Skip to content

Ingest an inbound event

POST
/v1/in/{inboundKey}

Start or advance a flow. The body is verified against the connection’s shared secret using the signature headers. Identified by inboundKey in the path — no bearer token. Hosted on hooks.2mee.com.

inboundKey
required
string

Unguessable per-connection key embedded in the inbound URL.

webhook-id
required
string

Stable message id (idempotency key).

webhook-timestamp
required
string

Unix seconds when the message was signed; used for replay rejection.

webhook-signature
required
string

HMAC-SHA256 over the raw body, base64, prefixed v1,.

object
version
required
string
1
messageId
required
string
msg_01HZX9
occurredAt
required
string format: date-time
eventType
required
string
purchase_completed
clientUserId
string
user_8842
attributes
object
key
additional properties
any
endpoints
object
email
string format: email
phone
string
raw
object
key
additional properties
any

Accepted and queued for the engine.

Missing or invalid authentication/signature.

object
error
object
code
string
invalid_signature
message
string
requestId
string

Resource not found.

object
error
object
code
string
invalid_signature
message
string
requestId
string

Duplicate messageId — already processed (safe to treat as success).

Payload exceeds the 256 KB cap.

Too many requests — honour Retry-After.

object
error
object
code
string
invalid_signature
message
string
requestId
string
Retry-After
integer

Seconds to wait before retrying.

Was this page helpful? Tell us / report an issue ↗