Core Concepts
Environments
Every workspace has two isolated environments: Production and Test. Each environment has its own templates, integrations, user profiles, API keys, and log data. Changes in one environment never affect the other until you explicitly migrate assets. Use Test for development and QA; use Production for live traffic. You can switch environments from the settings menu in the lower-left corner of the dashboard. See Environments, API Keys, and Assets for details on switching, migrating assets, and scoping keys.API Keys
Each environment has its own set of API keys scoped to specific permissions (published or draft access). You can create multiple keys per environment for different services or team members. Keep Production keys out of client-side code; use Test keys during development. See Environments, API Keys, and Assets for key management and permission scoping.Team Access
Courier supports four roles: Administrator (full access), Editor (create and edit templates), Viewer (read-only), and Developer (API access only). Assign the narrowest role each team member needs. See Roles & Permissions for a full breakdown of what each role can do.Security
Require Google SSO or Okta SSO to control how team members authenticate. Make your workspace discoverable so colleagues with matching email domains can request access, or lock it down so members must be added manually. See Team Security for setup steps.Configuration
You can manage workspace-level settings from Settings > General, including tracking, tenant behavior, and webhooks.
Email Open and Click Tracking
You can enable open and click tracking for email notifications in Settings > General. This applies to your Production environment. Some providers require additional configuration on their end:- SendGrid: Enable Tracking Settings in your SendGrid dashboard
- Mailgun: Enable Tracking Messages in Mailgun
Outbound Webhooks
Subscribe to webhook events (sent, delivered, opened, clicked, undeliverable, and more) to push notification lifecycle data into your own systems. See Outbound Webhooks for event types, payload format, and setup.EU Data Residency
If you need to keep data within the EU, Courier offers a dedicated EU datacenter. See EU Datacenter for migration steps and endpoint configuration.Common Patterns
Single workspace (most teams): One workspace with Production and Test environments covers the majority of use cases. Use roles and API key scoping to control access. Separate workspaces per product: If you ship multiple products with different notification stacks, separate workspaces keep templates, integrations, and analytics cleanly isolated. Separate workspaces for data residency: Use an EU workspace for customers who require EU data residency and a US workspace for everyone else.FAQ
Can I move templates between workspaces?
Can I move templates between workspaces?
Yes. Export a template from one workspace and import it into another. Within a single workspace, you can migrate templates between Production and Test environments. See Environments, API Keys, and Assets for details.
What happens if I switch from Production to Test?
What happens if I switch from Production to Test?
Switching environments only changes your dashboard view. It does not affect live notifications or any data in either environment.
How do I enforce SSO for my team?
How do I enforce SSO for my team?
Go to Settings > Team and enable “Require Google SSO” for your approved domains, or set up Okta SSO if you use Okta. Once enabled, all team members must authenticate through SSO.
Can I restrict API key permissions?
Can I restrict API key permissions?
Yes. Each API key is scoped to a specific environment and permission level (published or draft). Create separate keys for different services so you can rotate or revoke them independently.