Use case

Send Password Reset Emails from Your App

Password reset email has to be boring in the best way: one token, one recipient, one observable delivery trail. NoticeAPI gives your app a simple send endpoint, reusable templates, idempotency keys, and simulator addresses before production DNS is ready.

Send a reset email safely
curl -X POST https://www.noticeapi.com/api/v1/email/send \
  -H "Authorization: Bearer ntc_xxxxxxxxxxxxxxxxxxxx" \
  -H "Idempotency-Key: reset-token-abc123" \
  -H "Content-Type: application/json" \
  -d '{
    "from": "Acme Security <[email protected]>",
    "to": "[email protected]",
    "templateId": "tpl_password_reset",
    "variables": { "FIRST_NAME": "Sam", "RESET_CODE": "123456" }
  }'

Idempotent retries

Use the reset token id as the idempotency key so a retry does not send duplicate reset messages.

Reset template

Use the password reset starter or your own template with reset code and expiry variables.

Simulator test

Send to simulator recipients in local or CI tests before real mailboxes are involved.

Delivery trail

Poll the email id or receive signed webhooks for delivered, bounced, and failed outcomes.

How it works

From test send to production traffic.

1

Generate a short-lived token

Create and store the reset token in your own auth system before calling NoticeAPI.

2

Send with idempotency

Pass the token id in Idempotency-Key so retries return the original send result.

3

Test with the simulator

Use simulator recipients to exercise delivered and bounced paths during development.

4

Watch the outcome

Use timelines or webhooks to help support understand whether the reset message left the system.

Trust

Security email should stay transactional

Password resets are app-triggered transactional messages. Keep the token short-lived, avoid exposing secrets in the subject, and let suppressions protect known-bad recipients.

Implementation links

Build with the shipped docs.

FAQ

Questions developers ask before switching email.

Should I put the reset token in the subject?

No. Keep sensitive reset material in the body or link your app generates, and keep expiry logic in your own auth system.

How do I avoid duplicate reset emails?

Use Idempotency-Key with a stable token or job id. Matching retries return the original send.

Can I test reset email without DNS?

Yes. Send from [email protected] and use simulator recipients during development.

Start free. Send production after your domain is ready.

Free includes 3,000 production emails per month, a 100/day production cap, and one verified sending domain.