Can Emithook turn inbound email into webhooks?

Yes. Emithook includes an MX engine: give an endpoint an email address, and incoming mail is parsed (headers, body, attachments), SPF/DKIM/DMARC-verified, and delivered as an event to an HTTPS URL, a queue, or the pull API.

Emithook — Open-source webhook infrastructure to receive & send webhooks

Q: What is Emithook?

Emithook is open-source webhook infrastructure to receive, route, and send webhooks — inbound and outbound on one engine — with signing, retries, dead-letter queues, logs and replay.

Q: Does Emithook handle both inbound and outbound webhooks?

Yes. Emithook receives and relays inbound webhooks (via HTTPS or a queue you write to) and sends outbound webhooks as a service, including fan-out to an application's subscribers — all on the same delivery engine.

Q: Is Emithook open source?

Yes, Emithook is open-source (Apache-2.0) and self-hostable with no cloud lock-in, or available as a managed cloud with regional data residency (India / ap-south-1 today, multi-region by design).

Q: Is Emithook LLM and agent friendly?

Yes. Emithook ships an MCP server plus a full CLI and SDKs over one scoped API, so AI agents can query deliveries and run operations like replay safely.

Works with every provider

WhatsAppShopifyStripeRazorpaySlackGitHubTwilioZoho

Every source, one pipeline

HTTP, queues, email — or our API

However an event reaches you, it enters the same engine — signed, routed, retried, logged, replayable. Four ways in, three ways out.

🌐

HTTPS edge

Providers POST to a stable URL. Acked + durably buffered in <100ms (never dropped); HMAC verified in the processing plane; handshakes answered at the edge.

<ingest-domain>/<slug>

📥

Queue ingestion

Already producing to a broker? We consume it — SQS, SNS, Pub/Sub, Kafka, NATS, Redis. No per-request cost.

📧

Inbound email → AI

Mail to an alias becomes an event — parsed, SPF/DKIM-verified, shown in an inbox, and readable by an LLM via MCP.

<alias>@in.<ingest-domain>

⚡

Send API

No inbound source? Just POST a payload and a destination — we sign, deliver, retry and log it.

POST /v1/send

One engine, both directions

Receive webhooks. Send webhooks.
One reliable pipeline.

Most teams build one side and bolt on the other. Emithook does both on a single engine — the same signing, retries, circuit-breaking, logs and replay everywhere.

⇲

Receive & relay

Give providers a stable URL — we ack in <100ms, verify the signature, and route to your systems. You can be down for hours and lose nothing.

HTTPS, queue ingestion, or inbound email → webhook
Provider presets: HMAC verify + handshakes
Zero-setup domain, or bring your own (auto-TLS)
Durable buffer, full audit, one-click replay

📤

Send & broadcast

Push your own events as webhooks-as-a-service. One call delivers to a URL or queue — or fans out to all of an app's subscribers.

Send API + application fan-out
Standard Webhooks signing receivers trust
Backoff retries, circuit breaker, dead-letter
White-label consumer portal & logs

How teams use it

Three delivery patterns, zero infra

01 · Fan-out

One event → many destinations

An event always goes to the same set of endpoints. Define the routes once.

02 · Per-tenant

Same event → each tenant's URL

03 · Direct send

Just deliver this payload

Ad-hoc POST /v1/send to a URL or queue — we handle slow endpoints, retries and DLQ.

Batteries included

Everything reliable delivery needs

The reliability layer you'd otherwise build and maintain yourself.

🔁

Retries, DLQ & replay

Exponential backoff with jitter (immediate → 5s → … → ~28h), then a replayable dead-letter queue. Replay one, in bulk, or from the archive.

🔐

Signed payloads

Standard Webhooks HMAC with secret rotation — verify with any library.

🛡️

SSRF-guarded

DNS-pinned, private-IP denylist, no redirects, isolated egress.

🧯

Circuit breaker

Auto-pause dead endpoints, park events, probe & recover.

🧭

Guided destinations & central registry

Define a destination once, reference it everywhere. Connect any queue via a step-by-step flow that hands you the exact IAM grant — no shared keys.

🌐

Zero-setup domains

Live instantly on our domain — bring your own with auto-TLS.

🗂️

Logs & archive

Every attempt logged; gzipped hourly files per URL for export.

Developer-first & agent-native

For your terminal, your code,
and your AI agents

Everything is one scoped API. The console, CLI, SDKs and an MCP server all do the same things — so an LLM can query deliveries and run ops, safely.

🤖

MCP server

Connect Claude, Cursor or your own agent. Reads are safe by default; writes (replay, rotate secret) need a write key & confirmation.

⌨️

Full CLI

Operate & query from the terminal or CI — logs tail, replay, send, dlq redrive. Scriptable, JSON output.

📦

TypeScript SDK

One typed client for send + management today; Python, Go and a Terraform provider are on the roadmap — generate a client from the OpenAPI spec in the meantime. Receivers verify with the open Standard-Webhooks libraries.

// deliver one payload to a destination
await fetch("https://api.emithook.com/v1/send", {
  method: "POST",
  headers: { Authorization: `Bearer ${EK_KEY}`,
             "Idempotency-Key": invoiceId },
  body: JSON.stringify({
    destination: "dst_acme",
    event_type:  "invoice.created",
    payload:     { amount: 4999, currency: "INR" }
  })
});  // → 202 { message_id }

// fan out to a tenant's subscribed endpoints
await emithook.app("acme").send({
  event_type: "invoice.created",
  payload: { id: "INV-2026-001", amount: 4999 }
});
// → delivered to every endpoint on invoice.*
//   each signed, retried & logged independently

// receivers verify with the open Standard Webhooks lib
import { Webhook } from "standardwebhooks";

const wh = new Webhook(process.env.WHSEC);
app.post("/hooks", (req, res) => {
  const evt = wh.verify(req.rawBody, req.headers); // throws if invalid
  handle(evt);
  res.sendStatus(200);
});

# operate & query from your terminal
npm i -g @emithook/cli
emithook logs tail --endpoint /razorpay-live
emithook replay --dlq --endpoint /razorpay-live
emithook send -d dst_acme -t invoice.created -f body.json
# same scoped API powers console, CLI & MCP

Open source · Apache-2.0

Run it yourself, or let us host it.

Fully open-source with pluggable adapters — no AWS or Cloudflare lock-in. Bring Postgres, NATS, Redis and MinIO and you're live with one command. Or use our managed cloud, resident in your region (India / ap-south-1 today, multi-region by design).

★ Star on GitHub Self-hosting guide

self-host

# up and running in one command git clone github.com/emithook/emithook docker compose up ✓ emithook ready on :8080 ✓ postgres · nats · redis · minio # no cloud account required

events / month

retries over ~28h

edge ack p99

log archive

FAQ

Questions, answered

What is Emithook?

Open-source webhook infrastructure to receive, route, and send webhooks — inbound and outbound on one engine — with signing, retries, dead-letter queues, logs and one-click replay. The reliability layer you'd otherwise build yourself.

Does it handle both inbound and outbound?

Yes. Emithook receives & relays inbound webhooks (via HTTPS or a queue you write to) and sends outbound webhooks as a service — including fan-out to an application's subscribers — on the same delivery engine.

Is it open source?

Yes — Apache-2.0 and fully self-hostable with no AWS/Cloudflare lock-in (bring Postgres, NATS, Redis, MinIO). A managed cloud with regional data residency is also available.

Is it LLM / AI-agent friendly?

Yes. Emithook ships an MCP server alongside a full CLI and SDKs over one scoped API, so AI agents can query deliveries and run operations like replay — with write actions gated behind confirmation.

Can it turn inbound email into webhooks — and can an AI read it?

Yes to both. The built-in MX engine gives you unlimited aliases (your domain or ours). Incoming mail is parsed, SPF/DKIM/DMARC-verified, shown in an inbox, and delivered as an event — and it's LLM-readable via MCP, so an agent can read and act on its own mail.

How fast can I start — do I need DNS?

No setup. You're live in seconds on our dedicated ingest domain — a webhook URL at <ingest-domain>/<slug> and an alias at <alias>@in.<ingest-domain>, already TLS- and DKIM-ready. Bringing your own domain is optional, for branding.

Where is my data stored?

You choose your region. The managed cloud is multi-region by design — India (AWS ap-south-1) is available today, with more regions coming. Self-hosted, your data lives wherever you run it — full residency control.

Ship webhooks you can trust.

Live in seconds on our domain — zero DNS. Receive, route, and send, all from one platform.

Get started → View on GitHub