Amazon SES

Signature Verification

Property	Value
Algorithm	RSA with SNS certificate verification
Method	Fetches signing certificate from AWS, verifies RSA-SHA1 signature

Amazon SES delivers notifications via Amazon SNS (Simple Notification Service). SNS messages include a SigningCertURL field pointing to an X.509 certificate hosted on AWS S3. Transyt fetches the certificate and verifies the RSA signature.

Setup

In the AWS Console, navigate to SES > Configuration Sets
Create or select a configuration set
Add an SNS destination for the event types you want to track
Create an SNS topic and add an HTTPS subscription pointing to:
```
https://ingest.transyt.com/ses/{your-account-slug}
```
SNS will send a confirmation request, which Transyt auto-confirms

No signing secret is needed — SES/SNS uses certificate-based verification.

Account Configuration

curl -X POST https://ingest.transyt.com/admin/accounts \
  -H "X-Admin-Token: YOUR_ADMIN_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "provider": "ses",
    "account_slug": "main",
    "app_key": "my-app"
  }'

Event Type Mappings

SES Notification Type	Transyt Event
`Delivery`	`email.delivered`
`Send`	`email.sent`
`Reject`	`email.rejected`
`Bounce`	`email.bounced`
`Complaint`	`email.complaint`
`Open`	`email.opened`
`Click`	`email.clicked`

External ID

The external ID is a composite of messageId:notificationType, allowing multiple notification types for the same email to be stored as separate events.