Use case
Send Password Reset Emails from Your App
Password reset email has to be boring in the best way: one token, one recipient, one observable delivery trail. NoticeAPI gives your app a simple send endpoint, reusable templates, idempotency keys, and simulator addresses before production DNS is ready.
curl -X POST https://www.noticeapi.com/api/v1/email/send \
-H "Authorization: Bearer ntc_xxxxxxxxxxxxxxxxxxxx" \
-H "Idempotency-Key: reset-token-abc123" \
-H "Content-Type: application/json" \
-d '{
"from": "Acme Security <[email protected]>",
"to": "[email protected]",
"templateId": "tpl_password_reset",
"variables": { "FIRST_NAME": "Sam", "RESET_CODE": "123456" }
}'Idempotent retries
Use the reset token id as the idempotency key so a retry does not send duplicate reset messages.
Reset template
Use the password reset starter or your own template with reset code and expiry variables.
Simulator test
Send to simulator recipients in local or CI tests before real mailboxes are involved.
Delivery trail
Poll the email id or receive signed webhooks for delivered, bounced, and failed outcomes.
How it works
From test send to production traffic.
Generate a short-lived token
Create and store the reset token in your own auth system before calling NoticeAPI.
Send with idempotency
Pass the token id in Idempotency-Key so retries return the original send result.
Test with the simulator
Use simulator recipients to exercise delivered and bounced paths during development.
Watch the outcome
Use timelines or webhooks to help support understand whether the reset message left the system.
Trust
Security email should stay transactional
Password resets are app-triggered transactional messages. Keep the token short-lived, avoid exposing secrets in the subject, and let suppressions protect known-bad recipients.
Implementation links
Build with the shipped docs.
FAQ
Questions developers ask before switching email.
Should I put the reset token in the subject?
No. Keep sensitive reset material in the body or link your app generates, and keep expiry logic in your own auth system.
How do I avoid duplicate reset emails?
Use Idempotency-Key with a stable token or job id. Matching retries return the original send.
Can I test reset email without DNS?
Yes. Send from [email protected] and use simulator recipients during development.
Start free. Send production after your domain is ready.
Free includes 3,000 production emails per month, a 100/day production cap, and one verified sending domain.