed so you can verify they came from us.
Events we send
type | When |
|---|---|
email.delivered | SES confirmed delivery to the recipient MTA. |
email.bounced | Hard or soft bounce. Includes bounceType and bounceSubtype. |
email.complained | Recipient marked it as spam. |
email.rejected | SES refused the send (malformed, suppressed, etc). |
email.opened | Open pixel was fetched. |
email.clicked | Tracked link was clicked. |
Payload shape
{ "id": "evt_01HRY...", "type": "email.bounced", "occurredAt": "2026-04-24T12:31:09Z", "workspaceId": "01HRY...", "data": { "messageId": "01HRY...", "to": "user@example.com", "bounceType": "Permanent", "bounceSubtype": "General" }}Verify signatures
Every request carries X-SushiSend-Signature: t=<timestamp>,v1=<hex>. Compute HMAC-SHA256(signingSecret, "<timestamp>.<raw body>") and compare in constant time. Reject requests more than 5 minutes old.
Retry
If your endpoint returns a non-2xx response (or times out after 10s), we retry with exponential backoff for up to 24 hours, then park the event in the dead-letter log for manual inspection.