Command
nylas webhook verify
The nylas webhook verify command validates a webhook payload against a signature and secret. Use --payload-file for a saved raw body, --payload for inline JSON, --signature for the received signature header, and --secret for the webhook signing secret.
Written by Qasim Muhammad Staff SRE
What does nylas webhook verify do?
The nylas webhook verify command validates a webhook payload against a signature and secret. Use --payload-file for a saved raw body, --payload for inline JSON, --signature for the received signature header, and --secret for the webhook signing secret.
Usage
nylas webhook verify --payload-file PAYLOAD.json --signature SIG --secret SECRETFlags
| Flag | Description |
|---|---|
| --json | Output as JSON |
| --no-color | Disable color output |
| --verbose(-v) | Enable verbose output |
| --config | Custom config file path |
| --help(-h) | Show help for the command |
| --limit | Limit results (most list commands) |
| --yes(-y) | Skip confirmations |
| --payload | Inline webhook payload JSON |
| --payload-file | Path to a file containing the raw webhook payload |
| --signature | Webhook signature header value |
| --secret | Webhook signing secret |
Examples
Verify a saved payload
nylas webhook verify \
--payload-file message.created.json \
--signature "$NYLAS_SIGNATURE" \
--secret "$NYLAS_WEBHOOK_SECRET"Verify inline JSON
nylas webhook verify \
--payload '{"type":"message.created"}' \
--signature "$NYLAS_SIGNATURE" \
--secret "$NYLAS_WEBHOOK_SECRET"Troubleshooting
Signature mismatch
Verify against the exact raw request body. Middleware that parses and reserializes JSON can change bytes and invalidate the signature.
Recommended guides
Email Prompt Injection Defense
Defend AI email agents against prompt injection attacks. Input separation, capability sandboxing, human-in-the-loop approvals, and audit logging patterns.
Calendly Alternative for Developers
Build a developer-owned scheduling flow with Nylas CLI: find time, check availability, create events, and handle calendar webhooks.
Mailtrap Alternative for Real Inbox Testing
Compare Mailtrap, Mailosaur, and Nylas Agent Accounts for testing transactional email flows with real inbox delivery.
Parse Inbound Email Webhooks
Register inbound email webhooks, verify signatures, and parse message.created payloads into JSON your app can process.
Cypress Email Testing
Test password resets, magic links, and OTP emails in Cypress with a real inbox, Nylas CLI JSON output, and isolated agent accounts.
Secure OpenClaw Email Access
Secure OpenClaw email access with plugin allowlists, scoped Nylas credentials, policy rules, send approvals, and local MCP or exec boundaries.
Test Email Webhooks Locally
Test Nylas email webhooks locally with tunnel setup, signed payload checks, trigger discovery, and replayable fixtures before shipping handlers.
MCP Email Server Security Checklist
Secure MCP email servers with least privilege, local server checks, token boundaries, webhook verification, and write-action controls.
Stop Your AI Agent From Going Rogue
Terminate rogue AI agent sessions at the connector layer. Outbound blocks, auto-reply kill switches, and prompt-injection containment — all before SMTP.
Extract OTP Codes from Email — Skip the Inbox
Pull 2FA verification codes from email without opening your inbox. The nylas otp get command copies the latest code to your clipboard across all providers.
CI/CD Email Alerts with PowerShell
Send build failure alerts, deployment reports, and test results from GitHub Actions, Azure DevOps, and Jenkins pipelines using PowerShell and Nylas CLI.
Secure CLI Email: API Keys and Audit Logging
Manage Nylas CLI credentials securely. Rotate API keys, configure audit logging, enforce data policies, and meet SOC 2 requirements for email automation.
Audit AI Agent Activity (Claude, Copilot, MCP)
Audit logs for AI agent actions across Claude Code, GitHub Copilot, and MCP servers. Filter by source, export for compliance, trace every agent command.
Send GPG Encrypted Email from CLI
Send and receive GPG/PGP encrypted email from your terminal using Nylas CLI. Auto-fetches keys from keyservers. Sign, encrypt, or both via RFC 3156 PGP/MIME.
E2E Email Testing with Playwright
Test password reset, invitation, and verification emails end-to-end. Poll with Nylas CLI, verify content in Playwright, and click links. No Gmail config needed.
Run nylas webhook verify --help for full help output.