Your login for our support center is different than your Control Panel login.

Click here to create a login for the support center

Inbound Message Processing and the Inbound API

The Inbound message processing feature allows On-Demand customers to direct their inbound email to SocketLabs servers.  The inbound messages are automatically parsed into JSON structures and pushed to a customer HTTP/S endpoint for processing and/or storage. Processing email in this way is particularly useful for mail streams that are to be consumed by business systems such as support ticket managers, issue trackers, and discussion forums. By processing email in this manner, On-Demand customers can now write simple web applications to accept easy-to-manage JSON blobs subject to business logic before injecting them into systems such as those mentioned above.


The Inbound API can be accessed via the 'For Developers' menu. Initially the only control on this page will be a toggle for enabling or disabling the Inbound feature.

Before the settings on this page can be saved, two conditions must be met: the domain(s) to be processed must have their MX records pointing to; and an Inbound API compatible web application must be running in a location accessible by the On-Demand network. The web application must return the Validation Key from the configuration page in order to pass validation. Once these conditions are met, the URL of the endpoint belongs in the "Endpoint URL" field, and the domain(s) being processed should be added to the configuration.

At this point the Inbound message processing system should post JSON blobs to the configured endpoint for each message it receives. Each JSON blob will contain the Secret Key also found on this configuration page, which endpoints can test for to ensure they don't accept any JSON not coming from the On-Demand network.

Security Consideration

Although unencrypted HTTP communication is allowed for your Inbound Parse API endpoint, it is strongly encouraged that you use HTTPS for your endpoint.  Using unencrypted HTTP can pose a number of security risks.  By the nature of the data being transmitted, Inbound Parse API-related calls made to your endpoint contain your SocketLabs server ID and Secret Key, as well as PII (Personally Identifiable Information) belonging to end-users, such as email address, friendly name, mail subject, mail content, message attachment, any custom headers, etc. Furthermore, fields such as mail content may contain additional confidential/sensitive information. Insecure transfer of such data over HTTP may pose data security risks (i.e.: confidentiality and integrity)

Additional Resources

Inbound API documentation can be found in our API Reference:

A sample endpoint written in C#.NET can be found in our public Git repository:

Comments (0)
Help Desk Software by Kayako  Copyright © 2019 SocketLabs, Inc.  Terms of Service | Privacy Policy | Acceptable Use Policy