Unsubscribe and GDPR
Public unsubscribe page, {{unsubscribeUrl}}, and contact.unsubscribed webhooks.
Every marketing email must include a one-click unsubscribe link. MailingCore generates signed tokens and hosts a public confirmation page — no API key required for recipients.
Unsubscribe URL in templates
Add the placeholder in your campaign or template HTML:
<a href="{{unsubscribeUrl}}">Unsubscribe</a>
At send time, MailingCore replaces {{unsubscribeUrl}} with a signed link such as:
https://api.mailingcore.com/u/eyJhbGciOiJIUzI1NiIs...
Recipients can also override the page language with ?lang=:
https://api.mailingcore.com/u/eyJ...?lang=es
Supported languages include es, en, it, fr, ca, and de.
You can set a default language per send with unsubscribeLang on POST /emails/send or in campaign configuration.
Public endpoints
No authentication. The token encodes tenant, contact, and campaign context.
| Method | Endpoint | Behavior |
|---|---|---|
GET | /u/:token | Shows confirmation page |
POST | /u/:token | Confirms unsubscribe |
# Preview the page (browser)
curl "https://api.mailingcore.com/u/TOKEN?lang=en"
# Confirm unsubscribe
curl -X POST "https://api.mailingcore.com/u/TOKEN"
After confirmation:
- The contact is marked as unsubscribed /
optIn: false - The email is added to the suppression list
- A
contact.unsubscribedwebhook fires (if configured)
See Outbound webhooks.
GDPR erasure via API
For a full right-to-be-forgotten request from your backend:
DELETE /contacts/{externalId}
Authorization: Bearer mc_live_xxxx
X-Tenant-Id: clxxxxxxxx
Requires contacts:write. This removes the contact record; unsubscribes only block future sends without deleting data.
Integration checklist
Add {{unsubscribeUrl}} to templates
Place the link in the footer of every newsletter template version you publish.
Handle contact.unsubscribed
Register a webhook endpoint and sync opt-out status back to your CRM.
Honor suppressions
Do not re-import opted-out contacts with
optIn: truewithout fresh consent.