What's in your webhook payload

Every email that arrives at your alias is transformed into structured JSON and delivered to your webhook endpoint. This reference covers every field you can expect, including the enrichment features available on each plan.

Full payload example

Below is a complete payload with all fields present. Your actual payload will vary depending on the email content and your plan.

{
  "id": "msg_abc123def456",
  "timestamp": "2026-02-12T10:30:00Z",
  "from": {
    "address": "alice@example.com",
    "name": "Alice Martin"
  },
  "to": [
    {
      "address": "invoices@yourdomain.com",
      "name": ""
    }
  ],
  "cc": [],
  "bcc": [],
  "replyTo": {
    "address": "alice@example.com",
    "name": "Alice Martin"
  },
  "subject": "Invoice #2026-0042 attached",
  "text": "Hi team,\n\nPlease find invoice #2026-0042 attached.\n\nView it online: https://billing.example.com/inv/2026-0042\n\nBest,\nAlice",
  "html": "<p>Hi team,</p><p>Please find invoice #2026-0042 attached.</p><p><a href=\"https://billing.example.com/inv/2026-0042\">View it online</a></p><p>Best,<br>Alice</p>",
  "markdown": "Hi team,\n\nPlease find invoice #2026-0042 attached.\n\n[View it online](https://billing.example.com/inv/2026-0042)\n\nBest,\nAlice",
  "links": [
    {
      "url": "https://billing.example.com/inv/2026-0042",
      "text": "View it online"
    }
  ],
  "headers": {
    "message-id": "<abc123@mail.example.com>",
    "x-custom-header": "value"
  },
  "attachments": [
    {
      "filename": "invoice-2026-0042.pdf",
      "contentType": "application/pdf",
      "size": 245680,
      "content": "JVBERi0xLjQK..."
    },
    {
      "filename": "receipt-photo.jpg",
      "contentType": "image/jpeg",
      "size": 5242880,
      "url": "https://s3.emailconnect.eu/att/..."
    }
  ],
  "spam": {
    "score": 0.2,
    "symbols": ["DKIM_VALID", "SPF_PASS", "DMARC_PASS"],
    "action": "no action"
  },
  "classification": {
    "type": "transactional",
    "confidence": 0.94,
    "signals": ["has_invoice_number", "has_attachment", "single_recipient"]
  },
  "integrity": {
    "contentHash": "sha256:a3f2b8c1d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1",
    "rawEmailHash": "sha256:9f8e7d6c5b4a3f2e1d0c9b8a7f6e5d4c3b2a1f0e9d8c7b6a5f4e3d2c1b0a9f8e"
  },
  "envelope": {
    "mailFrom": "bounces@example.com",
    "rcptTo": ["invoices@yourdomain.com"],
    "remoteAddress": "198.51.100.25",
    "clientHostname": "mail.example.com"
  },
  "alias": {
    "id": "alias_xyz789",
    "address": "invoices@yourdomain.com"
  },
  "domainId": "dom_abc123",
  "aliasId": "alias_xyz789"
}

Field reference by section

Message basics

Field Type Description
id string Unique message identifier
timestamp string (ISO 8601) When the email was received
from object Sender address and display name
to array Recipient addresses and display names
cc array CC recipients
bcc array BCC recipients (when available)
replyTo object Reply-to address
subject string Email subject line

Content

Field Type Plan Description
text string All Plain text body
html string All HTML body
markdown string Maker+ HTML body converted to clean Markdown
links array All URLs extracted from the email body, each with url and text
headers object All Selected email headers (Message-ID, custom X-headers, etc.)

Markdown is generated server-side from the HTML body. It's useful for LLM pipelines, content extraction, and readable logging without needing an HTML parser.

Links are extracted from both HTML and plain text bodies. Each entry includes the url and the link text (anchor text from HTML, or the URL itself for plain text links).

Attachments

Field Type Description
attachments[].filename string Original filename
attachments[].contentType string MIME type
attachments[].size number Size in bytes
attachments[].content string Base64-encoded content (inline delivery)
attachments[].url string S3 download URL (offloaded delivery, Maker+)

Small text files are inlined as base64. Larger files or binary attachments are offloaded to S3 (platform-managed or your own bucket on Business+). See Attachment processing for details.

Spam analysis

Available on Maker+ plans. Powered by rspamd.

Field Type Description
spam.score number Spam score (lower = cleaner)
spam.symbols array rspamd symbols that matched (e.g. DKIM_VALID, SPF_PASS)
spam.action string Recommended action (no action, add header, reject, etc.)

Classification

Field Type Plan Description
classification.type string All Email type: transactional, marketing, personal, notification, automated
classification.confidence number Maker+ Confidence score (0–1)
classification.signals array Maker+ Signals that influenced classification (e.g. has_invoice_number, has_unsubscribe_link)

Classification helps you route emails by type, filter out marketing, or prioritize transactional messages — all without writing your own heuristics.

Integrity

Available on Maker+ plans.

Field Type Description
integrity.contentHash string SHA-256 hash of the processed payload content
integrity.rawEmailHash string SHA-256 hash of the raw email before processing

Use integrity hashes to verify that the payload wasn't tampered with in transit, detect duplicate deliveries, or build audit trails.

Metadata

Field Type Description
alias.id string Alias identifier
alias.address string Alias email address that received the email
domainId string Domain identifier
aliasId string Alias identifier (same as alias.id)
envelope object SMTP envelope data (MAIL FROM, RCPT TO, remote address)

Features by plan

Feature Free Maker Business Platform
Message basics (from, to, subject, etc.) + + + +
Text + HTML body + + + +
Link extraction + + + +
Email classification (type only) + + + +
Attachments (inline base64) + + + +
Markdown conversion - + + +
Classification confidence + signals - + + +
Integrity hashes - + + +
Spam analysis (rspamd) - + + +
S3 attachment offloading - + + +
Envelope data + + + +

Related topics