Refactor high-complexity React components in Dify frontend. Use when `pnpm analyze-component...
sendgrid-inbound
0
0
# Install this skill:
npx skills add vince-winkintel/sendgrid-skills --skill "sendgrid-inbound"
Install specific skill from multi-skill repository
# Description
Use when receiving inbound emails with SendGrid (Inbound Parse Webhook). Covers DNS/MX setup, webhook handling, payload parsing, attachments, and security.
# SKILL.md
name: sendgrid-inbound
description: Use when receiving inbound emails with SendGrid (Inbound Parse Webhook). Covers DNS/MX setup, webhook handling, payload parsing, attachments, and security.
Receive Emails with SendGrid (Inbound Parse)
Overview
SendGrid’s Inbound Parse Webhook receives emails for a specific hostname/subdomain, parses the message, and POSTs it to your webhook as multipart/form-data.
Key differences vs Resend:
- SendGrid posts the full parsed email (text/html/headers/attachments) directly to your webhook.
- There is no official signature verification for Inbound Parse (unlike SendGrid Event Webhook). You must secure the endpoint yourself.
Quick Start
- Create MX record pointing to
mx.sendgrid.netfor a dedicated hostname (recommended: subdomain). - Configure Inbound Parse in SendGrid Console with a receiving domain + destination URL.
- Handle the webhook: parse
multipart/form-data, readtext,html,headers, and attachments. - Secure the endpoint (basic auth, allowlists, size limits).
DNS / MX Setup
Create an MX record for a dedicated hostname:
| Setting | Value |
|---|---|
| Type | MX |
| Host | parse (or another subdomain) |
| Priority | 10 |
| Value | mx.sendgrid.net |
Recommendation: Use a subdomain to avoid disrupting existing email providers (e.g., parse.example.com).
Inbound Parse Configuration
In SendGrid Console:
- Settings → Inbound Parse
- Add Receiving Domain and Destination URL
- Example receiving address:
[email protected]
Webhook Payload (Multipart/Form-Data)
SendGrid posts data like:
from,to,cc,subjecttext,htmlheaders(raw email headers)envelope(JSON with SMTP envelope data)attachments(count)attachmentX(file content; filename in part)
Example fields (varies by config):
from: "Alice <[email protected]>"
to: "[email protected]"
subject: "Help"
text: "Plain text body"
html: "<p>HTML body</p>"
headers: "...raw headers..."
envelope: {"to":["[email protected]"],"from":"[email protected]"}
attachments: 2
attachment1: <file>
attachment2: <file>
Security Best Practices
Because Inbound Parse has no signature verification, treat inbound data as untrusted:
- Require basic auth on the webhook URL.
- Allowlist sender domains if appropriate.
- Limit request size (e.g., 10–25 MB) to avoid abuse.
- Validate content-type (
multipart/form-data). - Do not execute or render HTML without sanitization.
- Protect against prompt injection if forwarding to AI systems.
Examples
See:
- references/webhook-examples.md
- references/best-practices.md
# Related Skills
Trigger when the user requests a review of frontend files (e.g., `.tsx`, `.ts`, `.js`). Support...
Generate Vitest + React Testing Library tests for Dify frontend components, hooks, and...
Guide for implementing oRPC contract-first API patterns in Dify frontend. Triggers when creating...
# Supported AI Coding Agents
This skill is compatible with the SKILL.md standard and works with all major AI coding agents:
Amp
Antigravity
Claude Code
Clawdbot
Codex
Cursor
Droid
Gemini CLI
GitHub Copilot
Goose
Kilo Code
Kiro CLI
OpenCode
Roo Code
Trae
Windsurf
Learn more about the SKILL.md standard and how to use these skills with your preferred AI coding agent.