# Email over API The [Infobip Email API](https://www.infobip.com/docs/api/channels/email) allows you to send transactional and marketing emails programmatically using either the **HTTP API** or the **SMTP API**. Both options provide secure and scalable ways to deliver personalized, trackable emails to your recipients. --- ## What you can do with the Email API Use the Email API to: - **Automate transactional notifications**, such as order confirmations, password resets, and alerts - Send personalized **marketing campaigns** - Manage **bulk email delivery** at scale - **Track** delivery, opens, and clicks in **real time** --- ## Prerequisites Before sending emails over the API, ensure that your **sending domain** is **verified** and **active** in the Infobip system. You can verify your domain in the [User profile](https://portal.infobip.com/login) section of your Infobip account. --- ## Technical specifications and best practices - **Message size**: Maximum 10 MB (including attachments) - **Attachments**: Supported types: `.pdf`, `.docx`, `.xlsx`, `.txt`, `.jpg`, `.png`, `.gif` - **Unsubscribe**: Always include an unsubscribe link in marketing emails to comply with anti-spam laws - **Verified sender domains**: Ensure DNS and SPF/DKIM records are properly configured for better deliverability - **Rate limits**: Check your account’s sending limits to avoid throttling --- ## Choosing between HTTP API and SMTP API | Feature | HTTP API | SMTP API | |----------------|------------------------------------------|------------------------------------------| | Best for | Custom applications, bulk campaigns | Existing email tools (CRM, ERP, CMS) | | Authentication | API key (recommended) | Username/password (or API key) | | Format | JSON | Standard SMTP | | Tracking | Full analytics (opens, clicks, bounces) | Limited | | Flexibility | High - dynamic templates, placeholders | Medium - relies on SMTP protocol | --- ## HIPAA-eligible Email API The Email API supports a dedicated **HIPAA-eligible** deployment designed for sending messages that contain **Protected Health Information (PHI)**. When using the HIPAA-eligible email endpoint, the platform applies additional safeguards to protect sensitive data throughout message processing and delivery. HIPAA-eligible email services support the transmission of PHI only within the limits defined in this section. Any feature, functionality, or use case not explicitly listed as supported is **excluded** from HIPAA-eligible email services and must not be used to transmit, process, or store PHI. This capability is intended for anyone operating under HIPAA requirements and is used together with appropriate contractual agreements, such as a Business Associate Agreement (BAA). **Key characteristics** - **Dedicated HIPAA endpoint** for PHI traffic - **Tight data-minimization practices** - message payloads and content are not stored or indexed in standard logs - **No content upload to shared content services** within the HIPAA flow - **Encrypted handling of attachments and stored artifacts** during processing - **Restricted features** that could expose message content (for example, browser-based content previews are disabled) ### HIPAA-eligible email endpoint [#hipaa-eligible-email-endpoint-hipaa-eligible-email-api] HIPAA-eligible Email API access is provided exclusively through a **dedicated**, **non-public endpoint** available only to customers who have completed Infobip's HIPAA onboarding process. Important Customers are responsible for ensuring that all email traffic containing Protected Health Information (PHI) is sent **exclusively** through the **HIPAA-eligible endpoint** and is **not** transmitted, processed, or stored using any non-HIPAA-eligible endpoint, service, or combination of Infobip services unless explicitly designated as HIPAA-eligible. ### HIPAA-ineligible services and features [#hipaa-ineligible-services-and-features-hipaa-eligible-email-api] Email used in combination with other Infobip services is excluded from HIPAA-eligible email services unless explicitly stated otherwise in the relevant product description. The following services and functionalities are **not HIPAA-eligible** and must not be used with PHI: - Inbound emails - Browser-based viewing of message content - Default placeholders - PHI may be included only in recipient-level placeholders when used with HIPAA-eligible email services - `CallbackData` API parameter - Any public, shared, or link-based access to message content - Active storage - Archive storage - Moments, including People attributes, profiles, and catalogs - Broadcast and Forms - Unsupported Flow elements, messaging channels, functions, or integrations not expressly designated as HIPAA. ### Storage and retention for HIPAA-eligible email [#storage-and-retention-hipaa-eligible-email-api] **Message retention**, **storage**, and **archival capabilities** may be **restricted or disabled** to support HIPAA compliance. Note HIPAA-related support requests must be submitted to HIPAA_Support@infobip.com. You must **not** include PHI in any support tickets. When troubleshooting, use call SIDs, message SIDs, or other Infobip-specific identifiers instead of phone numbers or other sensitive information. ---