Campaign Email Automation Through 10xDotIn

This guide is for an external developer integrating with 10xDotIn email automation for a handle. It covers the supported API path for setting up verified senders, reusable templates, direct email sends, and campaign email rules such as lead-capture follow-ups or conversion-triggered messages.

Warning

Email automation currently uses JWT handle access on /v2/handles/{handle}/... routes. Personal Access Tokens are not supported for these email sender, template, message, or campaign email-rule routes yet. Do not request or depend on email:sender:* or email:rule:* scopes. Those scopes are not part of the current 10xDotIn permission model.

Quick Answer: Should This Work With JWT?

Yes, this should work with JWT when all of the following are true:

The token is a valid 10xDotIn/Product Suite JWT accepted by the /v2/handles/* API gateway authorizer.
The JWT subject maps to a user who has OPERATOR or OWNER access to the target handle.
The target handle is active.
The account owns the sending domain.
The domain email identity is READY.
The sender profile is enabled, READY, and has the correct purpose for the action.
The email template exists and is active.
The transactional email queues are configured in the target environment.

JWT alone is not enough if the user lacks handle access, the sender/domain is not ready, the template does not exist, or the environment queue is unavailable.

If the caller has only a PAT or an OpenAnalyst runtime token, the current email APIs should not be assumed to work. A server-to-server or unattended external automation would need a purpose-built PAT-facing wrapper route or a scoped extension added to 10xDotIn.

Auth Model

Use the same JWT that the signed-in Product Suite user uses for handle-admin APIs.

export TENX_API_BASE="https://ai.10x.in"
export TENX_JWT="<10xdotin-product-suite-jwt>"
export TENX_HANDLE="acme"
export TENX_DOMAIN="example.com"

Pass it on every request:

-H "Authorization: Bearer ${TENX_JWT}"

Required role by route family:

Route family	Minimum handle role
`GET /v2/handles/{handle}/email/senders`	`OPERATOR`
`PUT /v2/handles/{handle}/email/senders/{senderId}`	`OPERATOR`
`GET/POST/PUT /v2/handles/{handle}/email/templates*`	`OPERATOR`
`POST /v2/handles/{handle}/email/messages`	`OPERATOR`
`GET /v2/handles/{handle}/email/messages*`	`OPERATOR`
`GET /v2/handles/{handle}/email/events`	`OPERATOR`
`GET /v2/handles/{handle}/campaigns/{campaignId}/email-rules`	`CREATOR`
`POST/PUT/DELETE /v2/handles/{handle}/campaigns/{campaignId}/email-rules*`	`OPERATOR`

Supported Endpoint Summary

Job	Method and path	Success
Check domain email identity	`GET /v2/account/domains/{domain}/email-identity`	`200`
Reconcile domain email identity	`POST /v2/account/domains/{domain}/email-identity/reconcile`	`202`
List sender profiles	`GET /v2/handles/{handle}/email/senders`	`200`
Create or update sender profile	`PUT /v2/handles/{handle}/email/senders/{senderId}`	`200`
List templates	`GET /v2/handles/{handle}/email/templates`	`200`
Create template	`POST /v2/handles/{handle}/email/templates`	`201`
Update template	`PUT /v2/handles/{handle}/email/templates/{templateId}`	`200`
Queue direct email message	`POST /v2/handles/{handle}/email/messages`	`202`
List queued/sent messages	`GET /v2/handles/{handle}/email/messages`	`200`
Get one message and timeline	`GET /v2/handles/{handle}/email/messages/{messageId}`	`200`
List delivery events	`GET /v2/handles/{handle}/email/events`	`200`
List campaign email rules	`GET /v2/handles/{handle}/campaigns/{campaignId}/email-rules`	`200`
Create campaign email rule	`POST /v2/handles/{handle}/campaigns/{campaignId}/email-rules`	`201`
Update campaign email rule	`PUT /v2/handles/{handle}/campaigns/{campaignId}/email-rules/{ruleId}`	`200`
Delete campaign email rule	`DELETE /v2/handles/{handle}/campaigns/{campaignId}/email-rules/{ruleId}`	`204`

Prerequisite Setup Flow

1. Verify The Domain Email Identity

curl -sS "${TENX_API_BASE}/v2/account/domains/${TENX_DOMAIN}/email-identity" \
  -H "Authorization: Bearer ${TENX_JWT}"

Expected ready shape:

{
  "identity": {
    "identityKey": "us-east-1#example.com",
    "region": "us-east-1",
    "domain": "example.com",
    "status": "READY",
    "requiredDnsRecords": [],
    "mailFromDomain": "bounce.example.com"
  },
  "senderProfiles": []
}

If the status is not READY, reconcile after DNS is configured:

curl -sS -X POST "${TENX_API_BASE}/v2/account/domains/${TENX_DOMAIN}/email-identity/reconcile" \
  -H "Authorization: Bearer ${TENX_JWT}"

Reconcile returns 202; it does not mean DNS is ready immediately. Poll the identity endpoint until status is READY.

2. Create A Sender Profile

Sender profile rules:

senderId must start with sender_.
localPart must be one of: noreply, notifications, calendar, support, hello.
purposes must include the purpose you will use later.
Campaign email rules require PRODUCT_NOTIFICATION.
Lead-capture OTP verification requires LEAD_VERIFICATION.
Direct transactional sends usually use TRANSACTIONAL_API.

curl -sS -X PUT "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/email/senders/sender_notifications" \
  -H "Authorization: Bearer ${TENX_JWT}" \
  -H "Content-Type: application/json" \
  -d '{
    "domain": "example.com",
    "localPart": "notifications",
    "displayName": "Acme Notifications",
    "replyTo": "support@example.com",
    "purposes": ["PRODUCT_NOTIFICATION", "LEAD_VERIFICATION", "TRANSACTIONAL_API"],
    "enabled": true
  }'

Response:

{
  "sender": {
    "senderId": "sender_notifications",
    "domain": "example.com",
    "localPart": "notifications",
    "fromEmail": "notifications@example.com",
    "displayName": "Acme Notifications",
    "replyTo": "support@example.com",
    "purposes": ["PRODUCT_NOTIFICATION", "LEAD_VERIFICATION", "TRANSACTIONAL_API"],
    "enabled": true,
    "status": "READY",
    "identityKey": "us-east-1#example.com"
  }
}

3. Create A Template

Template rules:

templateId must start with tmpl_.
A template needs a subject and at least one body field, html or text.
Template variables use {{variableName}}.

curl -sS -X POST "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/email/templates" \
  -H "Authorization: Bearer ${TENX_JWT}" \
  -H "Content-Type: application/json" \
  -d '{
    "templateId": "tmpl_lead_followup",
    "name": "Lead follow-up",
    "subject": "Thanks for reaching out, {{firstName}}",
    "html": "<p>Hi {{firstName}}, thanks for your interest in {{service}}.</p>",
    "text": "Hi {{firstName}}, thanks for your interest in {{service}}."
  }'

Response:

{
  "template": {
    "handle": "acme",
    "templateId": "tmpl_lead_followup",
    "name": "Lead follow-up",
    "activeVersion": 1,
    "status": "ACTIVE"
  }
}

Direct Send Flow

Use POST /v2/handles/{handle}/email/messages when the integration wants to queue a single outbound email directly.

curl -sS -X POST "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/email/messages" \
  -H "Authorization: Bearer ${TENX_JWT}" \
  -H "Content-Type: application/json" \
  -d '{
    "senderId": "sender_notifications",
    "to": ["buyer@example.com"],
    "purpose": "TRANSACTIONAL_API",
    "idempotencyKey": "receipt-ord_12345",
    "consentAttestation": true,
    "templateId": "tmpl_lead_followup",
    "variables": {
      "firstName": "Asha",
      "service": "AI workflow setup"
    }
  }'

Accepted response:

{
  "message": {
    "messageId": "msg_abc123",
    "handle": "acme",
    "status": "QUEUED",
    "purpose": "TRANSACTIONAL_API",
    "senderId": "sender_notifications",
    "recipientCount": 1,
    "fromEmail": "Acme Notifications <notifications@example.com>",
    "createdAt": "2026-06-12T08:00:00.000Z"
  }
}

202 QUEUED means the API stored the message and queued delivery. It is not proof of inbox delivery. Use the message and event endpoints for delivery state.

Campaign Email Rule Flow

Use campaign email rules when 10xDotIn should send emails automatically in response to campaign events.

Supported rule triggers:

Trigger	Meaning	Delay
`LEAD_CAPTURED`	Send when a campaign lead is captured	Immediate
`LEAD_CAPTURED_DELAYED`	Schedule a follow-up after lead capture	Requires `delayMinutes`
`CONVERSION`	Send when a campaign conversion is recorded	Immediate

Delayed sends require delayMinutes from 15 through 43200 minutes, which is 30 days.

Creating a rule does not send emails to existing leads retroactively. It applies to future trigger jobs for that campaign.

Create An Immediate Lead-Captured Rule

curl -sS -X POST "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/campaigns/cmp_welcome/email-rules" \
  -H "Authorization: Bearer ${TENX_JWT}" \
  -H "Content-Type: application/json" \
  -d '{
    "trigger": "LEAD_CAPTURED",
    "templateId": "tmpl_lead_followup",
    "senderId": "sender_notifications",
    "enabled": true,
    "variableMappings": {
      "firstName": "firstName",
      "service": "fields.service"
    }
  }'

Response:

{
  "rule": {
    "ruleId": "cer_2f3ddf1b-7d15-4f70-83bb-1d28b91a42c5",
    "campaignId": "cmp_welcome",
    "trigger": "LEAD_CAPTURED",
    "delayMinutes": null,
    "templateId": "tmpl_lead_followup",
    "senderId": "sender_notifications",
    "variableMappings": {
      "firstName": "firstName",
      "service": "fields.service"
    },
    "enabled": true,
    "version": 1,
    "createdAt": "2026-06-12T08:00:00.000Z",
    "updatedAt": "2026-06-12T08:00:00.000Z"
  }
}

Create A Delayed Follow-Up Rule

curl -sS -X POST "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/campaigns/cmp_welcome/email-rules" \
  -H "Authorization: Bearer ${TENX_JWT}" \
  -H "Content-Type: application/json" \
  -d '{
    "trigger": "LEAD_CAPTURED_DELAYED",
    "delayMinutes": 1440,
    "templateId": "tmpl_lead_followup",
    "senderId": "sender_notifications",
    "enabled": true
  }'

1440 schedules the email approximately one day after the lead-capture trigger.

Create A Conversion Rule

curl -sS -X POST "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/campaigns/cmp_welcome/email-rules" \
  -H "Authorization: Bearer ${TENX_JWT}" \
  -H "Content-Type: application/json" \
  -d '{
    "trigger": "CONVERSION",
    "templateId": "tmpl_lead_followup",
    "senderId": "sender_notifications",
    "enabled": true
  }'

List Rules

curl -sS "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/campaigns/cmp_welcome/email-rules" \
  -H "Authorization: Bearer ${TENX_JWT}"

Update A Rule

Use expectedVersion when your UI or integration edits a rule to avoid overwriting a concurrent change.

curl -sS -X PUT "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/campaigns/cmp_welcome/email-rules/cer_2f3ddf1b-7d15-4f70-83bb-1d28b91a42c5" \
  -H "Authorization: Bearer ${TENX_JWT}" \
  -H "Content-Type: application/json" \
  -d '{
    "trigger": "LEAD_CAPTURED_DELAYED",
    "delayMinutes": 2880,
    "templateId": "tmpl_lead_followup",
    "senderId": "sender_notifications",
    "enabled": true,
    "expectedVersion": 1
  }'

If the version has changed, the API returns 409 version_conflict.

Delete A Rule

curl -sS -X DELETE "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/campaigns/cmp_welcome/email-rules/cer_2f3ddf1b-7d15-4f70-83bb-1d28b91a42c5" \
  -H "Authorization: Bearer ${TENX_JWT}"

The delete is a soft delete and returns 204. Repeating the delete is safe.

Template Variables For Campaign Rules

Campaign-triggered sends render variables from the lead snapshot captured at trigger time. Default variables include:

Variable	Source
`leadId`	Lead id
`email`	Lead email
`name`	Lead full name
`firstName`	Explicit first name or first word of `name`
`phone`	Lead phone
`company`	Lead company
`service`	Lead service
`message`	Lead message
`source`	Lead source

Use variableMappings to map template variables to either top-level lead fields or custom fields:

{
  "variableMappings": {
    "requestedService": "fields.service",
    "companyName": "company"
  }
}

Mapping keys and values must be short safe identifiers containing letters, numbers, _, ., or -.

Delivery And Debugging

Campaign email rules create transactional email messages asynchronously when trigger jobs run. The final delivery worker validates the sender and domain again before sending. If a sender or domain becomes disabled after rule creation, the queued message can be denied instead of sent.

Inspect message state:

curl -sS "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/email/messages?limit=25" \
  -H "Authorization: Bearer ${TENX_JWT}"

Inspect one message timeline:

curl -sS "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/email/messages/msg_abc123" \
  -H "Authorization: Bearer ${TENX_JWT}"

Inspect events:

curl -sS "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/email/events?messageId=msg_abc123" \
  -H "Authorization: Bearer ${TENX_JWT}"

When listing events without messageId or recipient, include at least purpose or since.

Common Errors

Status	Error	Meaning	Fix
`401`	`missing_bearer_token`	No bearer token was supplied	Send `Authorization: Bearer <jwt>`
`401`	Authorizer failure	JWT is expired, malformed, or not accepted by the API gateway authorizer	Obtain a fresh 10xDotIn/Product Suite JWT
`403`	`forbidden`	JWT user has no access to the handle or account	Grant the user handle access
`403`	`insufficient_role`	User has a lower role than required	Use an `OPERATOR` or `OWNER` user
`404`	`account_domain_not_found`	Domain is not attached to this account	Attach the domain first
`409`	`domain_email_identity_not_ready`	Domain email identity is not verified and ready	Fix DNS and reconcile identity
`400`	`invalid_sender_id`	Sender id is missing or does not start with `sender_`	Use a valid sender id
`400`	`sender_local_part_not_allowed`	Sender local part is not in the allowlist	Use `noreply`, `notifications`, `calendar`, `support`, or `hello`
`404`	`sender_profile_not_found`	Sender profile does not exist	Create the sender profile
`409`	`sender_profile_not_ready` or `sender_not_ready`	Sender is disabled or paused	Enable or recreate a ready sender
`403`	`sender_purpose_not_allowed`	Direct send purpose is not allowed for sender	Add the purpose or use another sender
`409`	`sender_missing_product_notification_purpose`	Campaign rule sender lacks `PRODUCT_NOTIFICATION`	Add `PRODUCT_NOTIFICATION` to sender purposes
`404`	`campaign_not_found`	Campaign id does not exist for this handle	Create or correct the campaign id
`404`	`email_template_not_found`	Template id does not exist	Create or correct the template id
`409`	`email_template_not_active`	Template exists but is paused/inactive	Activate or update the template
`400`	`invalid_trigger`	Campaign email trigger is invalid	Use `LEAD_CAPTURED`, `LEAD_CAPTURED_DELAYED`, or `CONVERSION`
`400`	`delay_minutes_required_for_delayed_trigger`	Delayed trigger is missing delay	Provide `delayMinutes`
`400`	`delay_minutes_below_minimum`	Delay is shorter than 15 minutes	Use `LEAD_CAPTURED` or set delay to at least 15
`400`	`delay_minutes_above_maximum`	Delay is longer than 30 days	Use a delay no greater than 43200
`409`	`version_conflict`	Rule was edited since the caller read it	Re-read and retry with latest `expectedVersion`
`400`	`consent_attestation_required`	Direct send did not attest recipient consent	Set `consentAttestation: true`
`409`	`email_recipient_suppressed`	Recipient is suppressed for this tenant	Do not retry until suppression is resolved
`429`	`email_quota_exceeded`	Tenant email quota is exhausted	Retry after quota reset or reduce volume
`503`	`transactional_email_queue_unavailable`	Delivery queue is not configured or unavailable	Check target environment health

Validation Checklist For External Developers

Before enabling automation for a customer:

Confirm GET /v2/account/domains/{domain}/email-identity returns identity.status = "READY".
Confirm GET /v2/handles/{handle}/email/senders returns the selected sender with enabled = true, status = "READY", and the required purpose.
Confirm GET /v2/handles/{handle}/email/templates returns the selected active template.
Queue one direct test email with a unique idempotencyKey.
Create a test campaign email rule on a test campaign.
Trigger a test lead or conversion event.
Confirm a message appears under GET /v2/handles/{handle}/email/messages.
Confirm events show SENT or a specific denial/failure reason.

Security Guidance

Do not expose JWTs in browser logs, server logs, analytics payloads, or screenshots.
Do not store user JWTs as permanent credentials. Treat them as session credentials and rotate/refresh through the product's normal auth flow.
Do not use PATs for current email routes. They are not accepted on this surface.
Do not write directly to DynamoDB tables. The APIs perform handle access, sender purpose, identity readiness, suppression, quota, and idempotency checks.
For external BFFs, proxy only an allowlist of the routes in this document and preserve upstream status codes and error codes.
For unattended server-to-server email automation, request a new 10xDotIn public PAT wrapper design instead of trying to reuse internal JWT-only routes.

Related Guide

For direct one-off email sending examples and message/event inspection, see Email Sending Through 10xDotIn.

Campaign Email Automation Through 10xDotIn

Warning

Quick Answer: Should This Work With JWT?

Auth Model

Supported Endpoint Summary

Prerequisite Setup Flow

1. Verify The Domain Email Identity

2. Create A Sender Profile

3. Create A Template

Direct Send Flow

Campaign Email Rule Flow

Create An Immediate Lead-Captured Rule

Create A Delayed Follow-Up Rule

Create A Conversion Rule

List Rules

Update A Rule

Delete A Rule

Template Variables For Campaign Rules

Delivery And Debugging

Common Errors

Validation Checklist For External Developers

Security Guidance

Related Guide

Unlock the rest of this page