Transactional API#

The Transactional API sends one-off emails triggered by events in your application — password resets, order confirmations, invoices, shipping notifications. These are different from campaigns: each send is addressed to a single recipient, triggered by a specific action, and usually expected within seconds.

Base URL#

https://pulse.novaza.ai/api/v1

Authentication#

Include an API key from Pulse → Settings → API keys:

Authorization: Bearer <api-key>

Transactional keys are separate from campaign keys and can be scoped to a single template.

Sending an Email#

curl -X POST https://pulse.novaza.ai/api/v1/transactional/send \
  -H "Authorization: Bearer $KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "to": "alice@example.com",
    "template": "order-confirmation",
    "variables": {
      "first_name": "Alice",
      "order_id": "A-1029",
      "total": "42.00"
    }
  }'

Response:

{ "id": "txn_01HXYZ...", "status": "queued" }

Templates#

Transactional emails use the same template editor as campaigns. Create a template once, reference it by slug from every API call, and update the design without redeploying your application.

Variables in a template use {{ name }} syntax. Any variable not provided in the request is rendered as the empty string.

Attachments#

Attachments can be included inline:

{
  "to": "alice@example.com",
  "subject": "Your invoice",
  "html": "<p>Invoice attached.</p>",
  "attachments": [
    { "filename": "invoice.pdf", "content": "<base64>", "type": "application/pdf" }
  ]
}

Total payload size (including attachments) is limited to 10 MB.

Webhooks#

Subscribe to delivery events to update your own systems:

Event	Fires when
`send.queued`	the request was accepted
`send.delivered`	the remote server accepted the message
`send.bounced`	the message bounced (soft or hard)
`send.opened`	the recipient opened the email
`send.clicked`	the recipient clicked a tracked link
`send.complained`	the recipient reported the email as spam

Webhook payloads are signed with HMAC-SHA256 so you can verify they came from Pulse.

Rate Limits#

Default: 100 requests per second per API key, with bursts up to 500. Contact support to raise limits for high-volume workloads.

Idempotency#

Send an Idempotency-Key header to safely retry a request. Pulse will return the original response and will not send a duplicate email.