Webhook Events - Ark Email API

Webhooks allow you to receive real-time HTTP notifications when events occur in Ark. Instead of polling the API, configure a webhook endpoint and Ark will send events to your server as they happen.

How Webhooks Work

Configure a webhook - Use the Webhooks API to register your endpoint URL
Select events - Choose which events you want to receive (or subscribe to all)
Receive notifications - Ark sends POST requests to your endpoint when events occur
Process events - Your server handles the webhook payload and returns a 200 response

Event Categories

Email Events

Delivery status updates for your emails

Engagement Events

Opens and clicks from recipients

Domain Events

DNS and configuration issues

Email Events

Event	Description	Suppression
`MessageSent`	Email successfully delivered to recipient’s server	Clears if exists
`MessageDelayed`	Temporary delivery issue (soft bounce), will retry	No
`MessageDeliveryFailed`	Permanent delivery failure (hard bounce)	Automatic
`MessageBounced`	NDR received after initial delivery acceptance	Manual only
`MessageHeld`	Email held for manual review (spam, suppression, etc.)	No

Bounce suppression: MessageDeliveryFailed (hard bounce) automatically adds the recipient to the suppression list. MessageBounced (NDR received) does NOT automatically suppress - handle this webhook to manually add addresses to your suppression list via the API if desired.

Engagement Events

Event	Description
`MessageLoaded`	Recipient opened the email (tracking pixel loaded)
`MessageLinkClicked`	Recipient clicked a link in the email

Domain Events

Event	Description
`DomainDNSError`	DNS configuration issue with your sending domain

Payload Structure

All webhook events follow the same structure:

{
  "event": "MessageSent",
  "timestamp": 1704672000.123456,
  "uuid": "abc123-def456-ghi789",
  "payload": {
    "message": {
      "id": 12345,
      "token": "abc123",
      "direction": "outgoing",
      "message_id": "<[email protected]>",
      "to": "[email protected]",
      "from": "[email protected]",
      "subject": "Welcome to our service",
      "timestamp": 1704672000.0,
      "spam_status": "NotSpam",
      "tag": "onboarding"
    },
    "status": "Sent",
    "details": "250 OK",
    "output": "Message accepted",
    "sent_with_ssl": true,
    "timestamp": 1704672000.123456,
    "time": 0.234
  }
}

Security

All webhooks are cryptographically signed using RSA-SHA256. Each request includes:

Header	Description
`X-Ark-Signature`	Base64-encoded RSA-SHA256 signature of the request body
`X-Ark-Signature-KID`	Key ID identifying which public key was used

Verify signatures by fetching the public key from:

GET https://mail.arkhq.io/.well-known/jwks.json

Signature Verification

See complete verification examples in Node.js, Python, and Ruby

Responding to Webhooks

Your endpoint should:

Return 200 quickly - Respond within 5 seconds to acknowledge receipt
Verify the signature - Always verify the X-Ark-Signature header
Process asynchronously - Queue events for processing if needed
Handle duplicates - Use the uuid field for idempotency

Python (FastAPI)
Node.js (Express)
Ruby (Sinatra)

from fastapi import FastAPI, Request, HTTPException

app = FastAPI()

@app.post('/webhooks/ark')
async def handle_webhook(request: Request):
    # Verify signature first (see full example in guide)
    signature = request.headers.get('X-Ark-Signature')
    body = await request.body()

    if not verify_signature(body, signature):
        raise HTTPException(status_code=401, detail='Invalid signature')

    event = await request.json()

    # Acknowledge receipt immediately
    # Process event asynchronously
    process_webhook_event(event['event'], event['payload'], event['uuid'])

    return {'status': 'ok'}

app.post('/webhooks/ark', express.raw({ type: 'application/json' }), async (req, res) => {
  // Verify signature first (see full example in guide)
  const signature = req.headers['x-ark-signature'];
  const isValid = await verifySignature(req.body.toString(), signature);

  if (!isValid) {
    return res.status(401).send('Invalid signature');
  }

  const { event, timestamp, uuid, payload } = JSON.parse(req.body);

  // Acknowledge receipt immediately
  res.status(200).send('OK');

  // Process event asynchronously
  processWebhookEvent(event, payload, uuid);
});

post '/webhooks/ark' do
  # Verify signature first (see full example in guide)
  signature = request.env['HTTP_X_ARK_SIGNATURE']
  payload = request.body.read

  halt 401, 'Invalid signature' unless verify_signature(payload, signature)

  event = JSON.parse(payload)

  # Acknowledge receipt immediately, process async
  process_webhook_event(event['event'], event['payload'], event['uuid'])

  'OK'
end

Retry Policy

If your endpoint doesn’t respond with a 2xx status code, Ark will retry delivery:

Attempt	Delay
1	Immediate
2	2 minutes
3	3 minutes
4	6 minutes
5	10 minutes
6	15 minutes

After 6 failed attempts, the webhook is marked as failed and won’t be retried.

Testing Webhooks

Use the test endpoint to send test events to your configured URL:

Python
Node.js
Ruby
Go
cURL

from ark import Ark

client = Ark()

result = client.webhooks.test("whk_abc123", event="MessageSent")

print(f"Success: {result.data.success}")
print(f"Status code: {result.data.status_code}")

import Ark from 'ark';

const client = new Ark();

const result = await client.webhooks.test('whk_abc123', {
  event: 'MessageSent',
});

console.log(`Success: ${result.data.success}`);
console.log(`Status code: ${result.data.statusCode}`);

require "ark_email"

client = ArkEmail::Client.new

result = client.webhooks.test("whk_abc123", event: "MessageSent")

puts "Success: #{result.data.success}"
puts "Status code: #{result.data.status_code}"

client := ark.NewClient()

result, _ := client.Webhooks.Test(ctx, "whk_abc123", ark.WebhookTestParams{
    Event: ark.String("MessageSent"),
})

fmt.Printf("Success: %v\n", result.Data.Success)
fmt.Printf("Status code: %d\n", result.Data.StatusCode)

curl -X POST https://api.arkhq.io/v1/webhooks/{webhookId}/test \
  -H "Authorization: Bearer $ARK_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"event": "MessageSent"}'

Integration Guide

Complete guide with verification examples

Configure Webhooks

Webhooks API reference

Overview

Email Events

Engagement Events

Domain Events

​How Webhooks Work

​Event Categories

Email Events

Engagement Events

Domain Events

​Email Events

​Engagement Events

​Domain Events

​Payload Structure

​Security

Signature Verification

​Responding to Webhooks

​Retry Policy

​Testing Webhooks

Integration Guide

Configure Webhooks

How Webhooks Work

Event Categories

Email Events

Engagement Events

Domain Events

Payload Structure

Security

Responding to Webhooks

Retry Policy

Testing Webhooks