Inbound

Alpha

DSAR is currently in alpha. APIs, package surfaces, configuration, and documentation may change as the project evolves.

DSAR uses inbound adapters to receive data subject access requests from external sources. Each adapter verifies webhook authenticity, normalises the payload into a canonical capture format, and routes it to the correct tenant and jurisdiction.

Available Adapters

Adapter	Package	Source
Resend	`@dsar/inbound-resend`	Email via Resend inbound webhooks
Slack	`@dsar/inbound-slack`	Slack messages, commands, shortcuts, and modals

How Inbound Works

An external event arrives at a DSAR webhook endpoint (e.g. POST /webhooks/inbound/resend).
The adapter verifies the request signature.
The adapter resolves a route to determine tenantId, workspaceId, and jurisdiction.
The event is normalised into a canonical NormalizedInboundPayload.
The backend's captureRequestLifecycle() creates or deduplicates the DSAR request.

Intake Mapping

All inbound adapters produce a consistent capture payload:

jurisdiction — resolved from route configuration
intakeSource.type — adapter-specific (e.g. inbound_email, slack)
intakeSource.receivedAt — authoritative timestamp from the source
intakeSource.rawContextRef — source-specific reference for traceability
requestor.email — parsed from the source when available

Idempotency

Inbound adapters derive deterministic idempotency keys so replayed webhook deliveries return the original request ID instead of creating duplicates.

Stub Mode

During development, skip inbound configuration:

const runtime = dsarInstance({
	adapters: {
		inbound: "stub",
		// ...
	},
});

Available Adapters

How Inbound Works

Intake Mapping

Idempotency

Stub Mode

Related