Sendoka Documentation

Developer-first transactional email + SMS API — one key, one billing account, one dashboard.

Pick your path

I'm evaluating. Start here:

• Quickstart — first email in 5 minutes (curl / fetch / Python)
• Concepts & glossary — one-page vocabulary
• API overview — what the REST surface looks like

I'm integrating. These are the references you'll keep open:

• Authentication — keys, scopes, IP allow-lists
• Emails · SMS · Templates
• Errors & codes — full catalog
• Idempotency · Rate limits
• Webhooks · Event catalog
• Developer tools — CLI · Postman collections · MCP server

I'm building a SaaS on top (multi-tenant).

• Platform mode overview
• First tenant walkthrough

I'm running it. Ops & deployment:

• Local dev
• Deployment
• Operations — crons, audit log, observability
• Migrations
• Open gaps

I'm extending it. Architecture:

• Stack & directory layout
• Database schema
• Integrations — AWS SES/SNS, Stripe, Neon, Upstash

Recipes

Copy-paste patterns for common jobs — recipes/:

• Resend a bounced message
• Retry webhook delivery
• Migrate from Resend
• Migrate from Twilio
• Bulk audience send with chunking
• Per-tenant suppression list

Quick reference

• Root README: ../README.md
• Env template: ../.env.example
• OpenAPI spec: /api/openapi.json (live from the running app)
• Interactive explorer: /docs/reference (Scalar over the live spec; try endpoints with a test key)
• Changelog: ../CHANGELOG.md

What Sendoka gives you

• One API, two channels — email (AWS SES v2, multi-region with fallback) and SMS/MMS (AWS SNS).
• Per-org API keys with live/test split, scoped permissions, optional expiry, per-key rate limits, domain allowlists.
• Templates with {{variable}} interpolation, versioning, in-app preview + test-send.
• Attachments on email (SES raw MIME) with size and count guardrails.
• Scheduled sends via scheduled_at + minute cron; in-app cancellation.
• Domain verification via SES DKIM, SPF, DMARC hints.
• Open + click tracking with signed pixel and rewrite links, RFC 8058 one-click unsubscribe.
• Suppression list keyed per org + tenant (bounce, complaint, STOP keyword, unsubscribe) — managed via /v1/suppressions or the dashboard at /overview/suppressions.
• Platform mode — sub-organizations (tenants) with isolated suppressions, webhooks, domains, templates, audiences, and usage. features/platforms.md.
• Webhook fan-out via Next.js after() with durable delivery log, exponential-backoff retries, HMAC secret rotation.
• Inbound webhooks for SES + SNS with signature verification; inbound-email receiving.
• Auth: NextAuth v4 credentials + Google + GitHub + email verification + password reset + TOTP 2FA + session-version invalidation.
• Multi-org membership with invite flow, roles, org switcher.
• Usage-based billing — Stripe Checkout + Billing Portal, metered overage reporting.
• Idempotency with body-hash check; cursor pagination on every list endpoint.
• Audit log (backend + dashboard) for security-sensitive actions.
• Dashboard: onboarding checklist, deliverability by domain, message search, activity feed, command palette, dark mode.
• Operations: /api/health, structured JSON logger, GitHub Actions CI.