Skip to main content
POST
/
email-meter
/
reservation-hook
Microsoft Graph webhook for new email notifications
curl --request POST \
  --url http://localhost:2000/email-meter/reservation-hook \
  --header 'Content-Type: application/json' \
  --data '
{
  "value": [
    {
      "subscriptionId": "a12b34cd-56e7-890f-12gh-3456ijkl7890",
      "changeType": "created",
      "resource": "me/messages/AAMkADNkZDIxY2E1L...",
      "resourceData": {
        "id": "AAMkADNkZDIxY2E1LTQzNDUtNGUwYS04ZTFlLTY1NjVhYjMxZTc2MwBGAAAAA..."
      }
    }
  ]
}
'
"ValidationTokenExample123456"
Webhook endpoint used by Microsoft Graph for email notification events. This endpoint does not require authentication since it’s called by Microsoft servers.

Request

Query Parameters

ParameterTypeRequiredDescription
validationTokenstringNoValidation token sent by Microsoft Graph during webhook registration

Request Body (for email notifications)

{
  "value": [
    {
      "subscriptionId": "a12b34cd-56e7-890f-12gh-3456ijkl7890",
      "changeType": "created",
      "resource": "me/messages/AAMkADNkZDIxY2E1L...",
      "resourceData": {
        "id": "AAMkADNkZDIxY2E1LTQzNDUtNGUwYS04ZTFlLTY1NjVhYjMxZTc2MwBGAAAAA..."
      }
    }
  ]
}

Request Body Schema

FieldTypeRequiredDescription
valuearrayNoArray of Microsoft Graph notification objects
subscriptionIdstringNoUnique subscription identifier
changeTypestringNoType of change (created, updated, deleted)
resourcestringNoResource identifier
resourceDataobjectNoData about the changed resource

Response

200 OK - Webhook validation (returns validation token)

ValidationTokenExample123456

200 OK - Email notification processed

{
  "status": "processed",
  "message": "Email notification received and queued for processing"
}

400 Bad Request

{
  "error": {
    "code": "INVALID_REQUEST",
    "message": "Invalid or malformed request"
  }
}

500 Internal Server Error

{
  "error": {
    "code": "SERVER_ERROR",
    "message": "Internal server error"
  }
}

Examples

Webhook Validation (during setup)

# Microsoft Graph calls this with validationToken
curl -X POST 'http://localhost:2000/email-meter/reservation-hook?validationToken=ValidationTokenExample123456'

Email Notification (real-time)

# Microsoft Graph calls this when new email arrives
curl -X POST 'http://localhost:2000/email-meter/reservation-hook' \
  -H 'Content-Type: application/json' \
  -d '{
    "value": [
      {
        "subscriptionId": "a12b34cd-56e7-890f-12gh-3456ijkl7890",
        "changeType": "created",
        "resource": "me/messages/AAMkADNkZDIxY2E1L...",
        "resourceData": {
          "id": "AAMkADNkZDIxY2E1LTQzNDUtNGUwYS04ZTFlLTY1NjVhYjMxZTc2MwBGAAAAA..."
        }
      }
    ]
  }'

Notes

  • No Authentication Required: This endpoint is called by Microsoft servers
  • Two Modes: Validation during setup, notifications during operation
  • Validation Token: Must be echoed back exactly as received during setup
  • Real-time Processing: Email notifications are processed immediately
  • Queue System: Notifications are queued for asynchronous processing

Webhook Lifecycle

1. Setup Phase

  • Microsoft Graph sends validation token
  • Endpoint returns the token unchanged
  • Subscription becomes active

2. Operation Phase

  • Microsoft Graph sends email event notifications
  • Endpoint processes and acknowledges notifications
  • Emails are analyzed and statistics updated

Event Types

Change TypeDescriptionAction Taken
createdNew email receivedAnalyze email, update stats
updatedEmail modifiedRe-analyze if needed
deletedEmail deletedUpdate statistics accordingly

Processing Flow

  1. Receive Notification: Microsoft Graph sends webhook
  2. Validate Request: Verify source and format
  3. Queue for Processing: Add to analysis queue
  4. Email Analysis: Extract metadata and content
  5. Update Statistics: Refresh all relevant metrics
  6. Trigger Notifications: Send alerts if configured

Security Considerations

  • Source Verification: Verify requests come from Microsoft Graph
  • Rate Limiting: Handle high volume of notifications
  • Data Privacy: Process email content securely
  • Error Handling: Graceful degradation on processing failures

Troubleshooting

Common Issues

  • Validation Fails: Ensure exact token is returned
  • Missing Notifications: Check subscription status
  • Processing Delays: Monitor queue health
  • Duplicate Events: Implement deduplication logic

Monitoring

  • Track webhook response times
  • Monitor notification processing queue
  • Alert on failed validation attempts
  • Log all webhook events for auditing

Configuration

The webhook endpoint URL must be:
  • Publicly accessible: Microsoft servers must reach it
  • HTTPS enabled: Required for security
  • Responsive: Must respond within timeout limits
  • Reliable: Handle Microsoft’s retry logic

Best Practices

  1. Fast Response: Respond quickly to webhook calls
  2. Async Processing: Use background jobs for email analysis
  3. Error Recovery: Implement retry logic for failures
  4. Logging: Log all webhook events for debugging
  5. Monitoring: Set up alerts for webhook health

Query Parameters

validationToken
string

Validation token sent by Microsoft Graph during webhook registration. The API must return this token as plain text to validate the subscription.

Body

application/json
value
object[]

Array of Microsoft Graph notification objects.

Response

Successfully processed the webhook event or returned validation token

The response is of type string.

Example:

"ValidationTokenExample123456"