Email over API
The Infobip Email API (opens in a new tab) allows you to send transactional and marketing emails programmatically using either the HTTP API or the SMTP API. Both options provide secure and scalable ways to deliver personalized, trackable emails to your recipients.
What you can do with the Email API
Use the Email API to:
- Automate transactional notifications, such as order confirmations, password resets, and alerts
- Send personalized marketing campaigns
- Manage bulk email delivery at scale
- Track delivery, opens, and clicks in real time
Prerequisites
Before sending emails over the API, ensure that your sending domain is verified and active in the Infobip system.
You can verify your domain in the User profile (opens in a new tab) section of your Infobip account.
Technical specifications and best practices
- Message size: Maximum 10 MB (including attachments)
- Attachments: Supported types:
.pdf,.docx,.xlsx,.txt,.jpg,.png,.gif - Unsubscribe: Always include an unsubscribe link in marketing emails to comply with anti-spam laws
- Verified sender domains: Ensure DNS and SPF/DKIM records are properly configured for better deliverability
- Rate limits: Check your account’s sending limits to avoid throttling
Choosing between HTTP API and SMTP API
| Feature | HTTP API | SMTP API |
|---|---|---|
| Best for | Custom applications, bulk campaigns | Existing email tools (CRM, ERP, CMS) |
| Authentication | API key (recommended) | Username/password (or API key) |
| Format | JSON | Standard SMTP |
| Tracking | Full analytics (opens, clicks, bounces) | Limited |
| Flexibility | High - dynamic templates, placeholders | Medium - relies on SMTP protocol |
HIPAA-eligible Email API
The Email API supports a dedicated HIPAA-eligible deployment designed for sending messages that contain Protected Health Information (PHI). When using the HIPAA-eligible email endpoint, the platform applies additional safeguards to protect sensitive data throughout message processing and delivery.
HIPAA-eligible email services support the transmission of PHI only within the limits defined in this section. Any feature, functionality, or use case not explicitly listed as supported is excluded from HIPAA-eligible email services and must not be used to transmit, process, or store PHI.
This capability is intended for anyone operating under HIPAA requirements and is used together with appropriate contractual agreements, such as a Business Associate Agreement (BAA).
Key characteristics
- Dedicated HIPAA endpoint for PHI traffic
- Tight data-minimization practices - message payloads and content are not stored or indexed in standard logs
- No content upload to shared content services within the HIPAA flow
- Encrypted handling of attachments and stored artifacts during processing
- Restricted features that could expose message content (for example, browser-based content previews are disabled)
HIPAA-eligible email endpoint
HIPAA-eligible Email API access is provided exclusively through a dedicated, non-public endpoint available only to customers who have completed Infobip's HIPAA onboarding process.
Customers are responsible for ensuring that all email traffic containing Protected Health Information (PHI) is sent exclusively through the HIPAA-eligible endpoint and is not transmitted, processed, or stored using any non-HIPAA-eligible endpoint, service, or combination of Infobip services unless explicitly designated as HIPAA-eligible.
HIPAA-ineligible services and features
Email used in combination with other Infobip services is excluded from HIPAA-eligible email services unless explicitly stated otherwise in the relevant product description.
The following services and functionalities are not HIPAA-eligible and must not be used with PHI:
- Inbound emails
- Browser-based viewing of message content
- Default placeholders
- PHI may be included only in recipient-level placeholders when used with HIPAA-eligible email services
CallbackDataAPI parameter- Any public, shared, or link-based access to message content
- Active storage
- Archive storage
- Moments, including People attributes, profiles, and catalogs
- Broadcast and Forms
- Unsupported Flow elements, messaging channels, functions, or integrations not expressly designated as HIPAA.
Storage and retention for HIPAA-eligible email
Message retention, storage, and archival capabilities may be restricted or disabled to support HIPAA compliance.
HIPAA-related support requests must be submitted to [email protected].
You must not include PHI in any support tickets. When troubleshooting, use call SIDs, message SIDs, or other Infobip-specific identifiers instead of phone numbers or other sensitive information.