Email Delivery Providers
Send through the email providers you already run. An admin configures one or more providers and an ordered fallback in the back office; Flash sends through them as a waterfall that always ends at the platform's managed email service. The provider is a transport swap only — Flash still injects tracking, personalization, A/B branches and unsubscribe handling itself, so nothing changes about how a campaign is built or measured.
What you can connect
Configured under Settings → Email Providers by an org admin — never per-campaign by a marketer.
SendGrid
Connect your SendGrid account with an API key. Flash sends via the v3 mail API.
Amazon SES (your account)
Bring your own AWS SES account (access key / region / verified from). Distinct from the platform's fallback SES.
Custom REST — any ESP
Point Flash at any provider's JSON send API with a field map. No adapter to wait on.
Raw SMTP relay is on the roadmap, not yet available — connect via a provider's API for now.
The fallback waterfall
Each send tries your providers in the priority order you set; a failing or unavailable provider is skipped and delivery falls to the next. The platform's managed email service is always the terminal fallback.
// Providers are tried in the priority order an admin sets. The list ALWAYS ends at
// the platform's managed Amazon SES account (the terminal fallback), which uses its
// own verified from-address so a fallback never bounces on an unverified domain.
Priority 1 → SendGrid (your account)
Priority 2 → Amazon SES (your own AWS account)
Priority 3 → Custom REST (any ESP with a send API)
Terminal → Platform Amazon SES (always on — the safety net)
// A provider that errors or is circuit-broken is skipped; delivery falls to the next.Connect any ESP with Custom REST
If your provider isn't built in, connect it by its send API — supply the endpoint, the auth header, and a field map. No code, no adapter to build.
// A "Custom REST" provider connects ANY ESP that exposes a JSON send API — no
// code, just configuration. An admin supplies the endpoint, the auth header, and a
// field map; Flash builds the request per message. Example (a generic ESP):
{
"provider": "custom_rest",
"config": {
"endpoint": "https://api.your-esp.com/v1/send",
"authHeader": "Authorization",
"authScheme": "Bearer", // → "Authorization: Bearer <apiKey>"
"toField": "to",
"fromField": "from",
"subjectField":"subject",
"htmlField": "html"
},
"secret": { "apiKey": "sk_live_…" } // encrypted at rest; never returned
}
// Per send, Flash POSTs: { "to": "...", "from": "...", "subject": "...", "html": "..." }
// with the auth header applied. 401/403 → credentials error (skip to next provider),
// 5xx/timeout → transient (skip to next provider). The HTML already carries Flash's
// own tracking pixel + link redirects, so opens/clicks keep working.Sync unsubscribes back into Flash
When you send through your own providers, opt-outs may be captured outside Flash — by your ESP, your preference center, or a form. Push them back with the Unsubscribe API so Flash suppresses that address on every send. You can also read an address's opt-out status. Authenticate with a tenant API key; the email is the identity.
// Push an opt-out INTO Flash — from your ESP's unsubscribe webhook, your own
// preference center, or a third-party form. Flash then suppresses this address on
// EVERY campaign send (the same signal the audience resolver checks). Idempotent.
POST https://flash.socialhub.ai/api/v2/members/unsubscribe
Authorization: Bearer fl_live_… // scope: members:write
Content-Type: application/json
{ "email": "ada@acme.com" }
// → 200 { "data": { "email": "ada@acme.com", "unsubscribed": true } }
// Read an address's opt-out status (e.g. reconcile before a bulk send):
GET https://flash.socialhub.ai/api/v2/members/unsubscribe?email=ada@acme.com
Authorization: Bearer fl_live_… // scope: members:read
// → 200 { "data": { "email": "ada@acme.com", "unsubscribed": true } }
// Re-subscribing is deliberately NOT an API toggle — re-granting marketing consent
// needs provable opt-in (CAN-SPAM / CASL), so it goes through the member's own
// consent flow, never this endpoint.How credentials are kept safe
Encrypted at rest
Every provider secret is encrypted immediately (AES-256-GCM) and never returned by the API or shown again — write-only in the UI.
Admin-only
Only org owners / admins can add, reorder, test or remove providers. Marketers never see or choose a provider.
Transport-only
Providers carry the message; Flash still owns tracking, personalization, A/B, unsubscribe headers and frequency caps — swap a provider without changing any of it.
Safe by default
If a provider's config can't be read, or every provider fails, delivery falls back to the platform's managed email service — sending never stalls.
See also: Cross-channel delivery · REST API
Bringing your own email provider?
Talk to an engineer about your ESP, deliverability, fallback strategy, or connecting a provider by its API.
Talk to engineering