AuthMailer delivers mission-critical authentication emails — OTPs, account verification, password resets, and security alerts — with enterprise-grade reliability and blazing-fast delivery.
// Send OTP via AuthMailer API fetch('https://api.authmailer.us/v1/send-otp', { method: 'POST', headers: { 'Authorization': 'Bearer AM_LIVE_key_...', 'Content-Type': 'application/json' }, body: JSON.stringify({ to: "user@example.com", otp_length: 6, expires_in: 300, template_id: "otp_default" }) }) // Response: 200 OK { "status": "sent", "message_id": "msg_01J9K...", "delivered_at": "2025-10-14T09:23:11Z" }
Built for developers who demand reliability. AuthMailer handles the complexity of email infrastructure so your team can focus on building.
97.4% average inbox placement rate across major email providers. Advanced SPF, DKIM, and DMARC authentication ensures your authentication emails reach the inbox every time.
SOC 2 Type II compliant infrastructure. All data is encrypted in transit (TLS 1.3) and at rest (AES-256). AWS GovCloud-backed with multi-region redundancy.
Track delivery status, opens, bounces, and failures with sub-second latency. Full event logs with 90-day retention for audit and compliance purposes.
Get dedicated sending IPs exclusive to your domain. Build and maintain your IP reputation independently with no shared-sending interference from other customers.
Receive real-time HTTP callbacks for all email events — delivered, opened, bounced, and failed. HMAC-signed webhook payloads for verified authenticity.
Built-in compliance tooling for GDPR, CAN-SPAM, and CCPA. Data processing agreements (DPAs) available. No customer data ever sold or used for third-party purposes.
Three simple steps is all it takes to integrate mission-critical email delivery into your application stack.
Add your API key and make a single POST request to our REST API or use one of our official SDKs for Node.js, Python, Ruby, Go, or PHP. You're up in minutes, not days.
AuthMailer processes your request, selects the optimal sending infrastructure, applies domain authentication, and dispatches through Amazon SES-powered infrastructure with priority routing.
Receive real-time webhook events and browse your delivery dashboard. Get alerts for bounce spikes, suppression list matches, and deliverability anomalies before they become incidents.
AuthMailer provides a clean, well-documented REST API with SDKs in every major language. Idempotency keys, retry logic, and async webhooks are built in from day one.
import AuthMailer from '@authmailer/sdk'; const client = new AuthMailer({ apiKey: process.env.AUTHMAILER_API_KEY }); await client.verification.send({ to: 'sarah@example.com', subject: 'Verify your account', verification_url: `https://myapp.com/verify?token=${token}`, from_name: 'MyApp Security', expires_in: 86400, // 24 hours idempotency_key: `verify_${userId}_${Date.now()}` }); // Returns message_id + delivery timestamp
"We switched from a general-purpose ESP after OTP emails started landing in spam. AuthMailer's dedicated IPs and strict transactional focus solved our deliverability overnight. Our 2FA completion rate jumped from 71% to 96%."
"The API is incredibly clean. We integrated AuthMailer into our Go microservice in under an hour. Webhooks are HMAC-signed and reliable. Their 99.98% uptime SLA isn't marketing fluff — we've had zero critical failures in 14 months."
"As a HIPAA-adjacent platform, we needed an email vendor who took compliance seriously. AuthMailer's DPA, SOC 2 reports, and clear data retention policies made our security review easy. Exceptional support team too."
All plans include a 14-day free trial. No credit card required to start. Cancel anytime.
AuthMailer was founded by engineers who experienced firsthand how critical email delivery fails at the worst possible moment — during user authentication. We built the infrastructure we always wished existed.
Authentication emails are not marketing. They are the security backbone of your application. When a user clicks "Forgot Password," or a fintech platform sends a transaction OTP, or a healthcare app requires two-factor verification — that email must arrive. Every time. Instantly. Without question.
AuthMailer exists for that single, critical purpose: delivering authentication and security emails with the reliability, speed, and compliance that modern applications demand.
We are a strictly transactional email infrastructure company. We do not build tools for marketing, promotions, campaigns, or outbound sales. Our infrastructure, IP reputation, and sending policies are exclusively optimized for transactional use cases — which is why our customers see inbox placement rates that generic ESPs cannot match.
We enforce a strict transactional-only policy across every account. No marketing. No promotions. This protects our IP reputation and ensures every customer benefits from clean, trusted infrastructure.
Every architectural decision is made with security at the center. TLS 1.3 in transit, AES-256 at rest, zero-knowledge logging for sensitive fields, and SOC 2 Type II compliance are non-negotiable baseline requirements.
We believe great infrastructure should be invisible. Clean APIs, clear documentation, honest status pages, and responsive support define how we build products and interact with our customers.
1101 Brickell Avenue, Suite 800
Miami, FL 33131
United States
support@authmailer.us
Our founding team comes from Amazon SES, Mailgun, and Twilio — with decades of combined experience in email infrastructure at scale.
Our sending infrastructure is built on enterprise cloud systems with global redundancy, ensuring your authentication emails are never at risk.
Welcome to the AuthMailer API. Our REST API allows you to send transactional authentication emails from your application. All requests must be made over HTTPS. The base URL for all API endpoints is:
https://api.authmailer.us/v1
AuthMailer uses API keys for authentication. Include your API key in the Authorization header of every request:
Authorization: Bearer AM_LIVE_sk_1a2b3c4d5e6f7g8h9i0j...
API keys are prefixed with AM_LIVE_ for production and AM_TEST_ for sandbox environments. Never expose API keys client-side. Store them in environment variables or a secrets manager.
Send a one-time password (OTP) email to a user. The OTP is generated server-side by AuthMailer and optionally validated via our /verify-otp endpoint.
| Parameter | Type | Required | Description |
|---|---|---|---|
| to | string | Required | Recipient email address. Must be a real user email, not a purchased or third-party list. |
| otp_length | integer | Optional | Length of the generated OTP code. Default: 6. Accepted: 4–8. |
| expires_in | integer | Optional | OTP expiry in seconds. Default: 300 (5 minutes). Max: 3600. |
| template_id | string | Optional | Custom template ID. Defaults to your account's default OTP template. |
| metadata | object | Optional | Arbitrary key-value pairs attached to the message event log. |
| idempotency_key | string | Recommended | Unique key to prevent duplicate sends. Max 255 characters. |
POST https://api.authmailer.us/v1/send-otp Authorization: Bearer AM_LIVE_sk_... Content-Type: application/json Idempotency-Key: otp_uid_8823_1729350000 { "to": "user@example.com", "otp_length": 6, "expires_in": 300, "template_id": "tmpl_otp_branded_01", "metadata": { "user_id": "usr_88234", "ip": "203.0.113.45" } }
{ "status": "sent", "message_id": "msg_01J9KABCDEFGH", "to": "user@example.com", "otp_expires_at": "2024-10-14T09:28:11Z", "delivered_at": "2024-10-14T09:23:11Z", "latency_ms": 142 }
Send an account verification email containing a unique verification link. Used for email address verification during user registration or email change flows.
POST https://api.authmailer.us/v1/send-verification Authorization: Bearer AM_LIVE_sk_... Content-Type: application/json { "to": "newuser@example.com", "from_name": "MyApp Security", "verification_url": "https://myapp.com/verify?token=eyJhbGci...", "expires_in": 86400, "subject": "Please verify your email address", "template_id": "tmpl_verify_01" }
{ "status": "sent", "message_id": "msg_01J9KXYZ12345", "to": "newuser@example.com", "link_expires_at": "2024-10-15T09:23:11Z", "delivered_at": "2024-10-14T09:23:11Z" }
Rate limits are applied per API key, per endpoint, per minute. Exceeding limits returns a 429 Too Many Requests response with a Retry-After header.
X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset. Implement exponential backoff with jitter when retrying after 429 errors.AuthMailer delivers real-time event notifications via HTTP POST to your configured webhook endpoint. All payloads are signed with HMAC-SHA256 using your webhook secret.
email.sent — Message accepted and dispatchedemail.delivered — Confirmed delivery to recipient serveremail.opened — Recipient opened the emailemail.bounced — Hard or soft bounce receivedemail.failed — Delivery failed after all retriesemail.spam_complaint — Recipient reported as spamimport crypto from 'crypto'; function verifyWebhook(payload, signature, secret) { const expected = crypto .createHmac('sha256', secret) .update(payload, 'utf8') .digest('hex'); return crypto.timingSafeEqual( Buffer.from(expected), Buffer.from(signature) ); }
AuthMailer, Inc. ("AuthMailer," "we," "our," or "us") operates the email delivery API available at authmailer.us and api.authmailer.us. This Privacy Policy explains how we collect, use, share, and protect information when you use our services.
When you register for an AuthMailer account, we collect your name, business email address, company name, billing information (processed by our payment processor, Stripe), and usage preferences.
We collect logs of API requests including endpoint called, timestamp, response codes, message IDs, sending domain, recipient email addresses (hashed for privacy after 90 days), and metadata you attach to requests.
We collect delivery events including delivery status, bounce codes, spam complaints, and open events. This data is used exclusively to provide you with delivery analytics and to maintain sending quality.
We use collected information solely to: (a) provide, maintain, and improve the AuthMailer email delivery service; (b) process your payments; (c) send you service notifications, security alerts, and billing receipts; (d) enforce our Terms of Service and Acceptable Use Policy; (e) comply with legal obligations.
We do not use your data for advertising, marketing profiling, or any purpose not directly related to providing email delivery services.
AuthMailer processes recipient email addresses submitted through our API on your behalf as a data processor. You, the customer, are the data controller responsible for ensuring you have appropriate consent and legal basis to email recipients through our platform.
AuthMailer's role is strictly to deliver transactional messages you initiate. We do not access the content of emails beyond what is technically necessary for delivery and support purposes. We never use recipient email addresses for any purpose other than delivering the message you requested.
We do not sell, rent, or share personal data with third parties for marketing or advertising purposes. Period. We share data only in the following limited circumstances:
A complete list of our sub-processors is available upon request at privacy@authmailer.us.
We retain data according to the following schedule:
You may request earlier deletion of your data by contacting privacy@authmailer.us. Deletion will be completed within 30 days subject to legal retention requirements.
AuthMailer implements comprehensive technical and organizational security measures including: TLS 1.3 encryption for all data in transit; AES-256 encryption for data at rest; SOC 2 Type II certified infrastructure; regular penetration testing; access controls with principle of least privilege; multi-factor authentication enforced for all internal systems; and a formal incident response plan.
For customers subject to the General Data Protection Regulation (GDPR), AuthMailer acts as a Data Processor when processing personal data through our API. We offer a Data Processing Agreement (DPA) that meets GDPR Article 28 requirements. To execute a DPA, contact privacy@authmailer.us.
EU/EEA data is processed within AWS infrastructure in the EU-West-1 (Ireland) and EU-Central-1 (Frankfurt) regions unless you configure otherwise. Data transfers to the United States are covered by Standard Contractual Clauses (SCCs).
Your GDPR rights: Right of access; right to rectification; right to erasure; right to data portability; right to restrict processing; right to object. To exercise any right, contact privacy@authmailer.us.
California residents have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, and the right to opt out of sale of personal information. AuthMailer does not sell personal information. To exercise your CCPA rights, contact privacy@authmailer.us.
Our marketing website (authmailer.us) uses strictly necessary cookies for session management and security, and optional analytics cookies (with your consent) to understand how visitors use our site. The API (api.authmailer.us) does not use cookies. You can manage cookie preferences via the cookie banner on our website.
For privacy-related questions, requests, or concerns: privacy@authmailer.us
AuthMailer, Inc. · 1101 Brickell Avenue, Suite 800 · Miami, FL 33131 · United States
These Terms of Service ("Terms") govern your access to and use of the AuthMailer email delivery API and related services ("Service") operated by AuthMailer, Inc., a Delaware corporation ("AuthMailer," "we," or "us"). By registering for or using the Service, you agree to these Terms.
AuthMailer is an exclusively transactional email service. The Service is designed and permitted solely for sending emails triggered by specific actions taken by your users, including but not limited to:
The following uses are strictly prohibited and will result in immediate account suspension and potential legal action:
You must be at least 18 years of age and have the legal authority to bind your organization to these Terms. You agree to provide accurate, current, and complete information during registration and to keep your account information updated. You are responsible for all activity occurring under your account, including API key usage.
You agree to comply with all applicable federal and state laws governing electronic communications, including the CAN-SPAM Act of 2003, the Computer Fraud and Abuse Act (CFAA), and all applicable state consumer protection statutes. For customers serving EU/EEA residents, compliance with the GDPR is additionally required. AuthMailer does not assume responsibility for your compliance obligations as a data controller.
Your use of the Service is also governed by our Privacy Policy. By using the Service, you represent that you have obtained all necessary consents and legal basis to transmit recipient email addresses through our platform. You are the data controller; AuthMailer is the data processor.
AuthMailer reserves the right to immediately suspend or terminate any account that:
In cases of clear and egregious violation (spam, illegal content, harassment), suspension is immediate without prior notice. For borderline violations, we will make reasonable efforts to notify you via the email on file and allow a 48-hour remediation period before suspension.
The AuthMailer Service, including its API design, dashboard, documentation, and proprietary algorithms, is the intellectual property of AuthMailer, Inc. and is protected by US copyright, trademark, and patent laws. Your use of the Service grants you no ownership interest in any AuthMailer intellectual property.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, AUTHMAILER'S TOTAL LIABILITY FOR ANY CLAIMS ARISING FROM THESE TERMS OR YOUR USE OF THE SERVICE SHALL NOT EXCEED THE AMOUNTS PAID BY YOU TO AUTHMAILER IN THE TWELVE (12) MONTHS PRECEDING THE CLAIM. AUTHMAILER IS NOT LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES.
These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict of law principles. Any disputes shall be resolved exclusively in the state or federal courts located in Miami-Dade County, Florida. You waive any objection to such jurisdiction and venue.
AuthMailer may modify these Terms at any time. Material changes will be communicated via email to the address on file at least 30 days before taking effect. Continued use of the Service after the effective date constitutes acceptance. If you disagree with changes, you may terminate your account before the effective date.
For Terms-related questions: legal@authmailer.us
AuthMailer, Inc. · 1101 Brickell Avenue, Suite 800 · Miami, FL 33131
Our team is based in the United States and typically responds within one business day. For urgent production issues, Growth and Enterprise customers receive priority support.
Whether you have a technical question, need help with your integration, or want to discuss an enterprise plan, we'd love to hear from you.
support@authmailer.us
Response within 1 business day
sales@authmailer.us
Custom pricing, SLAs, and onboarding
security@authmailer.us
Vulnerabilities, DPAs, SOC 2 reports
AuthMailer, Inc.
1101 Brickell Avenue, Suite 800
Miami, FL 33131
United States