# `Mailglass.Webhook.Providers.Postmark`
[🔗](https://github.com/szTheory/mailglass/blob/v1.0.0/lib/mailglass/webhook/providers/postmark.ex#L1)

Postmark webhook verifier + normalizer.

Verifier: HTTP Basic Auth (Postmark has no HMAC) via
`Plug.Crypto.secure_compare/2` for timing-attack-safe comparison
(CONTEXT D-04). Optional IP allowlist (off by default — Postmark's
own docs warn origin IPs change; opt-in avoids surprise-blocking).

Normalizer: pattern-matches each documented `RecordType` to the
Anymail event taxonomy verbatim (PROJECT D-14). Unmapped types
fall through to `:unknown` with `Logger.warning` — never silent
`_ -> :hard_bounce` (CONTEXT D-05).

## Provider identity lives in `Event.metadata`

The `%Mailglass.Events.Event{}` struct has no `:provider` column
(per V02 schema — provider identity lives on `mailglass_webhook_events`).
This module stashes `"provider"` + `"provider_event_id"` in
`Event.metadata` with STRING keys (revision W9; JSONB roundtrip safety).
Plan 04's Ingest Multi reads these metadata keys to populate the
`mailglass_webhook_events` row.

---

*Consult [api-reference.md](api-reference.md) for complete listing*