Skip to main content
Inbound enables you to receive emails with Resend. This guide demonstrates how to forward received emails using NextJS, although you can use any framework you prefer.
1

Verify a domain with Inbound

Verify a domain and enable receiving emails for that domain. We strongly recommend verifying a subdomain (subdomain.example.com) instead of the root domain (example.com).Verify a domain with InboundAdd the records in your DNS provider and wait for verification to finish in Resend. Learn more about adding Domains in Resend.
When you enable Inbound on a domain, Resend will receive all emails sent to that specific domain.For example, if you verify example.com, Resend will receive all emails sent to <anything>@example.com. If you have another email inbox setup (e.g., [email protected]), the inbox will no longer receive any emails, as all emails will be sent to Resend instead.If you verify subdomain.example.com, Resend will receive all emails sent to <anything>@subdomain.example.com while all emails sent to your root domain (example.com) will continue to receive emails.
2

Create a POST route

Resend can send a webhook to your application’s endpoint every time you receive an email.Add a new POST route to your application’s endpoint.
app/api/inbound-webhook/route.ts
import type { NextRequest } from 'next/server';
import { NextResponse } from 'next/server';

export const POST = async (request: NextRequest) => {
  try {
    const payload = await request.text();

    return NextResponse.json(payload);
  } catch (error) {
    console.error(error);
    return new NextResponse(`Error: ${error}`, { status: 500 });
  }
};
3

Create a webhook in Resend

Go to the Webhooks page and click Add Webhook.
  1. Add your publicly accessible HTTPS URL.
  2. Select all events you want to observe (e.g., email.received).
  3. Click Add.
Create a webhook in Resend
For development, you can create a tunnel to your localhost server using a tool like ngrok or VS Code Port Forwarding. These tools serve your local dev environment at a public URL you can use to test your local webhook endpoint.Example: https://example123.ngrok.io/api/webhook
4

Add Resend to your project

Add the Resend Node.js SDK to your project using your preferred package manager.
npm install resend
Create an API key with “Full access” permission in Resend and add it to your project’s .env file.
.env
RESEND_API_KEY=re_xxxxxxxxx
5

Verify the webhook request

Webhook signing secrets are used to validate the payload data sent to your application from Resend.Update your POST route to verify the webhook request using the webhook secret. First, copy the webhook secret from the webhook details page.Webhook SecretThen, add it to your project’s .env file.
.env
RESEND_WEBHOOK_SECRET=whsec_xxxxxxxxxx
Update the POST route to verify the webhook request using the webhook secret.
Make sure that you’re using the raw request body when verifying webhooks. The cryptographic signature is sensitive to even the slightest change. Some frameworks parse the request as JSON and then stringify it, and this will also break the signature verification.
app/api/inbound-webhook/route.ts
import type { NextRequest } from 'next/server';
import { NextResponse } from 'next/server';
import { Resend } from 'resend';

const resend = new Resend(process.env.RESEND_API_KEY);

export async function POST(req: NextRequest) {
  try {
    // we need raw request text to verify the webhook
    const payload = await req.text();

    const id = req.headers.get('svix-id');
    const timestamp = req.headers.get('svix-timestamp');
    const signature = req.headers.get('svix-signature');

    if (!id || !timestamp || !signature) {
      return new NextResponse('Missing headers', { status: 400 });
    }

    // Throws an error if the webhook is invalid
    // Otherwise, returns the parsed payload object
    const result = resend.webhooks.verify({
      payload,
      headers: {
        id,
        timestamp,
        signature,
      },
      webhookSecret: process.env.RESEND_WEBHOOK_SECRET!,
    });

    return NextResponse.json(result);
  } catch (error) {
    console.error(error);
    return new NextResponse(`Error: ${error}`, { status: 500 });
  }
}
6

Process incoming emails

Once you verify the webhook, it returns the webhook payload as a JSON object. You can use this payload to forward the email to another email address. Note the following steps:
  1. Add a guard clause to ensure the event type is email.received.
  2. Get the incoming email’s content
  3. Download and encode any attachments
  4. Forward the email (remember to update the from and to addresses below)
You must call the received emails API to retrieve the email content and the attachments API to retrieve the attachments. This design choice supports large payloads in serverless environments that have limited request body sizes.
app/api/inbound-webhook/route.ts
import type { NextRequest } from 'next/server';
import { NextResponse } from 'next/server';
import { Resend, type ListAttachmentsResponseSuccess } from 'resend';

const resend = new Resend(process.env.RESEND_API_KEY);

export async function POST(req: NextRequest) {
  try {
    const payload = await req.text();

    const id = req.headers.get('svix-id');
    const timestamp = req.headers.get('svix-timestamp');
    const signature = req.headers.get('svix-signature');

    if (!id || !timestamp || !signature) {
      return new NextResponse('Missing headers', { status: 400 });
    }

    const result = resend.webhooks.verify({
      payload,
      headers: {
        id,
        timestamp,
        signature,
      },
      webhookSecret: process.env.RESEND_WEBHOOK_SECRET!,
    });

    // 1. Add a guard clause to ensure the event type is `email.received`.
    if (result.type !== 'email.received') {
      return NextResponse.json({ message: 'Invalid event' }, { status: 200 });
    }

    // 2. Get the incoming email's content
    const { data: email, error: emailError } =
      await resend.emails.receiving.get(result.data.email_id);

    if (emailError) {
      throw new Error(`Failed to fetch email: ${emailError.message}`);
    }

    // 3. Download and encode any attachments
    const { data: attachmentsData, error: attachmentsError } =
      await resend.emails.receiving.attachments.list({
        emailId: result.data.email_id,
      });

    if (attachmentsError) {
      throw new Error(
        `Failed to fetch attachments: ${attachmentsError.message}`,
      );
    }

    const attachments =
      attachmentsData?.data as ListAttachmentsResponseSuccess['data'] &
        { content: string }[];

    if (attachments && attachments.length > 0) {
      // download the attachments and encode them in base64
      for (const attachment of attachments) {
        const response = await fetch(attachment.download_url);
        const buffer = Buffer.from(await response.arrayBuffer());
        attachment.content = buffer.toString('base64');
      }
    }

    // 4. Forward the email
    const { data, error: sendError } = await resend.emails.send({
      from: '[email protected]', // replace with an email address from your verified domain
      to: ['[email protected]'], // replace with the email address you want to forward the email to
      subject: result.data.subject,
      html: email.html,
      text: email.text,
      attachments,
    });

    if (sendError) {
      throw new Error(`Failed to forward email: ${sendError.message}`);
    }

    return NextResponse.json({ message: 'Email forwarded successfully', data });
  } catch (error) {
    console.error(error);
    return new NextResponse(`Error: ${error}`, { status: 500 });
  }
}
7

Test the endpoint

You can test the endpoint by sending an email to the domain you verified.For example, if you verified marketing.example.com, send an email to [email protected].
  • Try a simple HTML email with a subject and a body.
  • Try an email with an attachment or multiple attachments.
You can view the received email in the Emails page and see the webhook payload in the Webhooks page.
8

Go to Production

Once you’ve tested the endpoint:
  1. Publish your application to your production environment.
  2. Add your production POST endpoint as a new webhook in Resend.