Free Verifier Bulk Verifier API Pricing
Tools
SPF/DKIM/DMARC Checker Fake Email Checker Domain Checker Disposable Checker Deliverability Checker
Sign Up Free

Email Verification Webhooks — Real-Time Event Notifications

Everything you need to integrate email verification into your application.

Getting Started

Webhooks deliver real-time HTTP POST notifications when verification events occur. Instead of polling, configure a URL and receive instant notifications for batch completion, errors, and quota warnings.

Configure webhooks in your dashboard or via API. Each request includes an HMAC-SHA256 signature for security. Failed deliveries retry with exponential backoff. For interactive verification, visit our email verifier.

Code Example

// Webhook payload for batch.completed
{
  "event": "batch.completed",
  "event_id": "evt_abc123",
  "timestamp": "2026-03-21T10:30:00Z",
  "data": {
    "job_id": "job_xyz789",
    "total": 10000,
    "valid": 8500,
    "invalid": 1200,
    "risky": 300,
    "download_url": "https://api.ev.ecomtechbd.com/v1/jobs/job_xyz789/download"
  }
}

// Verify signature (Node.js)
const crypto = require('crypto');
const signature = crypto
  .createHmac('sha256', WEBHOOK_SECRET)
  .update(rawBody)
  .digest('hex');
const isValid = signature === req.headers['x-ev-signature'];

Authentication & Setup

Go to Dashboard then Webhooks then Add Endpoint. Enter your HTTPS URL and select events (batch.completed, batch.failed, verification.completed, quota.warning). Copy the signing secret. Retries: 1min, 5min, 30min, 2hr, 24hr.

Getting Started

Webhooks allow your application to receive real-time HTTP POST notifications when verification events occur, eliminating the need to poll the API for updates. To set up webhooks, navigate to your dashboard at ev.ecomtechbd.com, go to the Webhooks section, and click "Add Endpoint." Enter your HTTPS endpoint URL and select the events you want to subscribe to: batch.completed, batch.failed, verification.completed, quota.warning, and quota.exceeded. Each endpoint receives a unique signing secret that you must store securely for signature verification.

Your webhook endpoint must be publicly accessible over HTTPS with a valid SSL certificate. When an event occurs, we send an HTTP POST request with a JSON body and include an X-EV-Signature header containing an HMAC-SHA256 signature of the request body. Your endpoint should return a 2xx status code within 30 seconds to acknowledge receipt. If the delivery fails, we retry with exponential backoff at intervals of 1 minute, 5 minutes, 30 minutes, 2 hours, and 24 hours. You can view delivery logs, manually retry failed deliveries, and test your endpoint from the dashboard. We also support configuring webhooks via the API using the /v1/webhooks endpoints for programmatic management.

Code Examples

Verify Webhook Signature (Node.js / Express)

const express = require('express');
const crypto = require('crypto');

const app = express();
const WEBHOOK_SECRET = process.env.EV_WEBHOOK_SECRET;

// Use raw body for signature verification
app.post('/webhook', express.raw({ type: 'application/json' }), (req, res) => {
  const signature = crypto
    .createHmac('sha256', WEBHOOK_SECRET)
    .update(req.body)
    .digest('hex');

  if (signature !== req.headers['x-ev-signature']) {
    return res.status(401).json({ error: 'Invalid signature' });
  }

  const event = JSON.parse(req.body);
  console.log('Event:', event.event, 'ID:', event.event_id);

  switch (event.event) {
    case 'batch.completed':
      console.log(`Batch ${event.data.job_id} done: ${event.data.valid} valid`);
      break;
    case 'quota.warning':
      console.log(`Quota warning: ${event.data.remaining} credits left`);
      break;
  }

  res.status(200).json({ received: true });
});

Verify Webhook Signature (Python / Flask)

import hmac
import hashlib
import json
import os
from flask import Flask, request, jsonify

app = Flask(__name__)
WEBHOOK_SECRET = os.environ['EV_WEBHOOK_SECRET']

@app.route('/webhook', methods=['POST'])
def handle_webhook():
    raw_body = request.get_data()
    expected_sig = hmac.new(
        WEBHOOK_SECRET.encode(),
        raw_body,
        hashlib.sha256
    ).hexdigest()

    if not hmac.compare_digest(expected_sig, request.headers.get('X-EV-Signature', '')):
        return jsonify({'error': 'Invalid signature'}), 401

    event = json.loads(raw_body)

    if event['event'] == 'batch.completed':
        job_id = event['data']['job_id']
        valid_count = event['data']['valid']
        print(f"Batch {job_id} completed: {valid_count} valid emails")

    return jsonify({'received': True}), 200

Register Webhook via API

# Create a webhook endpoint
curl -X POST https://api.ev.ecomtechbd.com/v1/webhooks \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://your-app.com/webhook",
    "events": ["batch.completed", "batch.failed", "quota.warning"],
    "active": true
  }'

# List all webhook endpoints
curl https://api.ev.ecomtechbd.com/v1/webhooks \
  -H "Authorization: Bearer YOUR_API_KEY"

# Send a test event to your endpoint
curl -X POST https://api.ev.ecomtechbd.com/v1/webhooks/wh_abc123/test \
  -H "Authorization: Bearer YOUR_API_KEY"

Error Handling

When processing webhook deliveries, your endpoint should always return a 2xx HTTP status code to acknowledge successful receipt, even if you plan to process the event asynchronously. Any non-2xx response or a timeout beyond 30 seconds is treated as a delivery failure and triggers our retry mechanism. We retry failed deliveries up to five times with exponential backoff at intervals of 1 minute, 5 minutes, 30 minutes, 2 hours, and 24 hours. After all retries are exhausted, the delivery is marked as failed and appears in your webhook dashboard log.

Always verify the X-EV-Signature header before processing any webhook payload to prevent spoofed requests. Use a timing-safe comparison function such as crypto.timingSafeEqual in Node.js or hmac.compare_digest in Python to avoid timing attacks. Each event includes a unique event_id field that you should store and check for deduplication, since retries may deliver the same event more than once. If your endpoint needs to perform time-consuming work such as downloading batch results or updating a database, respond with 200 immediately and process the event in a background job queue. Monitor your webhook delivery success rate in the dashboard and configure alert notifications for repeated failures.

Frequently Asked Questions

Webhooks fire for: batch.completed (bulk job finished), batch.failed (bulk job error), verification.completed (single async verification done), and quota.warning (approaching plan limits). Each event includes a unique event ID, timestamp, and relevant payload data.

Every webhook request includes an X-EV-Signature header containing an HMAC-SHA256 signature computed from the payload and your webhook secret. Verify this signature before processing the payload to ensure the request is authentic. The SDK includes helper methods for signature verification.

We retry failed webhook deliveries with exponential backoff: 1 minute, 5 minutes, 30 minutes, 2 hours, and 24 hours. After 5 failed attempts, the webhook is marked as failed and you receive an email notification. You can also poll the jobs endpoint as a fallback. Failed events are stored for 7 days.

Start Verifying Emails Today

100 daily free verifications. No credit card required. Full API access on all plans. Visit our email verifier to get started.

Try Free Email VerifierView Pricing

Try our free email verifier — verify any email instantly, no signup required. Need bulk verification? Upload your list and clean thousands of emails in minutes.

Developers: integrate email verification into your app with our RESTful API — SDKs for 7 languages.

Free tools: SPF checker · DKIM checker · SMTP tester