Back to Docs

Webhook Configuration

Secure your agent's inbound email and calendar webhooks with provider-specific secrets.

Why Webhook Secrets Matter

When someone replies to your agent's email or books a meeting, your email/calendar provider sends a webhook notification to Babuger. Webhook secrets ensure these notifications are legitimate and not spoofed by attackers.

Per-Agent Security

Each agent uses their own webhook secret

HMAC/ECDSA Verification

Industry-standard cryptographic signatures

Automatic Validation

Babuger verifies every webhook before processing

Optional But Recommended

Works without secrets, but less secure

Setup Guides by Provider
Choose your email or calendar provider below for step-by-step instructions

MailerSend Webhook Configuration

1

Access Inbound Routes

Log in to your MailerSend dashboard, go to Domains, select your domain, then click Inbound Routes in the sidebar.

2

Create Inbound Route

Click Create Inbound Route and configure:

  • Route Name: Babuger Agent Inbound
  • Match Recipient: your-agent@yourdomain.com (your agent's from_email)
  • Forward to: Use the webhook URL below
Webhook URL:
https://your-domain.com/api/v1/webhooks/mailersend/inbound
Make sure to enable "Sign webhook requests" when creating the route!
3

Copy Webhook Secret

After creating the route, MailerSend shows a Signing Secret. Copy this secret (it looks like ms_secret_abc123...).

4

Configure in Babuger

Go to Agents → Select your agent → Email tab → Scroll to MailerSend Webhook Secret → Paste the secret → Click Save Changes

You'll see a green
Configured
badge once the secret is saved.
5

Test the Webhook

Send a test email to your agent's address. Check your agent's conversation history to verify it was received and processed.

Troubleshooting

Webhook not working?

  • Verify webhook URL uses HTTPS (not HTTP)
  • Check that webhook secret was copied completely (no extra spaces)
  • Ensure agent's from_email matches the email receiving webhooks
  • Confirm agent is Active in Babuger
  • Check provider dashboard for webhook delivery logs

Invalid signature errors?

  • Regenerate the webhook secret in your provider dashboard
  • Update the secret in Babuger agent settings
  • Verify the signature algorithm matches (HMAC SHA-256 or ECDSA P-256)
  • Test with a fresh webhook delivery

Agent not identified?

  • Ensure agent's from_email exactly matches recipient email in webhook
  • For Cal.com: verify Event Type ID matches. For Calendly: verify event type is selected
  • Check that agent is active (not archived)
Security Best Practices

Unique Secrets Per Agent

Never share webhook secrets between agents

Rotate Periodically

Update secrets every 90 days for best security

Test After Setup

Always verify webhooks work before going live

Monitor Logs

Check for repeated verification failures

Getting StartedConfigure Webhooks