Ejecuta cualquier Skill en Manus
con un clic

Ejecuta cualquier Skill en Manus con un clic

sendgrid-webhooks

Estrellas73

Forks8

Actualizado11 de mayo de 2026, 12:14

Receive and verify SendGrid webhooks. Use when setting up SendGrid webhook handlers, debugging signature verification, or handling email delivery events.

Instalación

Instalar con Codex o Claude Copia este prompt, pégalo en Codex, Claude u otro asistente, y deja que revise la página de la skill y la instale por ti.

Ejecutar en Manus

Fuente

hookdeck

hookdeck/webhook-skills

Abrir repositorio de GitHub Ver repositorios del creador

Descarga

Ejecutar en Manus

Ocupaciones relacionadasSOC

Basado en la clasificación ocupacional SOC

Desarrolladores de softwareOcupaciones informáticas y matemáticas·SOC 15-1252

Desarrolladores webSOC 15-1254

Explorador de archivos

22 archivos

SKILL.md

readonly

name	sendgrid-webhooks
description	Receive and verify SendGrid webhooks. Use when setting up SendGrid webhook handlers, debugging signature verification, or handling email delivery events.
license	MIT
metadata	{"author":"hookdeck","version":"0.1.0","repository":"https://github.com/hookdeck/webhook-skills"}

SendGrid Webhooks

When to Use This Skill

Setting up SendGrid webhook handlers for email delivery tracking
Debugging ECDSA signature verification failures
Processing email events (bounce, delivered, open, click, spam report)
Implementing email engagement analytics

Essential Code

Signature Verification (Manual)

SendGrid uses ECDSA (Elliptic Curve Digital Signature Algorithm) with public key verification.

// Node.js manual verification
const crypto = require('crypto');

function verifySignature(publicKey, payload, signature, timestamp) {
  // Decode the base64 signature
  const decodedSignature = Buffer.from(signature, 'base64');

  // Create the signed content
  const signedContent = timestamp + payload;

  // Create verifier
  const verifier = crypto.createVerify('sha256');
  verifier.update(signedContent);

  // Add PEM headers if not present
  let pemKey = publicKey;
  if (!pemKey.includes('BEGIN PUBLIC KEY')) {
    pemKey = `-----BEGIN PUBLIC KEY-----\n${publicKey}\n-----END PUBLIC KEY-----`;
  }

  // Verify the signature
  return verifier.verify(pemKey, decodedSignature);
}

// Express middleware
app.post('/webhooks/sendgrid', express.raw({ type: 'application/json' }), (req, res) => {
  const signature = req.get('X-Twilio-Email-Event-Webhook-Signature');
  const timestamp = req.get('X-Twilio-Email-Event-Webhook-Timestamp');

  if (!signature || !timestamp) {
    return res.status(400).send('Missing signature headers');
  }

  const publicKey = process.env.SENDGRID_WEBHOOK_VERIFICATION_KEY;
  const payload = req.body.toString();

  if (!verifySignature(publicKey, payload, signature, timestamp)) {
    return res.status(400).send('Invalid signature');
  }

  // Process events
  const events = JSON.parse(payload);
  console.log(`Received ${events.length} events`);

  res.sendStatus(200);
});

Using SendGrid SDK

const { EventWebhook } = require('@sendgrid/eventwebhook');

const verifyWebhook = new EventWebhook();
const publicKey = process.env.SENDGRID_WEBHOOK_VERIFICATION_KEY;

app.post('/webhooks/sendgrid', express.raw({ type: 'application/json' }), (req, res) => {
  const signature = req.get('X-Twilio-Email-Event-Webhook-Signature');
  const timestamp = req.get('X-Twilio-Email-Event-Webhook-Timestamp');

  const isValid = verifyWebhook.verifySignature(
    publicKey,
    req.body,
    signature,
    timestamp
  );

  if (!isValid) {
    return res.status(400).send('Invalid signature');
  }

  // Process webhook
  res.sendStatus(200);
});

Common Event Types

Event	Description	Use Cases
`processed`	Message has been received and is ready to be delivered	Track email processing
`delivered`	Message successfully delivered to recipient	Delivery confirmation
`bounce`	Message permanently rejected (includes type='blocked' for blocked messages)	Update contact lists, handle failures
`deferred`	Temporary delivery failure	Monitor delays
`open`	Recipient opened the email	Engagement tracking
`click`	Recipient clicked a link	Link tracking, CTR analysis
`spam report`	Email marked as spam	List hygiene, sender reputation
`unsubscribe`	Recipient unsubscribed	Update subscription status
`group unsubscribe`	Recipient unsubscribed from a group	Update group subscription preferences
`group resubscribe`	Recipient resubscribed to a group	Update group subscription preferences

Environment Variables

# Your SendGrid webhook verification key (public key)
SENDGRID_WEBHOOK_VERIFICATION_KEY="MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE..."

Local Development

For local webhook testing, use Hookdeck CLI:

npx hookdeck-cli listen 3000 sendgrid --path /webhooks/sendgrid

No account required. Provides local tunnel + web UI for inspecting requests.

Resources

overview.md - What SendGrid webhooks are, common event types
setup.md - Configure webhooks in SendGrid dashboard, get verification key
verification.md - ECDSA signature verification details and gotchas
examples/ - Complete implementations for Express, Next.js, and FastAPI

Related Skills

webhook-handler-patterns - Cross-cutting patterns (idempotency, retries, framework guides)
hookdeck-event-gateway - Webhook infrastructure that replaces your queue — guaranteed delivery, automatic retries, replay, rate limiting, and observability for your webhook handlers

Más de este repositorio

mismo repositorio

webhook-dx-audit

hookdeck/webhook-skills

Audit the developer experience of any platform that sends outbound webhooks or event destinations to its customers, and produce a structured YAML audit file with scored findings and prioritized recommendations. Use whenever the task is to review, assess, grade, or critique a company's webhook/event- delivery DX: their signup and onboarding, signing and verification, retry and delivery semantics, event catalog and payloads, setup surfaces (UI/API/CLI/IaC/SDK), consumer-facing observability, local dev, and local-to-production transition. Trigger this for a 'webhook DX review', 'event destinations audit', or an 'outbound webhook assessment', even if the user names a specific company (e.g. 'review Acme's webhooks') rather than the word audit. The output is a YAML audit file conforming to `schema/audit.schema.yaml`; whoever consumes it downstream renders their own presentation.

2026-06-0573

knock-webhooks

hookdeck/webhook-skills

Receive and verify Knock outbound webhooks. Use when setting up Knock webhook handlers, debugging x-knock-signature verification, or handling notification events like message.sent, message.delivered, message.bounced, message.read, workflow.committed, or message.link_clicked.

2026-05-1573

scrapfly-webhooks

hookdeck/webhook-skills

Receive and verify Scrapfly webhooks. Use when setting up Scrapfly webhook handlers for async scrape, extraction, screenshot, or crawler jobs, debugging X-Scrapfly-Webhook-Signature verification, or routing on X-Scrapfly-Webhook-Resource-Type.

2026-05-1573

orb-webhooks

hookdeck/webhook-skills

Receive and verify Orb webhooks. Use when setting up Orb webhook handlers, debugging Orb signature verification, or handling usage-based billing events like invoice.issued, subscription.created, or customer.credit_balance_dropped.

2026-05-1473

twilio-webhooks

hookdeck/webhook-skills

Receive and verify Twilio webhooks. Use when setting up Twilio webhook handlers, debugging X-Twilio-Signature verification, or handling communications events like incoming SMS, voice calls, message status callbacks (delivered, failed), or recording status callbacks.

2026-05-1173

slack-webhooks

hookdeck/webhook-skills

Receive and verify Slack Events API webhooks. Use when setting up Slack webhook handlers, debugging Slack signature verification, handling the url_verification challenge, or processing events like app_mention, message, reaction_added, team_join, or app_home_opened.

2026-05-1173

name	sendgrid-webhooks
description	Receive and verify SendGrid webhooks. Use when setting up SendGrid webhook handlers, debugging signature verification, or handling email delivery events.
license	MIT
metadata	{"author":"hookdeck","version":"0.1.0","repository":"https://github.com/hookdeck/webhook-skills"}

SendGrid Webhooks

When to Use This Skill

Setting up SendGrid webhook handlers for email delivery tracking
Debugging ECDSA signature verification failures
Processing email events (bounce, delivered, open, click, spam report)
Implementing email engagement analytics

Essential Code

Signature Verification (Manual)

SendGrid uses ECDSA (Elliptic Curve Digital Signature Algorithm) with public key verification.

// Node.js manual verification
const crypto = require('crypto');

function verifySignature(publicKey, payload, signature, timestamp) {
  // Decode the base64 signature
  const decodedSignature = Buffer.from(signature, 'base64');

  // Create the signed content
  const signedContent = timestamp + payload;

  // Create verifier
  const verifier = crypto.createVerify('sha256');
  verifier.update(signedContent);

  // Add PEM headers if not present
  let pemKey = publicKey;
  if (!pemKey.includes('BEGIN PUBLIC KEY')) {
    pemKey = `-----BEGIN PUBLIC KEY-----\n${publicKey}\n-----END PUBLIC KEY-----`;
  }

  // Verify the signature
  return verifier.verify(pemKey, decodedSignature);
}

// Express middleware
app.post('/webhooks/sendgrid', express.raw({ type: 'application/json' }), (req, res) => {
  const signature = req.get('X-Twilio-Email-Event-Webhook-Signature');
  const timestamp = req.get('X-Twilio-Email-Event-Webhook-Timestamp');

  if (!signature || !timestamp) {
    return res.status(400).send('Missing signature headers');
  }

  const publicKey = process.env.SENDGRID_WEBHOOK_VERIFICATION_KEY;
  const payload = req.body.toString();

  if (!verifySignature(publicKey, payload, signature, timestamp)) {
    return res.status(400).send('Invalid signature');
  }

  // Process events
  const events = JSON.parse(payload);
  console.log(`Received ${events.length} events`);

  res.sendStatus(200);
});

Using SendGrid SDK

const { EventWebhook } = require('@sendgrid/eventwebhook');

const verifyWebhook = new EventWebhook();
const publicKey = process.env.SENDGRID_WEBHOOK_VERIFICATION_KEY;

app.post('/webhooks/sendgrid', express.raw({ type: 'application/json' }), (req, res) => {
  const signature = req.get('X-Twilio-Email-Event-Webhook-Signature');
  const timestamp = req.get('X-Twilio-Email-Event-Webhook-Timestamp');

  const isValid = verifyWebhook.verifySignature(
    publicKey,
    req.body,
    signature,
    timestamp
  );

  if (!isValid) {
    return res.status(400).send('Invalid signature');
  }

  // Process webhook
  res.sendStatus(200);
});

Common Event Types

Event	Description	Use Cases
`processed`	Message has been received and is ready to be delivered	Track email processing
`delivered`	Message successfully delivered to recipient	Delivery confirmation
`bounce`	Message permanently rejected (includes type='blocked' for blocked messages)	Update contact lists, handle failures
`deferred`	Temporary delivery failure	Monitor delays
`open`	Recipient opened the email	Engagement tracking
`click`	Recipient clicked a link	Link tracking, CTR analysis
`spam report`	Email marked as spam	List hygiene, sender reputation
`unsubscribe`	Recipient unsubscribed	Update subscription status
`group unsubscribe`	Recipient unsubscribed from a group	Update group subscription preferences
`group resubscribe`	Recipient resubscribed to a group	Update group subscription preferences

Environment Variables

# Your SendGrid webhook verification key (public key)
SENDGRID_WEBHOOK_VERIFICATION_KEY="MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE..."

Local Development

For local webhook testing, use Hookdeck CLI:

npx hookdeck-cli listen 3000 sendgrid --path /webhooks/sendgrid

No account required. Provides local tunnel + web UI for inspecting requests.

Resources

overview.md - What SendGrid webhooks are, common event types
setup.md - Configure webhooks in SendGrid dashboard, get verification key
verification.md - ECDSA signature verification details and gotchas
examples/ - Complete implementations for Express, Next.js, and FastAPI

Related Skills

webhook-handler-patterns - Cross-cutting patterns (idempotency, retries, framework guides)
hookdeck-event-gateway - Webhook infrastructure that replaces your queue — guaranteed delivery, automatic retries, replay, rate limiting, and observability for your webhook handlers