Skip to content

MailerLogic API (1.0.0)

Complete REST API for managing email delivery, tracking, and analytics.

Get started in minutes:

  1. Get your API key from your customer dashboard
  2. Send authenticated requests using the X-API-Key header
  3. Start sending emails via SMTP or API

For detailed guides, see the Getting Started section in the navigation.

Download OpenAPI description
customer-api.openapi.json
customer-api.openapi.yaml
Overview
URL
https://support.mailerlogic.com
Support
support@mailerlogic.com
Languages
Servers
US Data Center
https://api.mailerlogic.net
EU Data Center (coming soon)
https://eu-api.mailerlogic.net

Quickstart Guide

Get started with MailerLogic in minutes. This guide walks you through sending your first email.

Features Overview

MailerLogic provides enterprise-grade email delivery infrastructure with powerful APIs, deliverability optimization, and comprehensive analytics. Built by developers, for developers.

📬 Deliverability

Q: What is IP warm-up and do I need it?

IP warm-up gradually increases sending volume on a new IP address to build reputation with ISPs.

You need it for:

  • New dedicated IPs
  • IPs idle for 30+ days
  • Significantly increased volume

We automate this process over 2-4 weeks.

Q: How do I improve my sender reputation?

  • Authenticate your domain (SPF, DKIM, DMARC)
  • Send quality content (use content scoring)
  • Maintain good list hygiene
  • Monitor engagement metrics
  • Follow proper IP warm-up schedules
  • Maintain steady sending patterns

Q: What should my bounce rate be?

  • Good: Below 2%
  • Acceptable: 2-5%
  • Poor: Above 5%

If your bounce rate exceeds 10%, we may pause sending to protect your reputation.

Q: What should my complaint rate be?

  • Good: Below 0.1%
  • Acceptable: 0.1-0.5%
  • Poor: Above 0.5%

Complaint rates above 1% may result in account suspension.

Q: How do suppression lists work?

Suppression lists prevent sending to addresses that have:

  • Hard bounced
  • Soft bounced repeatedly
  • Complained (marked as spam)
  • Unsubscribed
  • Been manually added

Automatic suppression happens immediately.

Q: Can I whitelist specific addresses?

Yes, you can whitelist addresses to bypass suppression. Use this carefully for:

  • Test accounts
  • Internal email addresses
  • Verified opt-in addresses only

🔐 Security & Compliance

Q: Do you store my email content?

MailerLogic stores only the data required to process and deliver your emails:

  • Email metadata (sender, recipient, subject, timestamps)
  • Delivery events (queued, sent, delivered, opened, clicked, bounced, complained)
  • Diagnostic information for deliverability troubleshooting

Email bodies and attachments are stored temporarily during processing and transmission and are automatically purged once delivery is complete, based on your retention policy.

Enterprise customers may configure:

  • Content retention windows as low as 0–1 hours
  • Metadata-only mode (no body persistence)
  • EU-only processing for GDPR-aligned workloads

This approach follows SOC 2 data minimization principles and GDPR Article 5(1)(c).

Q: Where is my data stored?

MailerLogic runs entirely on AWS infrastructure. Your data is stored exclusively within the region assigned to your account.

Primary GDPR Region (EU customers):

  • 🇩🇪 EU-CENTRAL-1 – Frankfurt, Germany
  • Frankfurt is our dedicated GDPR-aligned region and preferred by many organizations due to Germany's strong data protection laws and regulatory environment.

Other supported regions:

  • 🇺🇸 US-EAST-1 – Virginia, USA (default for global customers)

Data remains within the chosen region unless you explicitly configure cross-regional exports or webhook endpoints outside that region.

Q: Are you SOC 2 compliant?

MailerLogic is built on BrainCert's established SOC 2 Type II–audited operational framework. This includes:

  • Strict access control and least-privilege policies
  • Continuous monitoring and log aggregation
  • Secure SDLC and code review workflows
  • Formal incident response and change-management processes
  • Annual third-party audits and penetration tests

MailerLogic inherits these controls and upholds the same standards for security, confidentiality, and availability.

SOC 2 reports are available to Enterprise customers under NDA.

Q: Is MailerLogic GDPR compliant?

Yes. MailerLogic supports GDPR compliance through:

  • EU data residency (Frankfurt region)
  • Data minimization: only required metadata is retained
  • Right to erasure: deletion of logs, metadata, and events upon request
  • Data Processing Addendum (DPA) available to all customers
  • Encryption in transit and at rest for all stored and transmitted data
  • No profiling, data sharing, or secondary use of customer information

MailerLogic acts as a Data Processor, while you (the customer) remain the Data Controller.

Q: How is my data protected?

We enforce strong encryption and multi-layer security controls:

  • TLS 1.2+ for all SMTP & API communications
  • AWS KMS (AES-256) encryption for all data at rest
  • Automated backups stored within the same region
  • Per-tenant isolation for API activity, logs, and sending infrastructure
  • Continuous monitoring for anomalies and abuse
  • WAF + rate-limiting + threat detection at the edge

Internal access is restricted, audited, logged, and regularly reviewed.

Q: Who can access my data?

Only a limited set of authorized MailerLogic engineers may access metadata for:

  • Deliverability analysis
  • Abuse or fraud detection
  • Security investigations
  • Customer-requested troubleshooting

Access is governed by SOC 2 controls, MFA, just-in-time access, and extensive logging. MailerLogic never sells data or shares it with third parties.

Q: How long do you retain logs and events?

Default retention policies:

  • Message events: 30 days
  • Delivery logs: 7–30 days
  • Webhook logs: 7 days
  • Message content: purged immediately after processing (unless retention is configured)

Enterprise customers can configure custom retention periods from 1 day to 1 year.

Q: Do you provide email authentication and anti-abuse controls?

Yes. MailerLogic enforces:

  • SPF, DKIM, DMARC validation
  • Optional BIMI
  • Automated IP/domain warm-up
  • Real-time spam scoring
  • Throttling and anomaly detection
  • Bounce, complaint, and reputation monitoring

Accounts may be rate-limited or paused if unusual or harmful activity is detected to protect IP reputation and deliverability.

Q: Do you sign DPAs and support GDPR audits?

Yes. We provide:

  • Data Processing Addendum (DPA)
  • GDPR-compliant contractual terms
  • Details on sub-processors
  • Support for DPIAs (Data Protection Impact Assessments)
  • Assistance with customer compliance questionnaires

Q: Do you undergo third-party security testing?

Yes. MailerLogic undergoes:

  • Annual third-party penetration testing
  • Continuous vulnerability scanning
  • Code dependency security monitoring
  • Periodic red-team exercises as part of BrainCert's SOC 2 program

Pen test reports can be shared with Enterprise customers under NDA.

Q: Can I rotate my API key?

Yes, use the /api/customer/rotate-key endpoint. The old key is invalidated immediately, so update all applications with the new key.

Q: Can I rotate my SMTP password?

Yes, use the /api/smtp-credentials/rotate endpoint with your X-API-Key header.

Q: How do I implement unsubscribe?

We automatically add:

  • List-Unsubscribe header (standard email client unsubscribe)
  • One-click unsubscribe (RFC 8058 compliant)
  • Unsubscribe link

You can also manage suppressions via API.

🔧 Technical Questions

Q: What programming languages do you support?

MailerLogic works with any language that can speak SMTP or HTTP/REST. We provide examples in cURL, Node.js, Python, and PHP, and you can use any standard HTTP or SMTP client in your stack (Go, Java, Ruby, .NET, etc.).

Q: Do you have SDKs or libraries?

Official SDKs are coming soon. Until then you can use:

  • Standard SMTP libraries (Nodemailer, PHPMailer, Python smtplib, etc.)
  • Any HTTP client (Axios, requests, fetch, Guzzle, etc.) to call the REST API

Q: What's your API rate limit?

We separate API request limits from email throughput and quotas.

API request rate limit

  • Default: 600 requests per minute per customer
  • Applies to all REST API endpoints
  • Enforced via HTTP 429 with standard rate-limit headers:
    X-RateLimit-Limit: 600
X-RateLimit-Remaining: 543
X-RateLimit-Reset: 1733686805

Email throughput limits

  • Shared IP pool: 50 emails/second (default)
  • Dedicated IPs: 500 emails/second (default, after warm-up)
  • Configurable per customer based on reputation and use case
  • When you exceed the throughput limit, emails are queued, not rejected. Our send engine drains the queue at the optimal rate for your account and IP reputation.

Daily & monthly quotas

  • Daily sending quota: 50,000 emails/day (default)
  • Monthly quota: 1,000,000 emails/month (default)
  • When you exceed a quota, new send requests are rejected with a quota_exceeded error until the limit resets or is increased.

Batch sending

  • Maximum 1,000 recipients per API call for /api/batch and /api/bulk-send
  • Encourages efficient use of the API and reduces overhead for high-volume senders

Why this design?

Many providers rely on strict per-request limits or return 429 for large send bursts. MailerLogic accepts your requests, queues emails internally, and sends at the correct rate for your configuration and reputation. This lets you run large campaigns reliably without manually managing backoff or throttling logic in your application.

If you need higher limits, contact support with your use case and we'll tune your configuration.

Q: Do you have a sandbox environment?

A dedicated sandbox environment is coming soon. In the meantime you can:

  • Send small volumes through production using test domains
  • Use the Content Scoring API to validate templates before real sends
  • Lock sending to internal/whitelisted recipient addresses during integration

Q: How do I test webhooks locally?

You can use any HTTP tunneling or webhook inspection service, for example:

  • ngrok – exposes localhost over HTTPS
  • webhook.site – simple endpoint that shows incoming payloads
  • RequestBin – captures and inspects webhook requests

Point your MailerLogic webhook URL at the generated public URL while you build and debug.

Q: Can I use MailerLogic behind a firewall?

Yes. Make sure your firewall allows:

  • Outbound HTTPS on port 443 for API calls
  • Outbound SMTP on ports 587 or 2525 for sending via SMTP
  • Inbound HTTPS on your webhook endpoint if you want to receive events

Q: What's your uptime SLA?

We target 99.9% uptime. Enterprise plans include:

  • Contractual SLA guarantees
  • Priority & on-call support
  • Incident notifications via our status page

Status page: https://status.mailerlogic.com

Email Sending

Send transactional and marketing emails via REST API. Simple API for sending individual emails with full tracking support.

Operations

Profile

Manage your customer profile, view usage limits, and rotate API keys. Start here to understand your account settings and available resources.

Operations

SMTP

Get SMTP credentials for sending emails directly through our mail servers. Use these endpoints to retrieve and rotate your SMTP passwords.

Operations

Sending Domains

Add and verify domains for sending authenticated emails. Configure SPF, DKIM, and DMARC records to improve deliverability.

Operations

Tracking Domains

Manage custom tracking domains for branded click and open tracking. Tracking domains allow you to use your own domain (e.g., track.yourdomain.com) instead of the default mailerlogic.net domain for tracking links and pixels.

Setup workflow:

  1. Create tracking domain
  2. Add CNAME record to DNS
  3. Verify DNS configuration
  4. SSL automatically provisions (1-2 minutes)
  5. Assign to sending domains
Operations

Statistics

Access detailed email delivery and engagement metrics. Query sends, bounces, opens, clicks, and spam complaints with flexible date filters.

Operations

Content Scoring

Analyze email content for spam patterns before sending. Get actionable feedback to improve deliverability scores.

Operations

Email Validation

Enterprise email validation API to reduce bounce rates and protect sender reputation. Real-time validation with syntax checking, domain verification, comprehensive disposable email detection, and MX record validation. Built-in intelligence to identify role accounts and suggest corrections for common typos.

Operations

Risk Assessment

Pre-send risk assessment API for Professional and Enterprise plans. Preview risk scores before sending emails to reduce bounce rates, improve deliverability, and maintain sender reputation. Get detailed risk analysis with actionable recommendations and enforcement policy insights.

Operations

Events

🔒 Enterprise Feature - Query email lifecycle events with human engagement detection and device analytics.

Operations

Suppressions

Manage system-level suppressions for bounces and spam complaints.

Suppression Types:

  • Hard Bounces: Permanent delivery failures (automatically added by the system)
  • Soft Bounces: Temporary delivery failures (automatically added after threshold)
  • Complaints: Spam complaints and feedback loop reports

Suppression Scope:

  • Global: Applies to ALL your domains (when no domain_id specified)
  • Domain-specific: Applies to a specific domain only

Key Features:

  • Automatic bounce and complaint handling
  • Whitelist management to override suppressions
  • List all suppressions with filtering
  • Manual suppression management

Automated list hygiene to protect your sender reputation and ensure compliance.

Operations

Unsubscribes

Manage user consent and opt-out preferences.

User-Initiated Opt-Outs:

  • Unsubscribe link clicks in emails
  • API-based unsubscribe requests
  • Domain-specific or global unsubscribe preferences

Unsubscribe Scope:

  • Global: User opts out from ALL your domains
  • Domain-specific: User opts out from a specific domain only

Key Features:

  • Add emails to unsubscribe list
  • Remove (re-subscribe) emails
  • List all unsubscribed emails with filtering
  • Automatic enforcement during email sending

Ensures compliance with CAN-SPAM, GDPR, and other anti-spam regulations.

Operations

Health Score

Monitor your account's email health and engagement quality metrics. Get a 0-100 score with reputation grade (A+ to F) and actionable insights.

Operations

Tracking

Public endpoints for open and click tracking. These are called automatically by email clients - no authentication required.

Operations

Outbound Webhooks

MailerLogic sends real-time webhook notifications to your configured endpoint for all email events.

Webhook Scopes:

Customer-Level Webhooks (domain_ids = null or [])

  • Receives events from ALL domains
  • Simplest setup for single-backend applications

Single Domain Webhooks (domain_ids = [uuid])

  • Receives events from ONE specific domain
  • Useful for isolated domains

Domain Group Webhooks (domain_ids = [uuid1, uuid2, ...])

  • Receives events from MULTIPLE specific domains
  • Perfect for grouping related domains when webhook endpoint limits apply
  • Example: Plan has 20 domains, 5 webhook limit → group marketing domains, support domains, etc.

Mixed Approach

  • You can combine all three types
  • Domain-specific/group webhooks fire first, then customer-level
  • Maximize efficiency with limited webhook endpoints

Create customer-level webhook (all domains):

curl -X POST https://api.mailerlogic.net/api/v1/customer/webhooks \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://your-app.com/webhooks/mailerlogic",
    "events": ["email.delivered", "email.opened", "email.clicked", "email.bounced", "email.complained"],
    "name": "Production Webhook",
    "domain_ids": null,
    "is_active": true
  }'

Create domain group webhook (multiple domains):

curl -X POST https://api.mailerlogic.net/api/v1/customer/webhooks \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://marketing.example.com/webhook",
    "events": ["email.opened", "email.clicked"],
    "name": "Marketing Domains Group",
    "domain_ids": [
      "550e8400-e29b-41d4-a716-446655440001",
      "550e8400-e29b-41d4-a716-446655440002",
      "550e8400-e29b-41d4-a716-446655440003"
    ],
    "is_active": true
  }'

Create single domain webhook:

curl -X POST https://api.mailerlogic.net/api/v1/customer/webhooks \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://support.example.com/webhook",
    "events": ["email.delivered", "email.bounced"],
    "name": "Support Domain Only",
    "domain_ids": ["550e8400-e29b-41d4-a716-446655440000"],
    "is_active": true
  }'

All webhook events include:

  • event - Event type (e.g., "email.delivered", "email.opened")
  • timestamp - ISO 8601 timestamp
  • email_id - UUID of the email (except unsubscribe events)
  • tag - Optional tag for filtering/grouping (if provided when sending)
  • metadata - Optional custom metadata object (if provided when sending)

Events sent to your endpoint:

Operations