Setup Your Workspace

This guide walks you through configuring your TrackPost workspace for production use. Follow these steps to connect AWS SES, verify your domains, and set up proper API key management.

Prerequisites

Before starting:

• TrackPost account (with confirmed email)
• AWS account with SES access
• A domain you own (e.g., yourcompany.com)
• Administrative access to your domain’s DNS settings

Step 1: Connect Your AWS Account

TrackPost uses your own AWS SES account for sending. This gives you full control over your reputation and deliverability.

1.1 Create AWS Credentials

1. Log in to your AWS Console
2. Navigate to IAM → Users → Create user
3. Enter a username (e.g., trackpost-ses)
4. Attach the following policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ses:SendEmail",
        "ses:SendRawEmail",
        "ses:GetSendQuota",
        "ses:GetIdentityVerificationAttributes",
        "ses:GetIdentityNotificationAttributes",
        "ses:VerifyEmailIdentity",
        "ses:VerifyDomainIdentity",
        "ses:SetIdentityNotificationTopic",
        "ses:SetIdentityFeedbackForwardingEnabled"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "sns:CreateTopic",
        "sns:Subscribe",
        "sns:Publish",
        "sns:ConfirmSubscription"
      ],
      "Resource": "*"
    }
  ]
}

5. Create access keys for this user (save the Access Key ID and Secret Access Key)

1.2 Add Credentials to TrackPost

1. Go to your TrackPost Dashboard
2. Navigate to Settings → AWS Configuration
3. Enter your AWS credentials:
   • Access Key ID: From step above
   • Secret Access Key: From step above
   • AWS Region: Your preferred SES region (e.g., us-east-1, eu-west-1)
4. Click Save Configuration

Step 2: Verify Your Sending Domain

You must verify any domain you want to send emails from. This proves you own the domain.

2.1 Start Domain Verification

1. In the TrackPost dashboard, go to Domains
2. Click Add Domain
3. Enter your domain (e.g., yourcompany.com)
4. Click Add Domain

2.2 Configure DNS Records

TrackPost will provide DNS records to add to your domain. You’ll see:

• TXT Record for domain verification
• TXT Records for SPF (Sender Policy Framework)
• TXT Records for DKIM (DomainKeys Identified Mail)

Example DNS configuration:

2.3 Add Records to Your DNS

Add these records through your domain registrar or DNS provider:

• Cloudflare: DNS → Records → Add Record
• GoDaddy: My Products → DNS → Manage
• Route53: Hosted Zones → Your Domain → Create Record
• Namecheap: Domain List → Manage → Advanced DNS

2.4 Wait for Verification

DNS changes can take anywhere from a few minutes to 48 hours to propagate. You can check verification status in the TrackPost dashboard:

• Pending: Still waiting for DNS
• Verified: Domain is ready for sending
• Failed: Check your DNS records for errors

Step 3: Set Up DMARC

DMARC (Domain-based Message Authentication) protects your domain from spoofing and improves deliverability.

3.1 Create DMARC Record

Add this TXT record to your DNS:

3.2 Choose Your Policy

• p=none: Monitoring mode (recommended initially)
• p=quarantine: Suspicious emails go to spam
• p=reject: Block suspicious emails entirely

Start with p=none, monitor reports for a few weeks, then upgrade to p=quarantine or p=reject.

Step 4: Configure API Keys

4.1 Generate Live API Key

1. Go to API Keys in the dashboard sidebar
2. Click Create API Key
3. Enter a name (e.g., “Production API Key”)
4. Select Live mode
5. Set rate limits (optional):
   • Per-minute limit (default: 60)
   • Daily limit (optional)
   • Monthly limit (optional)
6. Click Generate

Important: Copy the key immediately - it won’t be shown again!

4.2 Organize Multiple Keys

Create separate keys for different environments:

4.3 Secure Your Keys

• Never commit API keys to git repositories
• Use environment variables or secret management tools
• Rotate keys regularly (every 90 days recommended)
• Revoke unused keys immediately

# .env file (add to .gitignore!)
TRACKPOST_API_KEY=tp_live_your_production_key
TRACKPOST_TEST_KEY=tp_test_your_test_key

Step 5: Configure Webhooks

Webhooks notify your application in real-time about email events (delivered, bounced, opened, clicked).

5.1 Create Webhook Endpoint

1. Go to Webhooks in the dashboard
2. Click Add Webhook
3. Enter your endpoint URL (must accept POST requests)
4. Select events to receive:
   • email.sent - Email queued for delivery
   • email.delivered - Email delivered to recipient
   • email.bounced - Email bounced
   • email.complained - Recipient marked as spam
   • email.opened - Recipient opened email
   • email.clicked - Recipient clicked a link
5. Click Create Webhook

5.2 Implement Webhook Handler

Your endpoint should return a 200 status code for successful processing:

// Express.js example
app.post('/webhooks/trackpost', (req, res) => {
  const event = req.body;
  
  switch (event.type) {
    case 'email.delivered':
      // Update your database
      break;
    case 'email.bounced':
      // Handle bounce (e.g., flag email address)
      break;
    case 'email.opened':
      // Track engagement
      break;
  }
  
  res.status(200).send('OK');
});

See the Webhooks Guide for full details.

Step 6: Test Your Setup

6.1 Send a Test Email

Use your live API key to send a test email:

curl -X POST https://api.trackpost.de/v1/emails \
  -H "Authorization: Bearer tp_live_your_key" \
  -H "Content-Type: application/json" \
  -d '{
    "to": "[email protected]",
    "from": "[email protected]",
    "subject": "TrackPost Production Test",
    "html": "<h1>Production setup complete!</h1>"
  }'

6.2 Verify Delivery

Check that:

1. Email appears in your dashboard
2. Status shows “delivered”
3. You receive webhook notifications (if configured)
4. Email arrives in your inbox (not spam folder)

6.3 Check Authentication Headers

View the email headers to verify SPF, DKIM, and DMARC are working:

Authentication-Results: spf=pass; dkim=pass; dmarc=pass

Production Checklist

Before launching to production, verify:

• AWS credentials configured and working
• Domain verified (showing “Verified” in dashboard)
• SPF, DKIM, and DMARC DNS records added
• Live API key generated and secured
• Webhooks configured (optional but recommended)
• Test email sent and received successfully
• Email landed in inbox (not spam)
• Error handling implemented in your code
• Rate limiting understood (60 req/min on free plan)

Next Steps

Your workspace is now configured for production! Next:

1. Create Email Templates - Build reusable templates
2. Set Up Tracking - Monitor opens and clicks
3. Review Best Practices - Optimize deliverability
4. Monitor Usage - Track your email volume and performance

Troubleshooting Common Issues

“AWS credentials invalid” Error

• Verify the Access Key ID and Secret Access Key are correct
• Check that the IAM user has the required SES permissions
• Ensure the AWS region matches where your SES is configured

Domain verification stuck on “Pending”

• Double-check DNS records are exactly as shown in TrackPost
• Wait longer (up to 48 hours for DNS propagation)
• Use whatsmydns.net to check propagation
• Verify you’re adding records to the correct domain

Emails going to spam

• Ensure SPF, DKIM, and DMARC are all configured
• Check your sending domain’s reputation
• Avoid spammy content (all caps, excessive links, etc.)
• Warm up your sending reputation gradually

Rate limit errors

• Check your current usage in the dashboard
• Consider upgrading your plan for higher limits
• Implement exponential backoff in your code

Need help? Visit our Troubleshooting Guide or contact support.