API & webhooks.
Every platform function. Every lifecycle moment.
The REST API covers every function exposed in the platform UI — create campaigns, push lists, launch sends, query analytics, manage suppressions. Webhook events fire on every meaningful lifecycle moment — drop launched, mail piece scanned, email opened, conversion captured. Idempotent operations, audit-logged calls, per-account scoped keys, SOC 2 Type 2 certified infrastructure. Direct mail joins the team’s existing CRM, marketing automation, BI, and data warehouse stack natively, not as a stitched-in afterthought.
Five steps. Full coverage. Production-ready.
- 01
REST API covers every platform function
Authenticate with API key, then call any platform capability programmatically: create campaigns, push records, launch sends, query reporting, manage suppressions, configure templates. The API surface is the same surface the platform UI runs on — there is no "UI-only" feature gated from automation.
- 02
Webhook events fire on every lifecycle moment
Drop launched, mail piece scanned, email opened, SMS clicked, form submitted, conversion captured — every meaningful event posts to the configured webhook endpoints in near-real time. The team subscribes the events the downstream system needs; the platform delivers them with retry-on-failure.
- 03
Idempotent operations and audit-logged calls
Every API call is idempotent on the operation level — retrying a request produces the same result, no duplicate sends or duplicate campaigns. Every call logs to the audit trail with timestamp, calling key, and response payload. Defensible for compliance review.
- 04
Per-account API keys with scoped permissions
Keys provision per account or per program with scoped permissions: read-only for analytics consumers, write-permission for production automation, admin for platform configuration. Keys rotate on demand without breaking active integrations.
- 05
SDK and documentation for major languages
REST endpoints work from any language; the platform provides official SDKs for Python, Node.js, Ruby, and PHP for common integration patterns. Documentation includes per-endpoint examples, webhook payload reference, and end-to-end integration patterns for typical use cases.
Why API and webhook coverage is the integration precondition.
A platform with a partial API forces every non-trivial integration through the UI — which means human-in-the-loop on every recurring program. The economics of "we'll just have someone log in and click the button every Tuesday" stop working at the third concurrent program. Full API coverage removes the human bottleneck and lets every recurring workflow run as automated infrastructure.
Webhooks are the second half of the same lever. API operations push data into the platform; webhooks push events out. The combination — programmatic launch, programmatic event consumption — is what lets direct mail compose with the rest of the marketing stack in real time. CRM events trigger mail launches; mail-scan events trigger CRM updates; the loop closes without an integration-team headcount maintaining a sync layer.
And the SOC 2 Type 2 certification is the precondition for enterprise procurement. Most large-organization vendor reviews require the certification before any integration ships. The platform inherits the certification across the API surface, which means the integration that took six months to get through procurement on a non-certified vendor takes weeks on DirectMail.io.
Where API + webhooks earn their keep.
-
CRM-triggered campaign launches
Sales or service events in Salesforce, HubSpot, or custom CRM trigger direct mail campaigns automatically via API. Onboarding mail, lifecycle nudges, win-back campaigns all fire from the source system without manual intervention.
-
BI and data warehouse integration
Webhook events stream to Snowflake, BigQuery, or Redshift for full-fidelity attribution. Direct mail joins the rest of the marketing data warehouse instead of living in a campaign-tool silo.
-
Custom analytics dashboards
Internal analytics teams build campaign-specific dashboards in Looker, Tableau, or custom tools using API queries. The platform dashboards stay the default; custom views serve specialized stakeholder needs.
-
Marketing automation orchestration
Marketo, Eloqua, or HubSpot Marketing Hub orchestrates multi-channel campaigns where direct mail is one of several coordinated touches. The marketing automation tool fires the mail launch; the platform handles the production and reports back via webhook.
Questions teams ask before deploying.
Short answers. For implementation specifics on SDK usage, webhook payload schemas, or enterprise SOC 2 review documentation, book a demo.
-
What does the REST API support — is it full coverage or partial?
Full coverage. Every function exposed in the platform UI is also exposed in the REST API with identical behavior. Create campaigns, push lists, launch sends, query analytics, manage suppressions, configure templates, manage user accounts, fetch reporting — all callable programmatically. The API is not a "lite" surface; it is the surface the platform UI itself runs against.
-
What events can webhooks fire on?
Every meaningful lifecycle event: campaign created, list ingested, hygiene completed, drop launched, mail piece scanned (origin, NDC, SCF, DDU), Predicted Delivery Window updated, email sent/opened/clicked/bounced, SMS sent/delivered/clicked/failed, landing-page visited, form submitted, conversion captured, audience uploaded to Meta. Teams subscribe to the events they need; the platform fires them with retry-on-failure delivery and signed payloads for verification.
-
How are webhook deliveries retried if the receiving system is down?
Failed deliveries (non-2xx responses, timeouts) retry on an exponential backoff schedule for 24-48 hours by default. Each retry attempt logs to the webhook delivery dashboard with the attempt count, timestamp, and the receiving system's response. Permanently failed deliveries (after retry exhaustion) flag for manual review and can be replayed from the dashboard once the receiving system recovers.
-
How do API authentication and rate limits work?
Bearer token authentication with API keys provisioned per account or per program. Rate limits are generous for production use — most legitimate integrations never see them. Higher-volume use cases (bulk record push, high-frequency event polling) configure with elevated rate limits per program. The platform reports rate limit headers on every response so client systems can self-manage their request cadence.
-
Are there official SDKs?
Python, Node.js, Ruby, and PHP have official platform SDKs maintained alongside the API. SDKs handle authentication, pagination, retry logic, and webhook signature verification automatically — typical integration code is dramatically shorter than raw REST. Other languages work directly against the REST API with standard HTTP libraries; OpenAPI specification is published so SDK generation is straightforward in any language.
-
How does this compare to using SFTP for integration?
API and SFTP are complementary. API handles per-record real-time operations — a single campaign launch, an event post, a record lookup. SFTP handles bulk file transfer — large list ingest, recurring exports, system-to-system batch moves. Programs that need both run both. The platform does not force a choice between integration patterns.
-
Is the platform SOC 2 Type 2 certified — and how does that affect API usage?
Yes, SOC 2 Type 2 certified. The certification covers the full platform infrastructure including the API and webhook delivery layer. For organizations with vendor-security review requirements, the certification report is available under standard NDA. API integrations inherit the platform security posture — including encryption in transit, audit logging, and access control — without additional configuration.
See the API and webhooks running on a real integration.
Bring an existing CRM or marketing automation system and an integration goal. We’ll walk through the API endpoints, configure the webhooks, and demo the round-trip — in 30 minutes.