Inbound
Inbound Resend
Alpha
DSAR is currently in alpha. APIs, package surfaces, configuration, and documentation may change as the project evolves.
@dsar/inbound-resend accepts Resend email.received webhook events and maps them into canonical DSAR request capture input. Emails sent to configured addresses are automatically verified, routed, and captured as DSAR requests.
Installation
| Package manager | Command |
|---|---|
| npm | npm install @dsar/inbound-resend |
| pnpm | pnpm add @dsar/inbound-resend |
| yarn | yarn add @dsar/inbound-resend |
| bun | bun add @dsar/inbound-resend |
Setup
-
Configure Resend inbound emails — set up a receiving domain in Resend and point the webhook to your DSAR instance.
-
Create the adapter:
- Register with the backend:
Webhook endpoint: POST /webhooks/inbound/resend
Required headers: svix-id, svix-timestamp, svix-signature
Configuration
| Option | Default | Description |
|---|---|---|
webhookSecret | — | Resend webhook secret for Svix signature verification (required) |
apiKey | — | Resend API key (needed when fetchEmailContent is enabled) |
fetchEmailContent | false | Fetch plain text / HTML body via Resend receiving API |
routeMap | — | Recipient address routing map |
defaultRoute | — | Fallback route when no recipient match found |
Intake Mapping
| Field | Value |
|---|---|
jurisdiction | From recipient route resolution |
intakeSource.type | inbound_email |
intakeSource.receivedAt | Authoritative email timestamp |
intakeSource.rawContextRef | Resend email_id or message_id |
requestor.email | Parsed sender email |
Idempotency
Idempotency key format: inbound-resend:{sourceId}:{tenantId}:{workspaceId|*}
Replayed webhook deliveries return the original request ID.
Failure Modes
- Invalid signature or malformed payload —
REQUEST_VALIDATION_FAILED - Missing recipient route and no default route —
REQUEST_VALIDATION_FAILED - Non-DSAR intent — accepted with
status: ignored_non_dsar