How webhooks work in plain English
You give Senddio a URL on your servers. Whenever an interesting event happens — a message is delivered, an email is opened, a customer replies — Senddio makes an HTTPS POST to that URL with a JSON body describing the event. Your server receives the request, does whatever it needs to do, and responds with HTTP 200 to confirm receipt.
Why webhooks matter
Webhooks are how modern apps stay in sync. Without them, you would have to poll an API constantly to check for new events, which is slow, wasteful, and easily falls behind real time. With webhooks, the moment something happens, your system knows.
Webhook security
Because anyone could in principle send a POST to your endpoint, every serious webhook system signs its requests. Senddio includes an HMAC signature in a header on every webhook; your code verifies the signature using a shared secret before trusting the payload. We also support replay protection by including a timestamp and rejecting old requests.
Retries and idempotency
If your endpoint is briefly unavailable, Senddio retries with exponential backoff over 24 hours before giving up. To handle retries safely, every webhook event has a stable id, so your code can recognise a repeated delivery and avoid duplicating work.