菜单
Receive and process Postmark webhooks. Use when setting up Postmark webhook handlers, handling email delivery events, processing bounces, opens, clicks, spam complaints, or subscription changes.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Audit the developer experience of any platform that sends outbound webhooks or event destinations to its customers, and produce a structured YAML audit file with scored findings and prioritized recommendations. Use whenever the task is to review, assess, grade, or critique a company's webhook/event- delivery DX: their signup and onboarding, signing and verification, retry and delivery semantics, event catalog and payloads, setup surfaces (UI/API/CLI/IaC/SDK), consumer-facing observability, local dev, and local-to-production transition. Trigger this for a 'webhook DX review', 'event destinations audit', or an 'outbound webhook assessment', even if the user names a specific company (e.g. 'review Acme's webhooks') rather than the word audit. The output is a YAML audit file conforming to `schema/audit.schema.yaml`; whoever consumes it downstream renders their own presentation.
Receive and verify Knock outbound webhooks. Use when setting up Knock webhook handlers, debugging x-knock-signature verification, or handling notification events like message.sent, message.delivered, message.bounced, message.read, workflow.committed, or message.link_clicked.
Receive and verify Scrapfly webhooks. Use when setting up Scrapfly webhook handlers for async scrape, extraction, screenshot, or crawler jobs, debugging X-Scrapfly-Webhook-Signature verification, or routing on X-Scrapfly-Webhook-Resource-Type.
Receive and verify Orb webhooks. Use when setting up Orb webhook handlers, debugging Orb signature verification, or handling usage-based billing events like invoice.issued, subscription.created, or customer.credit_balance_dropped.
Receive and verify Twilio webhooks. Use when setting up Twilio webhook handlers, debugging X-Twilio-Signature verification, or handling communications events like incoming SMS, voice calls, message status callbacks (delivered, failed), or recording status callbacks.
Receive and verify Slack Events API webhooks. Use when setting up Slack webhook handlers, debugging Slack signature verification, handling the url_verification challenge, or processing events like app_mention, message, reaction_added, team_join, or app_home_opened.
| name | postmark-webhooks |
| description | Receive and process Postmark webhooks. Use when setting up Postmark webhook handlers, handling email delivery events, processing bounces, opens, clicks, spam complaints, or subscription changes. |
| license | MIT |
| metadata | {"author":"hookdeck","version":"0.1.0","repository":"https://github.com/hookdeck/webhook-skills"} |
Postmark does NOT use signature verification. Instead, webhooks are authenticated by including credentials in the webhook URL itself.
// Express - Basic Auth in URL
// Configure webhook URL in Postmark as:
// https://username:password@yourdomain.com/webhooks/postmark
app.post('/webhooks/postmark', express.json(), (req, res) => {
// Basic auth is handled by your web server or proxy
// Additional validation can check expected payload structure
const event = req.body;
// Validate expected fields exist
if (!event.RecordType || !event.MessageID) {
return res.status(400).send('Invalid payload structure');
}
// Process event
console.log(`Received ${event.RecordType} event for ${event.Email}`);
res.sendStatus(200);
});
// Alternative: Token in URL
// Configure webhook URL as:
// https://yourdomain.com/webhooks/postmark?token=your-secret-token
app.post('/webhooks/postmark', express.json(), (req, res) => {
const token = req.query.token;
if (token !== process.env.POSTMARK_WEBHOOK_TOKEN) {
return res.status(401).send('Unauthorized');
}
const event = req.body;
console.log(`Received ${event.RecordType} event`);
res.sendStatus(200);
});
// Postmark sends one event per request (not batched)
app.post('/webhooks/postmark', express.json(), (req, res) => {
const event = req.body;
switch (event.RecordType) {
case 'Bounce':
console.log(`Bounce: ${event.Email} - ${event.Type} - ${event.Description}`);
// Update contact as undeliverable
break;
case 'SpamComplaint':
console.log(`Spam complaint: ${event.Email}`);
// Remove from mailing list
break;
case 'Open':
console.log(`Email opened: ${event.Email} at ${event.ReceivedAt}`);
// Track engagement
break;
case 'Click':
console.log(`Link clicked: ${event.Email} - ${event.OriginalLink}`);
// Track click-through rate
break;
case 'Delivery':
console.log(`Delivered: ${event.Email} at ${event.DeliveredAt}`);
// Confirm delivery
break;
case 'SubscriptionChange':
console.log(`Subscription change: ${event.Email} - ${event.ChangedAt}`);
// Update subscription preferences
break;
case 'Inbound':
console.log(`Inbound email from: ${event.Email} - Subject: ${event.Subject}`);
// Process incoming email
break;
case 'SMTP API Error':
console.log(`SMTP API error: ${event.Email} - ${event.Error}`);
// Handle API error, maybe retry
break;
default:
console.log(`Unknown event type: ${event.RecordType}`);
}
res.sendStatus(200);
});
| Event | RecordType | Description | Key Fields |
|---|---|---|---|
| Bounce | Bounce | Hard/soft bounce or blocked email | Email, Type, TypeCode, Description |
| Spam Complaint | SpamComplaint | Recipient marked as spam | Email, BouncedAt |
| Open | Open | Email opened (requires open tracking) | Email, ReceivedAt, Platform, UserAgent |
| Click | Click | Link clicked (requires click tracking) | Email, ClickedAt, OriginalLink |
| Delivery | Delivery | Successfully delivered | Email, DeliveredAt, Details |
| Subscription Change | SubscriptionChange | Unsubscribe/resubscribe | Email, ChangedAt, SuppressionReason |
| Inbound | Inbound | Incoming email received | Email, FromFull, Subject, TextBody, HtmlBody |
| SMTP API Error | SMTP API Error | SMTP API call failed | Email, Error, ErrorCode, MessageID |
# For token-based authentication
POSTMARK_WEBHOOK_TOKEN="your-secret-token-here"
# For basic auth (if not using URL-embedded credentials)
WEBHOOK_USERNAME="your-username"
WEBHOOK_PASSWORD="your-password"
For local webhook testing, use Hookdeck CLI:
npx hookdeck-cli listen 3000 postmark --path /webhooks/postmark
No account required. Provides local tunnel + web UI for inspecting requests.
For production-ready webhook handling, also install the webhook-handler-patterns skill: