about
Receive Emails in Code: Polling, Webhooks, and Assertions
Learn how to receive real inbound email in code with API polling or webhooks, including attachment handling, retries, and test-safe assertions.
Receiving emails in code is the foundation for reliable signup, reset, alerting, and workflow automation tests.
Quick architecture
[app action] -> [email provider/send API] -> [inbox] -> [polling or webhook] -> [assertions / business logic]
Two receive patterns
1) Polling or wait-based API calls
Best for deterministic test flows where you need to block until message arrival.
2) Webhook callbacks
Best for event-driven backends that process inbound mail continuously.
In practice
Create inboxes per environment or test run, then receive and assert email content directly in code.
Example: wait for latest email in tests
const inbox = await mailslurp.createInbox();
await app.triggerPasswordReset({ email: inbox.emailAddress });
const email = await mailslurp.waitForLatestEmail({
inboxId: inbox.id,
timeout: 30000,
unreadOnly: true,
});
expect(email.subject).toContain("Reset");
expect(email.body).toContain("/reset-password");
Example payload shape
{
"id": "...",
"from": "...",
"to": "...",
"subject": "...",
"body": "...",
"headers": { "content-type": "text/html; charset=utf-8" },
"attachments": ["attachment-id-1"]
}
Attachment and parsing workflow
For inbound workflows that rely on files:
- Fetch attachment metadata with message payload
- Download file bytes by attachment ID
- Validate file type, size, and parseability
- Route parsed fields to your downstream systems
Webhook vs polling decision matrix
| Requirement | Better pattern |
|---|---|
| Deterministic CI checks | Polling/wait methods |
| Near-real-time backend processing | Webhooks |
| Low operational overhead in tests | Polling |
| High-volume production event fan-out | Webhooks + queue |
Reliability controls
Use these controls to avoid flaky behavior:
- Per-run inbox isolation for tests
- Explicit timeouts and bounded retries
- Idempotency keys for webhook consumers
- Dead-letter handling for failed processors
- Clear cleanup policy for stale inboxes
Common receive-side defects QA should catch
- Wrong recipient mapping
- Broken reset/activation links
- Missing merge variables
- Attachments not present or malformed
- Unexpected sender/authentication headers
Related routes
- Receive email API
- Inbound email API
- Email webhooks
- Test email address guide
- Email integration testing
Final take
If your team only validates send-side events, you are blind to real user failures. Receive-side email assertions in code should be a default release gate for critical communication flows.