Skip to main content

Documentation Index

Fetch the complete documentation index at: https://support.bolt.new/llms.txt

Use this file to discover all available pages before exploring further.

Many Bolt features rely on email to communicate with users. Common examples include authentication flows like email verification and password reset, along with application events like order confirmations and product updates. In Bolt, email sending fits closely with your database configuration:
  • Your database manages users and authentication
  • Secrets stored in database settings protect sensitive credentials
  • Server functions use those secrets to send email through external services
This guide explains how to connect an email service to your Bolt project so your application can send email securely and reliably. You may only need to send email from your app code, or you may also want to send auth emails from your own domain. They’re separate, so you can do one or both of the processes described here, depending on your needs.

How email works with Bolt databases

When your project has a Bolt database, you have access to several interrelated features:
  • Authentication handles user sign-up, login, and password reset flows.
  • Secrets store sensitive values like API keys so they’re never exposed to client code.
  • Server functions run trusted server-side logic that can send email, call external APIs, and interact with your database.
Email services integrate through server functions using API keys stored as secrets in your database settings. This setup keeps credentials secure and ensures email logic runs on the server.

Choose an email service

Before setting up email notifications, choose an email provider to deliver your messages. Popular options include:
  • Resend (often used by Bolt by default)
  • Mailgun
  • Postmark
  • SendGrid
Bolt server functions can work with any provider that exposes an HTTP API.
When choosing a service, consider:
  • Email volume: how many messages you expect to send each month
  • Email type: transactional messages, marketing campaigns, or both
  • Setup complexity: how quickly you can create an account and generate an API key

Let Bolt choose your email service

If you ask Bolt for email notifications without selecting a provider, Bolt typically uses Resend. It integrates cleanly with Bolt’s infrastructure and requires minimal setup. When Bolt uses Resend, the email infrastructure is prepared automatically, but you still need to add your own Resend API key so Resend can send emails on your behalf.

Set up email notifications using a third-party service

The following steps use Resend, which is commonly used with Bolt. If you prefer, you can choose a different email service provider. Using a different provider changes only how you create the account and API key in Part 1.

Prerequisites

Before a third-party service can send emails from your app, make sure you have:

Configure email notifications

1

Create an API key in Resend

  1. Create an account at https://resend.com/onboarding using email, Google, or GitHub.
  2. Follow Resend’s API key documentation to create a new API key.
  3. Copy the API key and store it securely. You may not be able to view it again later.
The key will look similar to the following: re_CQmFPLaM_siCReVwuKEYvFXMRuSAMPLEz
2

Add the API key to your Bolt project

  1. Open your Bolt project.
  2. At the top center of the screen, click the database icon.
  3. In the left navigation menu, click Secrets.
If Secrets doesn’t appear, your project doesn’t have a database yet.
  1. Create a new secret with the following values:
    • Name: RESEND_API_KEY
      The name is case-sensitive.
    • Value: <insert your resend API key>
  2. Click Create secret.
This allows your server functions to authenticate with Resend and send email.
3

Add your Bolt domain in Resend

After adding your Resend API key to your Bolt project, add your published project domain to Resend.
  1. Log in to your Resend account.
  2. In the left menu, click Domains.
  3. Click Add Domain.
  4. Under Name, enter your primary Bolt domain. For example, mysite.bolt.host
  5. Select your preferred region.
  6. Click Add Domain.
  7. Keep this page open, as you’ll need the information in Part 4.
4

Add your Resend DNS records in Bolt

The final step in setup is to add the DNS records created by Resend to your project.Where you add them depends on your domain setup:
  • If your domain was created through Bolt, follow the steps below.
  • If you registered it through a third-party registrar such as Namecheap, GoDaddy, or Cloudflare, add the records in that registrar’s dashboard instead.
  1. Log in and open any Bolt project.
  2. In the top right of your screen, click your profile icon, then click Settings.
  3. In the left navigation menu, click Cloud.
  4. Scroll down to the Custom domains section and identify the domain you want to update.
  5. On the right side of the domain’s row, click the three dots, then click Open domain settings.
  6. Click Add new record.
  7. Select your record type, then fill in its values based on the information shown in the Resend → Domains page from Step 3.
  8. Click Save.
  9. Create additional Resend records as necessary.
5

Verify your email setup

After completing the steps above, email sending should start working once the domain records finish resolving. This usually takes 10 to 20 minutes, though in some cases it can take a few hours.After giving your DNS records some time to resolve, you can verify the setup by:
  • Triggering an email in your application and confirming it arrives
  • Checking the Resend dashboard for delivery logs or errors

Send Supabase auth emails from your own domain

The steps above cover emails your app sends from code, such as order confirmations and in-app notifications. If your project uses Bolt’s authentication features like email sign-up or password reset, there’s a second type of email to consider: auth emails. Bolt’s authentication is powered by Supabase, which can send auth emails automatically on your behalf. They include password reset links, email verification messages, and magic link sign-ins. By default, Supabase routes auth emails through its address ([email protected]). To send them from your own domain instead, you configure custom SMTP (Simple Mail Transfer Protocol). SMTP is the standard protocol for sending email. Custom SMTP tells Supabase to route auth emails through your email provider rather than its default server. If you want auth emails to come from your own domain, follow the steps below. If you only need to send application notifications and other custom emails from your app code, you set that up already in Set up email notifications using a third-party service.

Prerequisites

Before you can send auth emails from your own domain, make sure you have: Steps 1 through 3 below walk you through the Resend and database setup if you haven’t done it yet.

Configure custom SMTP for Supabase auth emails

1

Claim your database

Custom SMTP requires your Supabase project to be under your own Supabase account. Bolt-managed databases run on shared Supabase infrastructure, where custom SMTP settings don’t apply. Without this step, SMTP settings will appear to save correctly but auth emails will continue to come from Supabase’s default address.If your project is already connected to your own Supabase account rather than a Bolt-managed database, you can skip this step.
  1. In your Bolt project, at the top center of the screen, click the database icon.
  2. In the left navigation menu, click Advanced.
  3. Click Claim.
  4. Follow the prompts to transfer the Supabase project to your own Supabase account. Make sure you have an account at supabase.com and that your browser allows popups for bolt.new.
If the claim process doesn’t complete or the Supabase window doesn’t appear, do these steps before trying again:
  1. Log out of both Bolt and Supabase, then log back in.
  2. Under Settings > Applications, disconnect and reconnect the Supabase integration.
2

Verify a domain in Resend

Your sender email address must use a domain you’ve verified in Resend. Verification proves you own the domain and authorizes Resend to send email from it. This is separate from any API key you may have already set up for app notifications.
  1. Log in to your Resend account.
  2. In the left menu, click Domains.
  3. Click Add Domain.
  4. Enter your domain (for example, yourdomain.com), then click Add.
  5. Add the DNS records Resend provides to your domain registrar. Wait until all records show as verified before continuing.
3

Create a dedicated Resend API key for SMTP

Create a separate API key specifically for SMTP. If you already have a Resend API key from setting up app notifications, don’t reuse it. Keeping them separate makes it easier to manage permissions and debug issues later.
  1. In your Resend dashboard, click API Keys.
  2. Click Create API Key.
  3. Give the key a descriptive name, such as Supabase SMTP.
  4. Copy the key immediately and store it somewhere safe. You won’t be able to view it again.
4

Configure SMTP in Supabase

  1. Open your Supabase project dashboard.
  2. Navigate to Authentication > Email > SMTP Settings.
  3. Turn on Enable custom SMTP.
  4. Fill in the following values:
FieldValue
SMTP Hostsmtp.resend.com
Port465
Usernameresend
PasswordYour Resend SMTP API key from Step 3
Sender emailAn address at your verified domain, such as [email protected]
The sender email must use the exact domain you verified in Resend in Step 2. If it doesn’t match, Supabase won’t be able to send through Resend.
  1. Click Save.
5

Test your setup

Trigger an auth email in your application, such as a password reset request, and confirm it arrives from your custom domain. You can also check delivery logs in your Resend dashboard.DNS changes and SMTP configuration can take a few minutes to take effect. If you don’t receive emails right away, wait a few minutes and try again.

Customize auth email templates

After you configure custom SMTP, you can also update the content of auth emails to match your branding. You can do this in two places:
  • In Bolt: Go to Database > Authentication > Email, then click Edit email templates.
  • In Supabase: In your Supabase project, navigate to Authentication > Email Templates.
Both give you access to the same templates, including password reset, invite, magic link, and email verification.

Troubleshooting

If the API key is missing or misconfigured, you may see the following error: The following secrets are used in the code but don't exist yet: RESEND_API_KEY If email isn’t being delivered, check the following:
  • Confirm the secret name is exactly RESEND_API_KEY
  • Verify the API key value is correct and active
  • Check your email quota with your provider
  • Review your Bolt project logs for server function errors

Mailgun example

The following example shows a server function sending email with Mailgun (as opposed to Resend) using fetch(): 
const res = await fetch(`https://api.mailgun.net/v3/${MAILGUN_DOMAIN}/messages`, {
  method: "POST",
  headers: {
    Authorization: `Basic ${btoa(`api:${MAILGUN_API_KEY}`)}`,
  },
  body: new URLSearchParams({
    from: "[email protected]",
    to: email,
    subject: "Hello from Mailgun",
    text: "Your notification is working!",
  }),
});