Envoi
Transactional email that ships
Envoi is a transactional mail platform for teams who want to own their deliverability story. Bring your own domain, get a DKIM keypair in seconds, write your templates in Handlebars, and send through a single REST endpoint. Bounces and suppressions are handled for you.
We built Envoi because every attempt at “just send email” ends up in the same place: a third-party relay that hides the signing story, a dashboard that doesn't know about your team structure, and a pricing page that punishes you for growing. Envoi inverts that. Domains, templates, keys and suppression live in your team. DKIM is on your domain. Bounces feed your suppression list, not someone else's CRM.
And if you need multi-tenancy inside your own app — different customers sending from different domains — Envoi is built on Heimdall's tenancy primitives. Your customers' teams are real teams in our system.
Core features
Custom domains
Send from and receive at any domain you own. Envoi generates a per-domain DKIM keypair, gives you the DNS records to set, and verifies ownership via a TXT challenge.
Templates
Handlebars templates stored server-side. Render with a data payload, preview before you send, version with your git history. Subject, HTML, and plain-text are all templated.
Scoped API keys
Mint hdk_live_* keys with a permission set — message.send, template.create, domain.read, etc. Keys are tenancy-scoped so a staging key can't touch production data.
Multi-team
Organise domains, templates, and keys into teams. Invite teammates, assign roles (owner / admin / member). Each team gets its own suppression list and rate limits.
Suppression list
Permanent 5xx bounces auto-populate a per-team blocklist. Sends to suppressed addresses return 422 before they hit your queue. Manage manually or let it self-populate.
Inbound webhook-ready
Receive mail at any of your verified domains. Every message is stored with parsed MIME, attachments content-addressed, and full SPF / DKIM / DMARC auth results.
How it works
Three steps from zero to a signed email landing in a real inbox.
Step 1
Register + verify a domain
POST your fqdn; we generate a DKIM keypair and hand back the DNS records (MX, SPF, DKIM, verification TXT). Set them, then call verify.
POST /v1/apps/:appId/tenancies/:teamId/domains
{ "fqdn": "acme.com" }Step 2
Create a template
Handlebars subject + HTML + optional plain-text body. Render previews before sending.
POST /v1/apps/:appId/tenancies/:teamId/templates
{
"name": "welcome",
"subject": "Welcome, {{name}}",
"bodyHtml": "<h1>Hi {{name}}</h1><p>Thanks for signing up.</p>"
}Step 3
Send it
One HTTP call. Render + DKIM-sign + queue + deliver. Returns 202 Accepted once queued.
POST /v1/apps/:appId/tenancies/:teamId/templates/welcome/send
Authorization: Bearer hdk_live_...
{
"from": "hello@acme.com",
"to": "user@example.com",
"data": { "name": "Alice" }
}Technical details
REST-first
No SDK required. curl, fetch, any HTTP client. Every operation is a JSON POST / GET. OpenAPI spec at /docs on the API.
DKIM + SPF + DMARC
Outbound DKIM-signed per domain with a key you control. Inbound checks all three protocols via mailauth on every received message.
Rate-limited by design
Per-team sliding-window limits on outbound (60/min, 600/hr, 10k/day default). Per-caller limits on verification-email resends. Clean 429 responses.
DKIM keys encrypted at rest
Private keys are stored AES-256-GCM envelope-encrypted with a cluster-managed master key. Rotation is a documented procedure, not a migration.
Dogfooded
ProductCraft uses Envoi for every transactional email across our own products. The problems we hit show up in the roadmap first.
Send your first email
The getting-started guide walks through domain verification, DNS records, template authoring, and your first send — all with copy-paste curl commands.