Helpdesk inbound-email webhook integration (/api/helpdesk/inbound-email) is undocumented despite having an admin config UI

Area: Integration / API (audit p13) · Surface: POST /api/helpdesk/inbound-email + admin config at helpdesk/admin/email-accounts.php · Dimension: documentation · Severity: minor

Setting up inbound email (so customer replies become helpdesk tickets) requires configuring an external mail provider to POST to this webhook with the right secret header and body shape. The mobieusHelp admin guide does not surface this in wiki search, and there is no provider-setup walkthrough (Postmark/Mailgun/SES) — the admin must reverse-engineer the integration from the config UI alone.

Evidence

This is an admin-configurable inbound-mail integration. Controller doc at /home/patrick/mobieus-io/platform/src/Controllers/Helpdesk/HelpdeskInboundController.php states it is a 'public webhook endpoint that providers (Postmark, Mailgun, SES inbound parse, generic JSON) POST to' authed via 'per-tenant shared secret in the X-Mobieus-Inbound-Secret header'. An admin UI exists at /home/patrick/mobieus-io/platform/templates/helpdesk/admin/email-accounts.php (grep shows 9x 'inbound', Mailgun/Postmark, 7x 'secret', 3x 'Webhook'). No wiki article: probes /know/inbound-email → 404, /know/helpdesk-inbound-email → 404; wiki search 'inbound email' returns only /know/index.

Suggested fix. Add a mobieusKnow article (or a section in /know/mobieushelp-admin-guide) documenting the inbound-email webhook URL, the X-Mobieus-Inbound-Secret header, and per-provider (Postmark/Mailgun/SES) setup steps, plus the normalized JSON body shape for the generic case.

Filed by the automated tenant-app audit and adversarially evidence-verified. Status: verified. Open — not yet actioned.