Guide
How to receive email as a webhook
To receive email as a webhook, point an inbound address at a service that parses incoming mail at the edge and POSTs it to your app as JSON — then verify the signature on each request. This replaces running an SMTP server or polling a mailbox over IMAP. Here's the whole path in three steps.
1. Get an inbound address
Sign up and you're given a dedicated address like inbox@replyflow.com. There's no MX record to change and no mail server to stand up — the address is live immediately. (If you want mail at your own domain, you can point a subdomain's MX at the service, but you don't need to to start.)
2. Point your webhook at it
Set your app's HTTPS endpoint as the webhook URL. From then on, every email sent to your address is parsed — quoted history and signature stripped, sender and subject extracted, thread computed, intent tagged — and delivered to your endpoint as a JSON POST within seconds. If you don't set a webhook yet, messages are stored and readable via the API, so nothing is lost while you build.
3. Verify the signature
Because anyone could POST to your endpoint, each real delivery is signed. ReplyFlow sends X-ReplyFlow-Timestamp and X-ReplyFlow-Signature; recompute the HMAC and compare before trusting the request:
// Node / any edge runtime
const ts = req.headers["x-replyflow-timestamp"];
const sig = req.headers["x-replyflow-signature"]; // "sha256=..."
const mac = crypto.createHmac("sha256", SIGNING_SECRET)
.update(ts + "." + rawBody).digest("hex");
if (sig !== "sha256=" + mac) return res.status(401).end();
// also reject timestamps older than ~5 minutes to prevent replay
What you receive
Each POST body is a compact object: from, subject, the cleaned text, a thread_id, the tagged intent, and flags for what was stripped. See the payload schema in the docs or the full reference. You can also send replies and request human-in-the-loop approvals through the same API — see the docs.
Why not just poll IMAP?
Polling means latency (you only see mail when you next check), fragility (connections drop, auth expires), and raw MIME you still have to parse. A webhook pushes each message to you the instant it arrives, already structured. For most apps that's simpler and faster to build against.