Safer defaults for the email creation API

文章列表

Compulsive curiosity, or, how I built an infinite idea machine Gift details on the subscriber portal Portal link in the archive nav The physicists who convinced Fermilab to send Brazil's emails First, add no friction: How micropayments lost and subscriptions won Filter subscribers and automations by source Automations, rebuilt What email will look like in the future Filter subscribers by bounce date and reason Email could have been X.400 times better Three features are moving behind the paywall Firewall changes and improvements Put your name and voice into your company newsletter Simplified email address settings Subscription wall Inboxes were overwhelming before we'd even named them The US government tried really hard to screw up email Public postmortem: database connection exhaustion Ask a nerd: what is the best way to unsubscribe from newsletters? Bookshop.org embeds Email was into agents before they were cool Passwordless login Rename metadata keys in bulk A spring cleaning for our legal docs Ask a nerd: what happens when you click the spam button? Passkey support for two-factor authentication How Buttondown's API versioning works How to send email to space How we enabled Content Security Policy for everyone Recovery codes for two-factor authentication Filter sent emails by engagement rate How we migrated to TypeIDs without breaking clients How we check every link in your email Use newsletter metadata in your emails Should we bring back email exploders? Sort and filter by open and click rates Custom click tracking domains More newsletter settings in the API Revamped replies Custom email templates for everyone Simplified cancellation Ask a Nerd: Does email length affect deliverability? The changelog, reborn Swedish localization Forwarding an email is not always straightforward Public descriptions for tags OpenAPI spec for archives How Rodrigo brings a humanistic view to consumer technology Subscribers can come from anywhere. Even another newsletter platform's form. Survey responses on the web How Brandon Lucas Green shares his music and supports artists Your newsletter's archives are more valuable than your list Better tag self-management Smarter automation filters Granular API keys Snippets New design settings pages Ask A Nerd: How does newsletter cadence affect deliverability? Starred views More ways to customize your archives Inbox filtering Mastodon follower analytics Ask a Nerd: What are good open, click, and response rates for an email newsletter? How we migrated our database to PlanetScale Two new archive themes Custom buttons now work in Markdown mode Ask a Nerd: Does attaching files to your newsletter hurt deliverability? Seline and Tinylytics support Unban subscribers Bang paths, source routing, and how email trips were planned Public postmortem: archive downtime Announcement bars for your archives 2025 disposables.app Russian localization Ask a Nerd: Can you improve email deliverability with a personal domain? More locale options How we interview customers at Buttondown Bluesky analytics Reply to conversations Minimum viable complexity How Jeffery Hicks goes behind-the-scenes in his newsletter Changes to our stack in 2025 2026: Emails What the hell is a UTM? TK reminders in the editor Randomize survey answer order Why we insourced analytics Scroll sync in the editor 2026: Archives How Jamie Thingelstad uses Buttondown to explore tech topics How Kelly Jensen uses Buttondown to discuss key library issues Keeping feature creep at bay Improved filters Content Security Policy in archives Open source Sniperl.ink Auto-activating RSS reader subscriptions What the hell is ActivityPub? Gift subscriptions How Igor Ranc built Berlin's largest expat tech newsletter

Justin Duke · 2026-03-07 · via

Buttondown's REST API has always tried to adhere to good RESTful conventions. A POST to /v1/emails creates a new email, and if you don't specify a status, we've historically assumed you want to send it — so the default has been about_to_send. Makes sense in theory, but in practice it catches people off guard. Nobody expects a quick test request to fire off an email to their entire subscriber base.

We've cut a new API version — 2026-04-01 — to make this a little safer. The endpoint behaves identically, with two exceptions:

You only need to supply the header once per API key. After the first successful send, all subsequent POST requests with about_to_send will go through without it. Think of it as a "yes, I know what I'm doing" handshake.

# First time: include the header
curl -X POST https://api.buttondown.com/v1/emails \
  -H "Authorization: Token your-api-key" \
  -H "X-API-Version: 2026-04-01" \
  -H "X-Buttondown-Live-Dangerously: true" \
  -d '{"subject": "Hello!", "body": "...", "status": "about_to_send"}'

# After that: no header needed
curl -X POST https://api.buttondown.com/v1/emails \
  -H "Authorization: Token your-api-key" \
  -H "X-API-Version: 2026-04-01" \
  -d '{"subject": "Hello again!", "body": "...", "status": "about_to_send"}'

If you're not sure which API version you're on, check your API keys page — it shows the version for each key.

此内容由惯性聚合(RSS阅读器)自动聚合整理，仅供阅读参考。原文来自 — 版权归原作者所有。

推荐订阅源

文章列表