Email in.
Webhooks out.
InboundKit converts inbound email into structured JSON webhook events. No SMTP servers. No MIME parsing. No infrastructure. Just a clean POST to your endpoint.
Features
Everything you need.
Nothing you don't.
Structured JSON payloads
Every email parsed into a clean, versioned JSON schema. Headers, body, attachments, spam signals — all typed and predictable.
Reliable delivery
At-least-once semantics with exponential backoff retries. Dead-letter queue for persistent failures. Never lose an email.
Webhook signing
HMAC-SHA256 signatures on every request. Timestamp headers for replay protection. Verify authenticity with one line of code.
Attachment handling
Attachments extracted, stored securely, and delivered as signed download URLs. No base64 bloat in your payloads.
Spam intelligence
SPF, DKIM, and spam score included in every payload. Filter or route based on trust signals — you decide the threshold.
Debug everything
Raw MIME viewer, parsed payload inspector, delivery logs, and one-click replay. Debug production emails without guesswork.
How it works
Three steps. Five minutes.
From zero to receiving structured email data in your app.
Create an inbound address
Generate a unique email address from the dashboard or API. Each address maps to one webhook endpoint.
curl -X POST https://api.inboundkit.dev/addresses \
-H "Authorization: Bearer ik_live_..." \
-d '{"webhook_url": "https://your-app.com/webhook"}'{
"id": "addr_8xK2mQ",
"email": "[email protected]",
"webhook_url": "https://your-app.com/webhook",
"created_at": "2025-03-25T12:00:00Z"
}Receive emails
Point senders to your InboundKit address. We handle SMTP reception, MIME parsing, attachment extraction, and spam analysis.
Email received
SMTP → SES
Stored & parsed
S3 + MIME parser
Spam analyzed
SPF / DKIM / Score
Webhook dispatched
HTTPS POST
Consume webhooks
Get a clean JSON POST at your endpoint within seconds. Verify the HMAC signature. Process the structured data. Done.
app.post("/webhook", (req, res) => {
const { event_id, from, subject, text, attachments } = req.body;
// Verify signature
const valid = verifySignature(req);
if (!valid) return res.status(401).end();
// Process the email
console.log(`New email from ${from.email}: ${subject}`);
res.status(200).json({ received: true });
});Developer experience
Built API-first.
Every feature available via REST API with Bearer auth. OpenAPI spec included. Webhook signatures use standard HMAC-SHA256 — verify in any language with one function.
import crypto from "crypto";
function verifyWebhook(req, secret) {
const signature = req.headers["x-webhook-signature"];
const timestamp = req.headers["x-webhook-timestamp"];
const payload = timestamp + "." + JSON.stringify(req.body);
const expected = "sha256=" + crypto
.createHmac("sha256", secret)
.update(payload)
.digest("hex");
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}Pricing
Simple, transparent pricing
Start free. Scale when you're ready.
Free
For testing and side projects.
- 100 emails / month
- 1 inbound address
- 7-day log retention
- Webhook signing
- Community support
Starter
For developers shipping real products.
- 10,000 emails / month
- 10 inbound addresses
- 30-day log retention
- Webhook signing
- Raw email viewer
- Event replay
- Email support
Pro
For teams with production workloads.
- 100,000 emails / month
- Unlimited addresses
- 90-day log retention
- Webhook signing
- Raw email viewer
- Event replay
- Priority support
- 99.9% SLA
Enterprise
Custom SLA, volume, and support.
- Custom volume
- Unlimited addresses
- Custom retention
- Dedicated support
- Custom SLA + RTO/RPO
- DPA included
- SSO / SAML (roadmap)
Start receiving email webhooks
in under five minutes.
No credit card required. 100 emails per month free forever.