Whether you need an email API or SMTP relay depends on what you want to do after a message leaves your application. If you only need to send, SMTP is fine. If you need delivery receipts, bounce handling, click tracking, and template rendering in one request, you want an HTTP email API. Most SaaS teams reach that fork early, and the wrong choice means retrofitting infrastructure later.
This guide covers what an email API is, how it compares to SMTP, how to make your first API call, and what to look for when choosing a provider.
Email API vs SMTP: What Actually Differs
Both methods deliver messages to inboxes. The difference is in what happens around the send.
SMTP is a wire protocol defined in RFC 5321. Your application opens a TCP connection to a mail server, exchanges a structured conversation (EHLO, AUTH, MAIL FROM, RCPT TO, DATA), and the server queues the message for delivery. It works everywhere, and every language has an SMTP library built in. What it lacks is a structured feedback channel: bounces come back as DSN messages in your inbox, opens are invisible, and retries are the server’s problem.
An email API is an HTTP service that wraps that delivery infrastructure and adds a response layer on top. You POST a JSON payload, get a JSON response with a message ID, and then receive structured webhook events as delivery progresses. The protocol underneath is still SMTP; the API is the interface to it.
| SMTP relay | Email API | |
|---|---|---|
| Transport | TCP, port 587 | HTTPS, port 443 |
| Auth | Username + password | API key in header |
| Response | Queued or rejected (synchronous) | Message ID + async webhooks |
| Delivery events | DSN bounce emails | Webhook POST per event |
| Open / click tracking | Requires custom setup | Built-in per-send flag |
| Template rendering | Your app must build the HTML | Provider renders from template ID |
| Scheduling | Not standard | Supported by most providers |
| Batch / personalization | Manual loop | Batch endpoint with per-recipient variables |
Use SMTP when: you have an existing system that already integrates via SMTP (a CMS, an ERP, a legacy app), your volume is low, or you need the fastest path to “just send.” Most modern email providers offer SMTP relay alongside their API, so you are not locked out of their infrastructure if you start on SMTP.
Use an email API when: you are building new integration code, you need reliable delivery event tracking, you want the sending provider to handle template rendering, or you are building an automation that reacts to bounces and complaints in real time.
How an Email API Works
Authentication
Every email API uses a server-side API key. You generate the key in your provider dashboard, store it as an environment variable, and pass it in the request header. The exact header name varies by provider: Postmark uses X-Postmark-Server-Token, SendGrid and Resend use Authorization: Bearer <key>, Mailgun uses HTTP Basic auth. Never hardcode the key in your source code or commit it to a repository.
The Request Payload
A minimal send request contains four required fields: from, to, subject, and the message body (HTML, plain text, or both). Most providers accept both multipart and JSON-encoded payloads.
Here is an example using the Postmark API (POST https://api.postmarkapp.com/email):
curl https://api.postmarkapp.com/email \
-X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "X-Postmark-Server-Token: YOUR_SERVER_TOKEN" \
-d '{
"From": "[email protected]",
"To": "[email protected]",
"Subject": "Your account is ready",
"TextBody": "Hi Jane, your account is now active.",
"HtmlBody": "<p>Hi Jane, your account is now active.</p>",
"MessageStream": "outbound"
}'The same call in Node.js using the Resend SDK (which uses Authorization: Bearer auth):
import { Resend } from 'resend';
const resend = new Resend(process.env.RESEND_API_KEY);
const { data, error } = await resend.emails.send({
from: '[email protected]',
to: '[email protected]',
subject: 'Your account is ready',
html: '<p>Hi Jane, your account is now active.</p>',
});
if (error) console.error(error);Both snippets are minimal. Real sends add ReplyTo, Cc, Attachments, a Tag for filtering in your dashboard, and either a template ID or rendered HTML. See how to send email in Node.js or how to send email in Python for language-specific walkthroughs with full error handling.
Templates and Dynamic Content
Most email APIs support server-side template rendering. Instead of building HTML in your application, you store a template in the provider dashboard, assign it an ID, and pass a variables object at send time:
{
"From": "[email protected]",
"To": "[email protected]",
"TemplateId": "welcome-v2",
"TemplateModel": {
"name": "Jane",
"trial_days": 14,
"dashboard_url": "https://app.example.com/login"
}
}This keeps your codebase free of HTML string concatenation and lets your design team update templates without a deployment.
Delivery Events via Webhooks
After a message is sent, the API returns a message ID. From that point, delivery events arrive as HTTP POST requests to a webhook endpoint you configure.
Mailgun’s webhook documentation lists the event types your endpoint will receive: delivered, opened, clicked, unsubscribed, complained, permanent_fail, and temporary_fail. Each event payload includes the message ID, recipient, timestamp, and event-specific data (for clicks, the URL that was clicked; for failures, the error code and SMTP diagnostic).
A minimal webhook handler in Express:
app.post('/webhooks/email', express.json(), (req, res) => {
const event = req.body;
switch (event['event-data']?.event) {
case 'permanent_fail':
// mark address as undeliverable in your DB
break;
case 'complained':
// unsubscribe immediately
break;
case 'opened':
// update engagement timestamp
break;
}
res.sendStatus(200);
});Processing bounces and complaints in real time is not optional for transactional email. Sending to a repeatedly bouncing address damages your domain reputation with every attempt.
Batch Sending and Scheduling
Email APIs support sending personalized messages to multiple recipients in a single request. Postmark’s batch endpoint accepts up to 500 messages per call; Mailgun allows up to 1,000 recipients with per-recipient variable substitution via recipient-variables. Most providers also support delayed delivery: a SendAt field or equivalent lets you schedule sends up to a few days in advance without managing your own queue.
How to Choose an Email API
The “best email API” depends on your sending pattern and constraints. Here is a practical criteria list:
Deliverability track record. Look for published delivery rates and whether the provider maintains dedicated IP pools for transactional mail, separate from bulk/marketing traffic. Mixing transactional and promotional sends on the same IPs lets campaign spam complaints hurt your password-reset deliverability.
SDK coverage and API quality. Official SDKs in Node, Python, Ruby, Go, and PHP save integration time. Check whether the SDK is actively maintained (recent commits, open issues addressed) and whether the API is versioned so you are not broken by undocumented changes.
Event log retention and debugging tools. When a user says “I never got my verification email,” you need to look up the exact delivery attempt in a searchable log. Most providers retain event logs for 30-45 days on standard plans; some retain 60 days on higher tiers.
Pricing model. Transactional email is typically priced per 1,000 messages. Compare overage pricing, not just the base plan, and understand whether dedicated IPs cost extra (they usually do, and are worth it above roughly 50,000 emails per month per SendGrid’s IP warm-up guidance).
EU data residency. If you are handling personal data under GDPR, where email content and metadata are stored matters. Mailgun’s EU region (api.eu.mailgun.net) stores and processes data within the EU. Brevo (formerly Sendinblue) is headquartered in the EU with data centers in Germany and France. Postmark has publicly stated it does not offer EU hosting; transfers rely on Standard Contractual Clauses.
Vendor-specific limits. Mailgun’s free tier limits to 100 emails per day after the trial period. SendGrid’s free tier allows 100 emails per day indefinitely but puts Twilio branding in the footer. Resend’s free tier allows 3,000 emails per month. Read the limits before building around a plan.
For a side-by-side comparison of major providers, see Best Transactional Email Services Compared.
Deliverability Fundamentals You Own
Choosing a reputable API provider handles infrastructure, but authentication is your responsibility. Three DNS records protect every domain that sends email:
- SPF (Sender Policy Framework): a TXT record listing which IP ranges are authorized to send mail for your domain.
- DKIM (DomainKeys Identified Mail): a cryptographic signature on outbound messages; your provider generates the key pair and gives you the public key as a DNS TXT record to publish.
- DMARC: a policy record that tells receiving servers what to do when SPF or DKIM fails, and where to send aggregate reports.
Publishing all three is a prerequisite before your first send. Gmail and Yahoo have required it for bulk senders since February 2024. See What Is Email Authentication? for the full setup guide.
Frequently Asked Questions
What is an email API?
An email API is an HTTP service that lets your application send email by making a POST request with a JSON payload. The provider’s infrastructure handles SMTP routing, authentication, queuing, and retry logic, and delivers structured delivery events (bounces, opens, clicks) back to your application via webhooks.
When should I use an email API instead of SMTP?
Use an email API when you are writing new integration code and need structured delivery events, bounce handling, or server-side template rendering. SMTP is a reasonable choice for legacy integrations or tools that already speak SMTP natively. Most providers support both, so you can start on SMTP and migrate to the API later without changing providers.
How do I authenticate with an email API?
Store your API key as an environment variable and pass it in the request header. The exact header varies by provider: Postmark uses X-Postmark-Server-Token, while Resend and SendGrid use Authorization: Bearer <key>. Never hardcode API keys in source code or commit them to a repository.
What is a webhook in the context of email APIs?
An email webhook is an HTTP POST request your provider sends to a URL you configure whenever a delivery event occurs: delivered, opened, clicked, bounced, or marked as spam. Your application receives a JSON payload with the event type, message ID, recipient, and event-specific data, allowing real-time handling of bounces and unsubscribes.
What DNS records do I need before sending through an email API?
You need SPF, DKIM, and DMARC records. SPF authorizes your sending IPs, DKIM adds a cryptographic signature to outbound messages, and DMARC sets the policy for what receiving servers do when either check fails. Your email API provider will give you the exact records to publish during domain verification.
What is a dedicated IP and do I need one?
A dedicated IP is an IP address used exclusively for your outbound email, giving you full control over sender reputation. Most providers assign shared IPs by default. Dedicated IPs are worth the extra cost if you are sending more than roughly 50,000 emails per month; below that volume, shared IPs maintained by a reputable provider typically perform as well or better because the warm-up burden is already handled.
Which email API providers support EU data residency?
Mailgun’s EU region (api.eu.mailgun.net) stores and processes data within the EU. Brevo is EU-headquartered with data centers in Germany and France. SendGrid supports configurable EU sending. Postmark does not offer EU hosting and relies on Standard Contractual Clauses for transfers from the EU.
I’ve spent my career building software at scale with a soft spot for email: deliverability, lifecycle campaigns, and getting messages to actually land. I started Coldletter to fix what bugged me about transactional and marketing email tools. I’m based in Vancouver.