Command
nylas webhook verify
Verify a webhook signature locally.
Written by Qasim Muhammad Staff SRE
What does nylas webhook verify do?
The nylas webhook verify command validates a webhook payload against a signature and secret. Use --payload-file for a saved raw body, --payload for inline JSON, --signature for the received signature header, and --secret for the webhook signing secret.
Usage
nylas webhook verify --payload-file PAYLOAD.json --signature SIG --secret SECRETFlags
| Flag | Description |
|---|---|
| --json | Output as JSON |
| --no-color | Disable color output |
| --verbose(-v) | Enable verbose output |
| --config | Custom config file path |
| --help(-h) | Show help for the command |
| --limit | Limit results (most list commands) |
| --yes(-y) | Skip confirmations |
| --payload | Inline webhook payload JSON |
| --payload-file | Path to a file containing the raw webhook payload |
| --signature | Webhook signature header value |
| --secret | Webhook signing secret |
Examples
Verify a saved payload
nylas webhook verify \
--payload-file message.created.json \
--signature "$NYLAS_SIGNATURE" \
--secret "$NYLAS_WEBHOOK_SECRET"Verify inline JSON
nylas webhook verify \
--payload '{"type":"message.created"}' \
--signature "$NYLAS_SIGNATURE" \
--secret "$NYLAS_WEBHOOK_SECRET"Example output
✓ Signature valid
The payload matches the x-nylas-signature header value.Troubleshooting
Signature mismatch
Verify against the exact raw request body. Middleware that parses and reserializes JSON can change bytes and invalidate the signature.
Recommended guides
Microsoft Graph Change Notifications
Microsoft Graph change notifications for mail and calendar: the subscription lifecycle, the validation token handshake, the 7-day expiry, and renewal.
Add Email Sync to Your App Without IMAP
Skip per-mailbox IMAP IDLE connections. Use webhooks for push and on-demand reads for backfill, prototyped from the terminal — and know when IMAP still wins.
Sync Contacts Across Gmail and Outlook
Read contacts from Gmail and Outlook with one tool, deduplicate them by email, and get change notifications — without building a sync engine yourself.
Track Email Opens, Clicks, and Replies
Send tracked email and receive open, click, and reply events over webhooks from the terminal. Verify the signatures, and learn why email open rates overcount.
Send OTP and 2FA Codes by Email
Generate a cryptographically secure one-time code and send it by email from the terminal — no SMTP. Test the full round trip and learn email OTP's limits.
Microsoft Graph Mailbox Agent Best Practices
Least-privilege Graph scopes, throttling limits, and change notifications for an AI agent that reads and writes an Outlook mailbox — without an Azure app.
Run nylas webhook verify --help for full help output.