Email API that's HIPAA compliant by default
Quickly integrate secure, transactional email into your healthcare application with a powerful, easy-to-use API. BAA included.
const pbMail = require('paubox-node');
const service = pbMail.emailService();
const message = pbMail.message({
from: 'sender@yourdomain.com',
to: ['recipient@example.com'],
subject: 'Your first Paubox email',
text_content: 'This message was sent with the Paubox Node.js SDK.'
});
const response = await service.sendMessage(message);
console.log('Sent. Tracking ID:', response.sourceTrackingId);
Send emails with your favorite stack
Start sending in minutes. Pick your language to get started. Each SDK has its own dedicated guide.
An API endpoint for any use case
Do more with your email using flexible API endpoints. Send single or bulk messages, and power them with reusable dynamic templates.
$ paubox send \
--to patient@example.com \
--from noreply@yourclinic.com \
--subject "Your results are ready" \
--text "Securely delivered."
✓ Message queued · tracking_id 2a3c0484
Send from the command line
Fire off HIPAA compliant email straight from your terminal or CI pipeline. No application code required.
{"mcpServers":{"paubox":{"url":"https://mcp.paubox.com"}}}
Connect AI agents to compliant email
Let Claude and other AI agents send HIPAA compliant email through the Paubox MCP server to automate messages.
Host: smtp.paubox.com Port: 587 (STARTTLS) Username: your-api-username Password: your-api-key # Works with Nodemailer, ActionMailer, # smtplib, Postfix — anything that speaks SMTP.
A drop-in SMTP relay
Already have a mail library? Point it at the Paubox SMTP relay and send securely over TLS using the credentials you already have.
{"data":{"message":{"recipients":["patient@example.com"],"template_name":"appointment_reminder","template_values":{"first_name":"Alex","appt_date":"Jun 20, 2:30 PM"}}}}
Reusable dynamic templates
Store personalized, HIPAA compliant templates once and render them at send time with per-recipient values.
"content": {
"text/plain": "Your results are ready.",
"text/html": "<h1>Your results are ready</h1>
<p>View securely in your inbox.</p>"
}
Plain text and rich HTML
Send the same message as plain text and styled HTML. Recipients read it right in their inbox, on their phone, watch, or desktop, with no portal login.
Which product is right for me?
Tell us what you're trying to do and we'll point you to the right Paubox product.
Already sending elsewhere? Switch in an afternoon.
Follow a step-by-step guide to move your transactional email to Paubox from your current provider.
The API your compliance team can trust
Built from the ground up for healthcare, so a breach is never one misconfigured email away.
BAA included
A Business Associate Agreement is included with every plan. Send PHI without bolting on third-party tooling.
HITRUST certified
TLS 1.2+ encryption on every message and HITRUST certification backing the platform.
Deliverability at scale
Optimized inbox delivery with analytics in-app or via webhooks. Scale from your first email to millions.
How healthcare teams use the Email API
Test results
Automate result-ready notifications to patients and internal teams.
Appointment messages
Send confirmations and reminders programmatically to cut no-shows.
Referrals
Route referrals with patient details to specialty offices securely.
Help desk
Send support communications containing PHI without a portal.
Frequently asked questions
Everything you need to know about sending HIPAA compliant email with Paubox.
Yes. Every plan includes a signed Business Associate Agreement (BAA) and enforces TLS 1.2+ encryption by default, so messages are compliant out of the box.
Yes. A business associate agreement (BAA) comes with every plan, including the free tier. You can send protected health information (PHI) without adding third-party tooling or signing a separate agreement.
The Paubox Email API has official SDKs for Node.js, Ruby, Rails, Python, C#, Java, PHP, Perl, Go, and Rust. Each one has its own dedicated integration guide. You can also send over SMTP.
Get an API key, install the SDK for your language, and call the send endpoint with your recipients, subject, and content. Most teams send their first message in minutes. See full instructions in the developer documentation.
Both. You can send over the REST API or use the drop-in SMTP relay. The relay works with anything that sends over SMTP.
Yes. The Paubox Model Context Protocol (MCP) server lets Claude and other AI agents send HIPAA compliant email directly. Add the Paubox server to your MCP configuration with your API key, and agents can send across any use case you build.
Paubox is built specifically for healthcare and includes a BAA on every plan. General-purpose email APIs are not designed around HIPAA, and a BAA is often limited to higher tiers or unavailable. If you handle PHI, that difference determines whether you can use the service at all.
Yes. The API supports single sends, bulk sends, and reusable dynamic templates. Store a personalized template once and render it at send time with per-recipient values, so you write the message structure a single time and vary the details per patient.
You can send 300 emails per month for free, BAA included. Paid plans scale from there to millions of messages. See the pricing page for current tiers.
Most teams switch in an afternoon. Paubox has step-by-step migration guides for Mailgun, Postmark, Resend, SendGrid, and Amazon SES that walk through moving your transactional email over.
No. Recipients read the message directly in their inbox on a phone, watch, or desktop, with no portal login. You can send the same message as plain text and styled HTML.
Send 300 emails per month, free
Integrate HIPAA compliant email in minutes — easy for recipients to read, available in 10 languages.
