Last Updated: 2026-03-11 This guide documents how to configure email and SMS notification services for the Encore OS Platform.
Table of Contents
- Overview
- Email Service (Entra ID & Gmail)
- SMS Service (RingCentral)
- Template Configuration
- Rate Limiting & Quotas
- Cost Optimization
- Error Handling
- Testing
- Troubleshooting
Overview
Encore OS uses external services for email and SMS delivery:- Email: Microsoft Entra ID (Graph API) or Gmail (Google Workspace) — org-level sending. Configure per organization in HR Settings and Settings → Integrations.
- SMS: RingCentral (primary provider)
send-email-notification- Single notification deliverysend-pending-notifications- Batch processinghr-portal-invite,hr-reference-request,hr-send-communication,hr-test-email- HR recruitmentautomation-executor- Workflow send-email actions- Signature flows:
send-signature-request,send-signature-reminder,auto-signature-remindersuse the shared email-provider (Entra/Gmail) per organization.
Email Service (Entra ID & Gmail)
Org-level email supports two providers. Choose one per organization in HR → Settings → Email Provider (and optionally set a fallback).Microsoft Entra ID (recommended)
1
Mail.Send).pf_organizations.settings.entra_sender_email).Gmail (Google Workspace)
1
https://www.googleapis.com/auth/gmail.send.recruiting@yourcompany.com). This is stored in pf_organizations.settings.gmail_sender_email.GMAIL_SERVICE_ACCOUNT_JSON (full JSON key for the service account).
Edge functions: All email senders use supabase/functions/_shared/email-provider.ts; no separate provider-specific integration is required beyond Entra/Gmail configuration.
SMS Service (RingCentral)
1. Create a RingCentral App
1
2. Get Credentials
Client ID / Client Secret:- Open your app → Credentials
- Copy the Client ID and Client Secret
1
1
ringcentral_sms_phone_number)3. Set Supabase Secrets
4. Configure Edge Function
Edge Function:sms-send
Required Secrets:
RINGCENTRAL_CLIENT_IDRINGCENTRAL_CLIENT_SECRETRINGCENTRAL_JWT_TOKEN
supabase/functions/sms-send/index.ts
Template Configuration
Email Templates
Template Variables:- Use
{{variable_name}}syntax - Variables replaced at send time
- Case-sensitive
SMS Templates
Message Limits:- Single SMS: 160 characters
- Messages > 160 characters are truncated
- Use concise templates
Rate Limiting & Quotas
Email (Entra / Gmail) Limits
Microsoft Graph (Entra): Throttling and quotas apply per tenant; see Microsoft documentation. Gmail API: Quotas and sending limits apply per Google Cloud project and per user; see Google documentation.RingCentral Limits
Sandbox Account:- Limited to numbers on the developer account
- SMS only to allowed numbers
- Subject to your RingCentral plan’s SMS allotment
- Pay/throttle per plan terms
- RingCentral enforces per-app/per-extension SMS rate limits
- Throttling may occur at high volumes
Platform Limits
Encore OS Rate Limiting (Planned):- Email: Max 100 emails/hour per organization
- SMS: Max 50 SMS/hour per organization
- Enforced in edge functions
Cost Optimization
Email Costs (Entra / Gmail)
Entra: Included with Microsoft 365 licensing; Graph API usage subject to tenant limits. Gmail: Subject to Google Workspace and Gmail API quotas; no per-message fee for typical org usage. Optimization Tips:1
send-pending-notifications for batch processingSMS Costs (RingCentral)
Pricing:- Included in your RingCentral plan’s SMS allotment; overage billed per RingCentral terms
- International: Varies by country
- MMS: Higher cost
1
Cost Monitoring
Email providers (Entra/Gmail):- Monitor provider dashboards for delivery volume, throttling, and failures
- Configure provider-side alerts/notifications for quota and auth issues
- Admin console / analytics shows SMS usage
- Monitor plan allotment and overage
Error Handling
Email Errors
Entra (Graph API): 4xx/5xx from Graph; check tenant, app permissions, and sender identity. Gmail API: 4xx/5xx from Gmail; check service account, domain-wide delegation, and sender email. Error Handling: The sharedemail-provider returns EmailSendResult with success and errorMessage; callers update notification status and log accordingly.
SMS Errors
Common Error Codes:400- Invalid phone number403- Account suspended or insufficient permissions500- RingCentral service error
Retry Logic
Current Implementation:- No automatic retries
- Failed notifications marked as
failedin database - Manual retry via
send-pending-notifications
- Automatic retry with exponential backoff
- Max 3 retries
- Alert on persistent failures
Testing
Test Email Delivery
Development:- Send to verified email addresses
- Check Supabase function logs and provider dashboards (Entra/Gmail) for delivery status
Test SMS Delivery
Development:- Use a RingCentral sandbox app for testing
- Send to allowed phone numbers (sandbox)
- Check the RingCentral console for delivery status
Test Templates
Test Template Variables:Troubleshooting
Issue: Email Not Sending
Symptoms:- No email received
- Function returns success but no email
1
gmail_sender_email in Settings → Integrations → Gmail. Confirm domain-wide delegation for gmail.send.Issue: SMS Not Sending
Symptoms:- No SMS received
- Function returns error
1
+1234567890Issue: Template Variables Not Replaced
Symptoms:- Email/SMS contains
{{variable}}literally
1
{{variable_name}}Issue: Rate Limit Exceeded
Symptoms:- 429 errors from email provider or RingCentral
- Notifications fail
1
send-pending-notifications for batch processingIssue: High Costs
Symptoms:- Unexpected charges from RingCentral (or cloud provider)
1
Best Practices
1. Email Best Practices
- Use verified domains (Entra: org mailbox; Gmail: Workspace domain)
- Set up SPF/DKIM/DMARC per your domain
- Monitor bounce rates and handle bounces
- Use templates for consistency
- Test templates before production use
- Monitor delivery via Supabase logs and provider dashboards (Graph / Gmail)
2. SMS Best Practices
- Use SMS only for urgent notifications
- Keep messages concise (< 160 characters)
- Include opt-out instructions (if required)
- Verify phone numbers before sending
- Monitor delivery rates in the RingCentral console
- Handle failed deliveries gracefully
3. Security
- Never log full email addresses or phone numbers
- Sanitize user input in templates
- Validate email/phone formats before sending
- Use HTTPS for all API calls
- Rotate API keys regularly
- Monitor for abuse (unusual sending patterns)
Related Documentation
- Edge Functions:
docs/integrations/EDGE_FUNCTIONS.md - Environment Variables:
docs/development/ENVIRONMENT_VARIABLES.md - Secrets Management:
docs/security/SECRETS_MANAGEMENT.md - Notifications:
specs/pf/specs/PF-10-notification-system.md
Document Owner: Platform Team
Review Frequency: Quarterly
Last Updated: 2025-01-07