Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.paubox.com/llms.txt

Use this file to discover all available pages before exploring further.

Why migrate

Resend does not sign Business Associate Agreements (BAAs). HIPAA requires a signed BAA with any vendor that handles Protected Health Information (PHI) in transit — including transactional email providers. Paubox is purpose-built for HIPAA-compliant email and signs a BAA with every customer, and TLS is always-on for every message. Resend’s API uses familiar Bearer-auth and JSON patterns, so the switch is a small refactor for developers already comfortable with Resend.

What stays the same

  • REST API over HTTPS with JSON request bodies
  • API key authentication via the Authorization: Bearer header
  • Domain authentication: SPF and DKIM records required
  • SMTP as an alternative to the HTTP API
  • Webhook-based event notifications for delivery status

Key differences

DimensionResendPaubox Email API
Base URLhttps://api.resend.com/emailshttps://api.paubox.net/v1/$PAUBOX_ENDPOINT/messages
Auth headerAuthorization: Bearer $RESEND_API_KEYAuthorization: Bearer $PAUBOX_API_KEY
Request body shapefrom, to, subject, html flat keysdata.message object with headers and content keys
Recipients fieldto — array of stringsrecipients — array of strings, nested under data.message
SMTP hostsmtp.resend.comsmtp.paubox.com
SMTP usernameresend (literal)apikey (literal)
SMTP port465 (recommended), 587, 25587 (also supports 465, 25)
Webhook eventsemail.sent, email.delivered, email.bounced, email.opened, email.clicked, email.complained, email.delivery_delayeddelivered, opened, temporary_failure, permanent_failure
Batch send/emails/batch endpoint/bulk_messages endpoint, recommended max 50 per request
TLS enforcementOptionalAlways-on, cannot be disabled
BAA availableNoYes — signed with every customer

Send a single email

curl -X POST https://api.resend.com/emails \
  -H "Authorization: Bearer $RESEND_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "from": "provider@yourclinic.com",
    "to": ["patient@example.com"],
    "subject": "Your appointment summary",
    "html": "<p>See attached.</p>"
  }'
Note:$PAUBOX_ENDPOINT is the username shown on your Paubox Email API > Settings page — not your email address.

SMTP configuration

const transporter = nodemailer.createTransport({
  host: 'smtp.resend.com',
  port: 465,
  auth: {
    user: 'resend',
    pass: process.env.RESEND_API_KEY,
  },
});
Tip:Two changes are required: update host from smtp.resend.com to smtp.paubox.com, and change the literal username from resend to apikey.

Webhook event mapping

Resend eventPaubox event keyNotes
email.deliveredapi_mail_log_delivered
email.openedapi_mail_log_opened
email.bouncedapi_mail_log_permanent_failure
email.delivery_delayedapi_mail_log_temporary_failure
email.clicked— no equivalentRemove handler or no-op; poll click data via Get message receipt
email.complained— no equivalentRemove handler
email.sent— no equivalentRemove handler; delivered confirms acceptance
Note:Click tracking is available by polling GET /message_receipt?sourceTrackingId=... — it is not delivered as a push webhook event.

Migration checklist

1

Sign a BAA with Paubox

Required before go-live. Contact Paubox to initiate the Business Associate Agreement.
2

Create an account and verify your sending domain

Add your domain on the Paubox Email API > Settings page and complete the TXT record verification. See the Quickstart guide for step-by-step instructions.
3

Generate a Paubox API key

From the Settings page, generate an API key and note your customer endpoint (https://api.paubox.net/v1/YOUR_USERNAME).
4

Update base URL, auth header, and request body

Apply the changes shown in the Key differences table and Send a single email section above. Note that recipients move from a top-level to array into data.message.recipients.
5

Update SMTP credentials

If you use the SMTP path, update host to smtp.paubox.com and change the literal username from resend to apikey. See SMTP configuration above.
6

Remap or remove webhook handlers

Update your webhook endpoint using the event mapping table above. Remove handlers for email.clicked, email.complained, and email.sent.
7

Remove any code that disables TLS

Paubox enforces TLS on every message. Any allowNonTLS: true or equivalent settings should be removed.
8

Send a test message

Confirm delivery using the Get message receipt endpoint with the sourceTrackingId returned from your test send.
9

Swap DNS records

Replace Resend SPF/DKIM records with the Paubox records shown in your Settings page.
10

Revoke Resend API keys

Once traffic has fully moved to Paubox, revoke your Resend API keys.

Next steps

Quickstart guide

Full setup walkthrough from account creation to first send

Webhooks reference

Configure delivery event notifications

Batch send

Send up to 50 messages in a single request

SMTP API

Connect via SMTP instead of REST