Settings

Security

The 'Security' section allows you to protect your account from unauthorized access and enhance its security. Features like IP Authorization and Two-Factor Authentication (2FA) give you full control over who and how someone can access the panel. Configuring these options effectively safeguards your account, even in the event of a potential login data breach.

IP Authorization

The 'IP Authorization' feature allows you to restrict login access to specific IP addresses or entire IP ranges. This increases account security, even if your password is compromised.

  1. Navigate to 'Account' -> 'Settings' -> 'Security'.

  2. In the 'IP Authorization' section, find the input field for adding addresses.

  3. Enter the IP address you want to allow access for, or input an IP range mask to define a broader range.

  4. Click the 'Add' button to save the authorized IP address.

  5. To remove an IP address, click the 'Remove' button next to the entry in the IP list.

Important information:

  • Ensure that the IP addresses or masks are accurate—incorrect configuration may result in loss of account access.

  • Regularly review and update authorized IP addresses to maintain security.

Two-Factor Authentication (2FA)

Refer to the Two-Factor Authentication (2FA) section for setup instructions.


API

MessageFlow’s advanced API enables efficient management of your communication. The API integration supports message sending, detailed statistics tracking, data exchange, and automation of various processes directly from your applications.

Webhooks

Webhooks allow you to automatically send event data to a specified URL, enabling effective monitoring of your communication. Upon receiving data, your system should return an appropriate response. Refer to the EmailLabs panel instructions for webhook configuration.

Supported Channels and Events

In the MessageFlow panel, you can configure webhooks for the following channels and events:

  • Transactional Emails – Delivery reports

  • Email Campaigns – Unsubscribe reports

  • Transactional SMS – Delivery reports

  • Transactional SMS – Link clicks

  • 2-Way Communication – Incoming SMS messages

  • Panel Emails – Reports

Note: Event monitoring availability depends on the selected plan and activated features in the MessageFlow panel.

Webhook Configuration

  1. Select the desired channel and event type, then fill out the required fields.

  2. URL – Enter the endpoint (URL) where EmailLabs servers will send the data.

  3. Backup URL (optional) – Enter a backup URL. If the primary URL is unavailable or returns an error, the webhook will be sent to this backup address.

  4. Notification Rule – Choose your preferred notification frequency:

    • Option 1: Every 1 hour, 6 hours, or 24 hours

    • Option 2: Every 30 minutes, 2 hours, or 24 hours

Authentication Modes:

  • None – No additional verification.

  • Basic Auth – Activate this option to enter a username and password for webhook authentication. Add these details to your endpoint's authentication settings. Regardless of the mode, it is recommended to always validate the incoming webhook's hash.

Important Notes for Transactional Emails:

  • To receive events separated by subaccounts for delivery reports, select the 'Per Subaccount' checkbox.

  • Always use a unique message_id when sending messages. This ensures proper aggregation of webhook data with subsequent statuses.

Testing and Saving Webhooks:

  • After preparing your data-receiving script, use the 'Test' option to verify that your script correctly handles the data.

  • Webhook settings will only be saved after a successful test.

Ensure Your Endpoint:

  • Returns HTTP/1.1 200 OK to confirm successful data reception.

  • Utilizes the 'Generate SecretKey' feature to add a unique key for data protection and enhanced security.

After successful webhook configuration, click 'Save'.


Data Transmission

Data is sent to the specified endpoint using a POST request, which contains an array of events. Each event is represented as an object, and its structure varies depending on the event type (detailed descriptions can be found in our API documentation).

Your endpoint should:

  1. Validate authentication as configured in the panel.

  2. Save the received object (JSON payload).

  3. Respond with an HTTP 200 OK status.

Last updated