Campaign Email Automation Through 10xDotIn
This guide is for an external developer integrating with 10xDotIn email automation for a handle. It covers the supported API path for setting up verified senders, reusable templates, direct email sends, and campaign email rules such as lead-capture follow-ups or conversion-triggered messages.
Quick Answer: Should This Work With JWT?
Yes, this should work with JWT when all of the following are true:
- The token is a valid 10xDotIn/Product Suite JWT accepted by the
/v2/handles/*API gateway authorizer. - The JWT subject maps to a user who has
OPERATORorOWNERaccess to the target handle. - The target handle is active.
- The account owns the sending domain.
- The domain email identity is
READY. - The sender profile is enabled,
READY, and has the correct purpose for the action. - The email template exists and is active.
- The transactional email queues are configured in the target environment.
JWT alone is not enough if the user lacks handle access, the sender/domain is not ready, the template does not exist, or the environment queue is unavailable.
If the caller has only a PAT or an OpenAnalyst runtime token, the current email APIs should not be assumed to work. A server-to-server or unattended external automation would need a purpose-built PAT-facing wrapper route or a scoped extension added to 10xDotIn.
Auth Model
Use the same JWT that the signed-in Product Suite user uses for handle-admin APIs.
export TENX_API_BASE="https://ai.10x.in"
export TENX_JWT="<10xdotin-product-suite-jwt>"
export TENX_HANDLE="acme"
export TENX_DOMAIN="example.com"Pass it on every request:
-H "Authorization: Bearer ${TENX_JWT}"Required role by route family:
| Route family | Minimum handle role |
|---|---|
GET /v2/handles/{handle}/email/senders | OPERATOR |
PUT /v2/handles/{handle}/email/senders/{senderId} | OPERATOR |
GET/POST/PUT /v2/handles/{handle}/email/templates* | OPERATOR |
POST /v2/handles/{handle}/email/messages | OPERATOR |
GET /v2/handles/{handle}/email/messages* | OPERATOR |
GET /v2/handles/{handle}/email/events | OPERATOR |
GET /v2/handles/{handle}/campaigns/{campaignId}/email-rules | CREATOR |
POST/PUT/DELETE /v2/handles/{handle}/campaigns/{campaignId}/email-rules* | OPERATOR |
Supported Endpoint Summary
| Job | Method and path | Success |
|---|---|---|
| Check domain email identity | GET /v2/account/domains/{domain}/email-identity | 200 |
| Reconcile domain email identity | POST /v2/account/domains/{domain}/email-identity/reconcile | 202 |
| List sender profiles | GET /v2/handles/{handle}/email/senders | 200 |
| Create or update sender profile | PUT /v2/handles/{handle}/email/senders/{senderId} | 200 |
| List templates | GET /v2/handles/{handle}/email/templates | 200 |
| Create template | POST /v2/handles/{handle}/email/templates | 201 |
| Update template | PUT /v2/handles/{handle}/email/templates/{templateId} | 200 |
| Queue direct email message | POST /v2/handles/{handle}/email/messages | 202 |
| List queued/sent messages | GET /v2/handles/{handle}/email/messages | 200 |
| Get one message and timeline | GET /v2/handles/{handle}/email/messages/{messageId} | 200 |
| List delivery events | GET /v2/handles/{handle}/email/events | 200 |
| List campaign email rules | GET /v2/handles/{handle}/campaigns/{campaignId}/email-rules | 200 |
| Create campaign email rule | POST /v2/handles/{handle}/campaigns/{campaignId}/email-rules | 201 |
| Update campaign email rule | PUT /v2/handles/{handle}/campaigns/{campaignId}/email-rules/{ruleId} | 200 |
| Delete campaign email rule | DELETE /v2/handles/{handle}/campaigns/{campaignId}/email-rules/{ruleId} | 204 |
| Get campaign coupon fulfillment config | GET /v2/handles/{handle}/campaigns/{campaignId}/coupon-fulfillment | 200 |
| Enable or update coupon fulfillment | PUT /v2/handles/{handle}/campaigns/{campaignId}/coupon-fulfillment | 200 |
| Rotate coupon webhook secret | POST /v2/handles/{handle}/campaigns/{campaignId}/coupon-fulfillment/rotate-secret | 200 |
| Look up coupon fulfillment by email | GET /v2/handles/{handle}/campaigns/{campaignId}/coupon-fulfillments?email={email} | 200 |
| Retry a failed coupon fulfillment | POST /v2/handles/{handle}/campaigns/{campaignId}/coupon-fulfillments/{fulfillmentId}/retry?emailHash={emailHash} | 200 |
Prerequisite Setup Flow
1. Verify The Domain Email Identity
curl -sS "${TENX_API_BASE}/v2/account/domains/${TENX_DOMAIN}/email-identity" \
-H "Authorization: Bearer ${TENX_JWT}"Expected ready shape:
{
"identity": {
"identityKey": "us-east-1#example.com",
"region": "us-east-1",
"domain": "example.com",
"status": "READY",
"requiredDnsRecords": [],
"mailFromDomain": "bounce.example.com"
},
"senderProfiles": []
}If the status is not READY, reconcile after DNS is configured:
curl -sS -X POST "${TENX_API_BASE}/v2/account/domains/${TENX_DOMAIN}/email-identity/reconcile" \
-H "Authorization: Bearer ${TENX_JWT}"Reconcile returns 202; it does not mean DNS is ready immediately. Poll the identity endpoint until status is READY.
2. Create A Sender Profile
Sender profile rules:
senderIdmust start withsender_.localPartmust be one of:noreply,notifications,calendar,support,hello.purposesmust include the purpose you will use later.- Campaign email rules require
PRODUCT_NOTIFICATION. - Lead-capture OTP verification requires
LEAD_VERIFICATION. - Direct transactional sends usually use
TRANSACTIONAL_API.
curl -sS -X PUT "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/email/senders/sender_notifications" \
-H "Authorization: Bearer ${TENX_JWT}" \
-H "Content-Type: application/json" \
-d '{
"domain": "example.com",
"localPart": "notifications",
"displayName": "Acme Notifications",
"replyTo": "support@example.com",
"purposes": ["PRODUCT_NOTIFICATION", "LEAD_VERIFICATION", "TRANSACTIONAL_API"],
"enabled": true
}'Response:
{
"sender": {
"senderId": "sender_notifications",
"domain": "example.com",
"localPart": "notifications",
"fromEmail": "notifications@example.com",
"displayName": "Acme Notifications",
"replyTo": "support@example.com",
"purposes": ["PRODUCT_NOTIFICATION", "LEAD_VERIFICATION", "TRANSACTIONAL_API"],
"enabled": true,
"status": "READY",
"identityKey": "us-east-1#example.com"
}
}3. Create A Template
Template rules:
templateIdmust start withtmpl_.- A template needs a
subjectand at least one body field,htmlortext. - Template variables use
{{variableName}}.
curl -sS -X POST "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/email/templates" \
-H "Authorization: Bearer ${TENX_JWT}" \
-H "Content-Type: application/json" \
-d '{
"templateId": "tmpl_lead_followup",
"name": "Lead follow-up",
"subject": "Thanks for reaching out, {{firstName}}",
"html": "<p>Hi {{firstName}}, thanks for your interest in {{service}}.</p>",
"text": "Hi {{firstName}}, thanks for your interest in {{service}}."
}'Response:
{
"template": {
"handle": "acme",
"templateId": "tmpl_lead_followup",
"name": "Lead follow-up",
"activeVersion": 1,
"status": "ACTIVE"
}
}Direct Send Flow
Use POST /v2/handles/{handle}/email/messages when the integration wants to queue a single outbound email directly.
curl -sS -X POST "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/email/messages" \
-H "Authorization: Bearer ${TENX_JWT}" \
-H "Content-Type: application/json" \
-d '{
"senderId": "sender_notifications",
"to": ["buyer@example.com"],
"purpose": "TRANSACTIONAL_API",
"idempotencyKey": "receipt-ord_12345",
"consentAttestation": true,
"templateId": "tmpl_lead_followup",
"variables": {
"firstName": "Asha",
"service": "AI workflow setup"
}
}'Accepted response:
{
"message": {
"messageId": "msg_abc123",
"handle": "acme",
"status": "QUEUED",
"purpose": "TRANSACTIONAL_API",
"senderId": "sender_notifications",
"recipientCount": 1,
"fromEmail": "Acme Notifications <notifications@example.com>",
"createdAt": "2026-06-12T08:00:00.000Z"
}
}202 QUEUED means the API stored the message and queued delivery. It is not proof of inbox delivery. Use the message and event endpoints for delivery state.
Campaign Email Rule Flow
Use campaign email rules when 10xDotIn should send emails automatically in response to campaign events.
Supported rule triggers:
| Trigger | Meaning | Delay |
|---|---|---|
LEAD_CAPTURED | Send when a campaign lead is captured | Immediate |
LEAD_CAPTURED_DELAYED | Schedule a follow-up after lead capture | Requires delayMinutes |
CONVERSION | Send when a campaign conversion is recorded | Immediate |
Delayed sends require delayMinutes from 15 through 43200 minutes, which is 30 days.
Creating a rule does not send emails to existing leads retroactively. It applies to future trigger jobs for that campaign.
Coupon Fulfillment For Verified Leads
Use coupon fulfillment when a verified lead should receive a unique coupon from your system before a coupon email is sent. This is separate from normal lead.captured webhooks: lead capture, owner alerts, regular webhooks, and normal campaign email rules continue after the lead is verified. Only rules with requiresCoupon: true wait for coupon fulfillment.
Requirements:
- The campaign goal must be
LEAD_CAPTURE. - Lead verification must be enabled with
EMAIL_OTPorEMAIL_REPLY_YES. - Coupon fulfillment must be enabled on the campaign.
- The coupon email rule must set
requiresCoupon: true. - The coupon email template should include
{{couponCode}}and any optional variables your webhook returns.
Enable Coupon Fulfillment
curl -sS -X PUT "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/campaigns/cmp_welcome/coupon-fulfillment" \
-H "Authorization: Bearer ${TENX_JWT}" \
-H "Content-Type: application/json" \
-d '{
"enabled": true,
"webhookUrl": "https://customer.example.com/10x/coupon",
"timeoutMs": 5000,
"maxAttempts": 3
}'The first enable response includes a one-time couponFulfillmentSecret. Store it in your webhook service. Later GET responses only include secretPreview, never the raw secret.
{
"handle": "acme",
"campaignId": "cmp_welcome",
"couponFulfillment": {
"enabled": true,
"webhookUrl": "https://customer.example.com/10x/coupon",
"timeoutMs": 5000,
"maxAttempts": 3,
"secretPreview": "cfs_ab...9Q2x",
"secretVersion": 1
},
"couponFulfillmentSecret": "cfs_full_one_time_secret"
}Rotate the webhook secret when needed:
curl -sS -X POST "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/campaigns/cmp_welcome/coupon-fulfillment/rotate-secret" \
-H "Authorization: Bearer ${TENX_JWT}"Create A Coupon Email Template
Coupon-dependent templates can use all normal lead variables plus:
| Variable | Source |
|---|---|
couponCode | Required couponCode returned by your webhook |
couponExpiresAt | Optional ISO timestamp returned by your webhook |
| Custom variables | Safe keys from variables in your webhook response |
Reserved names such as email, leadId, campaignId, name, and couponCode cannot be overridden inside variables.
Create A Coupon-Dependent Rule
curl -sS -X POST "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/campaigns/cmp_welcome/email-rules" \
-H "Authorization: Bearer ${TENX_JWT}" \
-H "Content-Type: application/json" \
-d '{
"trigger": "LEAD_CAPTURED",
"templateId": "tmpl_coupon",
"senderId": "sender_notifications",
"requiresCoupon": true,
"enabled": true
}'requiresCoupon: true is rejected with 409 coupon_fulfillment_required until coupon fulfillment is enabled on the campaign. Existing rules without requiresCoupon keep sending normally.
Webhook Request
10xDotIn calls your webhook after a verified lead needs a coupon and no valid cache exists for that campaign/email pair.
{
"eventType": "campaign.coupon.requested",
"eventId": "cfr_abc123",
"handle": "acme",
"tenantId": "tenant_123",
"campaignId": "cmp_welcome",
"leadId": "lead_123",
"email": "lead@example.com",
"leadEmailMasked": "le***@example.com",
"name": "Asha",
"phone": "+15551234567",
"fields": {
"plan": "pro"
},
"pageUrl": "https://acme.10x.in",
"verifiedAt": "2026-06-17T10:00:00.000Z"
}Headers:
Content-Type: application/json
X-10x-Event-Id: cfr_abc123
X-10x-Timestamp: 2026-06-17T10:00:00.000Z
X-10x-Signature: sha256=<hex>Verify the signature with HMAC SHA-256 over ${timestamp}.${rawBody}:
import crypto from "node:crypto";
function verify10xCouponSignature({ secret, timestamp, rawBody, signature }) {
const expected =
"sha256=" +
crypto.createHmac("sha256", secret).update(`${timestamp}.${rawBody}`).digest("hex");
const expectedBytes = Buffer.from(expected);
const signatureBytes = Buffer.from(signature || "");
return (
expectedBytes.length === signatureBytes.length &&
crypto.timingSafeEqual(expectedBytes, signatureBytes)
);
}Reject requests with missing headers, invalid signatures, or stale timestamps.
Webhook Response
Return HTTP 2xx with JSON:
{
"couponCode": "SAVE20",
"couponExpiresAt": "2026-06-18T12:00:00.000Z",
"variables": {
"discountPercent": "20",
"couponUrl": "https://example.com/apply?code=SAVE20"
}
}Response limits:
- Body must be valid JSON and no larger than 32 KB.
couponCodeis required and max 128 characters after trimming.couponExpiresAtis optional but must be an ISO timestamp if present.variablesis optional, max 25 keys.- Variable keys must match
/^[A-Za-z][A-Za-z0-9_]{0,63}$/. - String variable values are trimmed and max 512 characters.
Cache, Failure, And Retry Behavior
10xDotIn caches one coupon per verified normalized email and campaign for 24 hours. Repeat verified submissions from the same email in that window reuse the same coupon and can resend the coupon email without calling your webhook again.
Webhook timeouts, network errors, non-2xx responses, invalid JSON, invalid coupon responses, and oversized responses are retried. Default attempts are 3, with delayed retries. After terminal failure, coupon-dependent emails are not sent and the fulfillment is marked FAILED.
Look up a lead's coupon fulfillment state:
curl -sS "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/campaigns/cmp_welcome/coupon-fulfillments?email=lead@example.com" \
-H "Authorization: Bearer ${TENX_JWT}"Example failed response shape:
{
"handle": "acme",
"campaignId": "cmp_welcome",
"emailMasked": "le***@example.com",
"fulfillmentId": "cfr_abc123",
"cache": {
"status": "MISS",
"valid": false
},
"fulfillment": {
"status": "FAILED",
"fulfillmentId": "cfr_abc123",
"attempts": 3,
"maxAttempts": 3,
"lastError": "coupon_webhook_non_2xx"
}
}To retry a failed fulfillment, compute:
emailHash = sha256(lowercase(handle) + ":" + lowercase(campaignId) + ":" + lowercase(trim(email)))Then call:
curl -sS -X POST "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/campaigns/cmp_welcome/coupon-fulfillments/cfr_abc123/retry?emailHash=${EMAIL_HASH}" \
-H "Authorization: Bearer ${TENX_JWT}"If a valid cache already exists, retry releases waiting coupon emails without calling your webhook and returns status: "CACHE_HIT".
Create An Immediate Lead-Captured Rule
curl -sS -X POST "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/campaigns/cmp_welcome/email-rules" \
-H "Authorization: Bearer ${TENX_JWT}" \
-H "Content-Type: application/json" \
-d '{
"trigger": "LEAD_CAPTURED",
"templateId": "tmpl_lead_followup",
"senderId": "sender_notifications",
"enabled": true,
"variableMappings": {
"firstName": "firstName",
"service": "fields.service"
}
}'Response:
{
"rule": {
"ruleId": "cer_2f3ddf1b-7d15-4f70-83bb-1d28b91a42c5",
"campaignId": "cmp_welcome",
"trigger": "LEAD_CAPTURED",
"delayMinutes": null,
"templateId": "tmpl_lead_followup",
"senderId": "sender_notifications",
"variableMappings": {
"firstName": "firstName",
"service": "fields.service"
},
"requiresCoupon": false,
"enabled": true,
"version": 1,
"createdAt": "2026-06-12T08:00:00.000Z",
"updatedAt": "2026-06-12T08:00:00.000Z"
}
}Create A Delayed Follow-Up Rule
curl -sS -X POST "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/campaigns/cmp_welcome/email-rules" \
-H "Authorization: Bearer ${TENX_JWT}" \
-H "Content-Type: application/json" \
-d '{
"trigger": "LEAD_CAPTURED_DELAYED",
"delayMinutes": 1440,
"templateId": "tmpl_lead_followup",
"senderId": "sender_notifications",
"enabled": true
}'1440 schedules the email approximately one day after the lead-capture trigger.
Create A Conversion Rule
curl -sS -X POST "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/campaigns/cmp_welcome/email-rules" \
-H "Authorization: Bearer ${TENX_JWT}" \
-H "Content-Type: application/json" \
-d '{
"trigger": "CONVERSION",
"templateId": "tmpl_lead_followup",
"senderId": "sender_notifications",
"enabled": true
}'List Rules
curl -sS "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/campaigns/cmp_welcome/email-rules" \
-H "Authorization: Bearer ${TENX_JWT}"Update A Rule
Use expectedVersion when your UI or integration edits a rule to avoid overwriting a concurrent change.
curl -sS -X PUT "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/campaigns/cmp_welcome/email-rules/cer_2f3ddf1b-7d15-4f70-83bb-1d28b91a42c5" \
-H "Authorization: Bearer ${TENX_JWT}" \
-H "Content-Type: application/json" \
-d '{
"trigger": "LEAD_CAPTURED_DELAYED",
"delayMinutes": 2880,
"templateId": "tmpl_lead_followup",
"senderId": "sender_notifications",
"enabled": true,
"expectedVersion": 1
}'If the version has changed, the API returns 409 version_conflict.
Delete A Rule
curl -sS -X DELETE "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/campaigns/cmp_welcome/email-rules/cer_2f3ddf1b-7d15-4f70-83bb-1d28b91a42c5" \
-H "Authorization: Bearer ${TENX_JWT}"The delete is a soft delete and returns 204. Repeating the delete is safe.
Template Variables For Campaign Rules
Campaign-triggered sends render variables from the lead snapshot captured at trigger time. Default variables include:
| Variable | Source |
|---|---|
leadId | Lead id |
email | Lead email |
name | Lead full name |
firstName | Explicit first name or first word of name |
phone | Lead phone |
company | Lead company |
service | Lead service |
message | Lead message |
source | Lead source |
Use variableMappings to map template variables to either top-level lead fields or custom fields:
{
"variableMappings": {
"requestedService": "fields.service",
"companyName": "company"
}
}Mapping keys and values must be short safe identifiers containing letters, numbers, _, ., or -.
Delivery And Debugging
Campaign email rules create transactional email messages asynchronously when trigger jobs run. The final delivery worker validates the sender and domain again before sending. If a sender or domain becomes disabled after rule creation, the queued message can be denied instead of sent.
Inspect message state:
curl -sS "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/email/messages?limit=25" \
-H "Authorization: Bearer ${TENX_JWT}"Inspect one message timeline:
curl -sS "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/email/messages/msg_abc123" \
-H "Authorization: Bearer ${TENX_JWT}"Inspect events:
curl -sS "${TENX_API_BASE}/v2/handles/${TENX_HANDLE}/email/events?messageId=msg_abc123" \
-H "Authorization: Bearer ${TENX_JWT}"When listing events without messageId or recipient, include at least purpose or since.
Common Errors
| Status | Error | Meaning | Fix |
|---|---|---|---|
401 | missing_bearer_token | No bearer token was supplied | Send Authorization: Bearer <jwt> |
401 | Authorizer failure | JWT is expired, malformed, or not accepted by the API gateway authorizer | Obtain a fresh 10xDotIn/Product Suite JWT |
403 | forbidden | JWT user has no access to the handle or account | Grant the user handle access |
403 | insufficient_role | User has a lower role than required | Use an OPERATOR or OWNER user |
404 | account_domain_not_found | Domain is not attached to this account | Attach the domain first |
409 | domain_email_identity_not_ready | Domain email identity is not verified and ready | Fix DNS and reconcile identity |
400 | invalid_sender_id | Sender id is missing or does not start with sender_ | Use a valid sender id |
400 | sender_local_part_not_allowed | Sender local part is not in the allowlist | Use noreply, notifications, calendar, support, or hello |
404 | sender_profile_not_found | Sender profile does not exist | Create the sender profile |
409 | sender_profile_not_ready or sender_not_ready | Sender is disabled or paused | Enable or recreate a ready sender |
403 | sender_purpose_not_allowed | Direct send purpose is not allowed for sender | Add the purpose or use another sender |
409 | sender_missing_product_notification_purpose | Campaign rule sender lacks PRODUCT_NOTIFICATION | Add PRODUCT_NOTIFICATION to sender purposes |
404 | campaign_not_found | Campaign id does not exist for this handle | Create or correct the campaign id |
404 | email_template_not_found | Template id does not exist | Create or correct the template id |
409 | email_template_not_active | Template exists but is paused/inactive | Activate or update the template |
400 | invalid_trigger | Campaign email trigger is invalid | Use LEAD_CAPTURED, LEAD_CAPTURED_DELAYED, or CONVERSION |
400 | delay_minutes_required_for_delayed_trigger | Delayed trigger is missing delay | Provide delayMinutes |
400 | delay_minutes_below_minimum | Delay is shorter than 15 minutes | Use LEAD_CAPTURED or set delay to at least 15 |
400 | delay_minutes_above_maximum | Delay is longer than 30 days | Use a delay no greater than 43200 |
409 | version_conflict | Rule was edited since the caller read it | Re-read and retry with latest expectedVersion |
400 | consent_attestation_required | Direct send did not attest recipient consent | Set consentAttestation: true |
409 | email_recipient_suppressed | Recipient is suppressed for this tenant | Do not retry until suppression is resolved |
429 | email_quota_exceeded | Tenant email quota is exhausted | Retry after quota reset or reduce volume |
503 | transactional_email_queue_unavailable | Delivery queue is not configured or unavailable | Check target environment health |
Validation Checklist For External Developers
Before enabling automation for a customer:
- Confirm
GET /v2/account/domains/{domain}/email-identityreturnsidentity.status = "READY". - Confirm
GET /v2/handles/{handle}/email/sendersreturns the selected sender withenabled = true,status = "READY", and the required purpose. - Confirm
GET /v2/handles/{handle}/email/templatesreturns the selected active template. - Queue one direct test email with a unique
idempotencyKey. - Create a test campaign email rule on a test campaign.
- Trigger a test lead or conversion event.
- Confirm a message appears under
GET /v2/handles/{handle}/email/messages. - Confirm events show
SENTor a specific denial/failure reason.
Security Guidance
- Do not expose JWTs in browser logs, server logs, analytics payloads, or screenshots.
- Do not store user JWTs as permanent credentials. Treat them as session credentials and rotate/refresh through the product's normal auth flow.
- Do not use PATs for current email routes. They are not accepted on this surface.
- Do not write directly to DynamoDB tables. The APIs perform handle access, sender purpose, identity readiness, suppression, quota, and idempotency checks.
- For external BFFs, proxy only an allowlist of the routes in this document and preserve upstream status codes and error codes.
- For unattended server-to-server email automation, request a new 10xDotIn public PAT wrapper design instead of trying to reuse internal JWT-only routes.
Related Guide
For direct one-off email sending examples and message/event inspection, see Email Sending Through 10xDotIn.
Updated Jun 19, 2026