Mailgun inbound event webhook
email-webhooks
Mailgun inbound event webhook
Inbound Mailgun webhook handler.
Authenticated by HMAC-SHA256 signature verification (design §9.1).
Status codes: 200 — event accepted (includes idempotent duplicates handled by dispatch) 400 — request body is not valid JSON 406 — HMAC signature invalid or timestamp outside ±5-minute window 503 — MAILGUN_WEBHOOK_SIGNING_KEY is not configured; refusing to operate
Design reference: §6.7, §9.1, §9.3
POST
Mailgun inbound event webhook
Authorizations
Send platform JWTs, contact JWTs, or team API keys as Authorization: Bearer <token>.
Response
200 - application/vnd.api+json
Successful Response