Resend email integration
Agentbot integrates with Resend for both inbound email handling and outbound email event tracking. Inbound emails from approved senders are forwarded to your agent, while outbound email events (delivery, opens, clicks, bounces) are logged for analytics and compliance.How it works
Inbound emails
- A user sends an email to your Resend inbox address
- Resend forwards the email to
POST /api/webhooks/resend - Agentbot verifies the webhook signature, checks the sender against an allowlist, and applies rate limiting
- Approved emails are processed and made available to your agent
Outbound email event tracking
- Agentbot sends a transactional email through Resend
- Resend delivers the email and tracks lifecycle events (sent, delivered, opened, clicked, bounced, complained)
- Resend forwards each event to
POST /api/webhooks/resend - Agentbot logs the event and takes action for bounces and complaints
Setup
1
Create a Resend webhook
In the Resend dashboard, create a webhook pointing to:Subscribe to the event types you need. For full coverage, enable all of the following:
email.sentemail.deliveredemail.delivery_delayedemail.bouncedemail.complainedemail.openedemail.clickedemail.received(for inbound email processing)
2
Configure environment variables
Add the following environment variables to your deployment:
3
Test the integration
Send an email from one of the allowed sender addresses to your Resend inbox. Check the agent logs to confirm it was received and processed. For outbound tracking, send a test email through Resend and verify that delivery events appear in your logs.
Webhook endpoint
Headers
Request body
The request body is a JSON object with the following fields:
For bounce events, the
data object also includes:
Signature verification
The endpoint verifies the webhook payload using the Resend SDK’s built-in signature verification. Requests with invalid or missing signatures are acknowledged with200 to prevent Resend from retrying.
Handled event types
Response
The endpoint always returns200 to prevent Resend from retrying delivery.
Inbound email response:
Outbound event response:
Security
Sender allowlist
Only emails from addresses listed in theALLOWED_SENDERS environment variable are processed. All other emails are rejected and logged for audit. This is a strict allowlist — there is no wildcard or domain-level matching.
Rate limiting
Each allowed sender is limited to 10 emails per hour. Emails that exceed this limit are acknowledged but not processed.Content sanitization
Email bodies are sanitized before processing:- Script tags and HTML markup are stripped
- Body text is truncated to 5,000 characters
Troubleshooting
Webhook returns 500
Webhook returns 500
Verify that the
RESEND_WEBHOOK_SECRET environment variable is set. The endpoint cannot verify signatures without it.Emails are rejected
Emails are rejected
Check that the sender’s email address is included in
ALLOWED_SENDERS. Addresses are matched in a case-insensitive manner.Emails are rate limited
Emails are rate limited
The limit is 10 emails per sender per hour. Wait for the rate limit window to reset or adjust the sending frequency.