Send SMTP Email

Updated in 2026.3

Description

In Cognigy.AI 2026.4.0, the OAuth2 authentication method for the Send SMTP Email Node was deprecated. The removal of this authentication method is scheduled for the release of Cognigy.AI 2026.16.0. To avoid disruptions in AI Agents using OAuth2 in this Node, migrate to the OAuth2 Client Credentials authentication method before the removal date.

Use the Send SMTP Email Node to send an email via an SMTP connection to a recipient.

Parameters

Email Service Configuration

Some email providers, such as Gmail, require you to configure your mail account to allow sending mail via SMTP before you can use it.

Parameter	Description
Email Service	Select the Email Provider of the address you want to send from. If yours is not listed, you can select Other SMTP Service to do a manual configuration.
SMTP Settings	Depending on which Email Service selected above, you need to either enter your login credentials for that service or for the full SMTP connection information in case you selected the “Other SMTP Service” option.
Recipient TO Email Addresses	Comma-separated list of email addresses to send the email to.
Email Subject	The subject of the email.
Email Content	The content of the email. The field supports basic rich text editing.

Authentication

You can use one of the following authentication methods:

OAuth2 Client Credentials (recommended)
OAuth2 (deprecated)
Basic Auth

OAuth2 Client Credentials is a token-based authentication method. It uses a client ID and client secret to obtain an access token and authenticate with the email provider. This authentication method provides a higher level of security than Basic Auth and doesn’t require refresh tokens.To create a connection, follow these steps:

Next to the OAuth2 Client Credentials Parameters setting, click +.
Add a new connection or use an existing one:
- Connection name — enter a unique connection name.
- Token Endpoint URL — enter the email provider URL to retrieve the access token.
- Client ID — enter the registered client ID of the application.
- Client Secret — enter the registered client secret of the application.
- (Optional) Scope — enter the scope of the access token, as defined in RFC 6749. Some email providers require the scope to be set. For example, use https://outlook.office365.com/.default if you’ve selected Office365 for the Email Service parameter. Refer to your email provider’s documentation to find the correct scope.
- User — enter the email address from which the email is sent.
Click Create.

OAuth2 is a token-based authentication method. It uses access tokens generated by the service provider to grant authorization for client applications to access user data. Access tokens are unique identifiers that contain user, client application, and permission information. They are short-lived and can be revoked if necessary, providing a higher level of security than Basic Auth. Email providers such as Google and Microsoft may use only OAuth2 for authentication.To create a connection, follow these steps:

Next to the OAuth2 Parameters setting, click +.
Add a new connection or use an existing one:
- Connection name — enter a unique connection name.
- user — add your email address.
- clientId — add a registered client id of the application.
- clientSecret — add a registered client secret of the application.
- accessToken — add an access token. Required only if refreshToken is not available.
- refreshToken — add a refresh token. If it is provided, the Node tries to generate a new access token if existing one expires or fails.
- expiryDate — add an expiration Unix timestamp in milliseconds for the current accessToken.
- accessUrl — add an HTTP endpoint for requesting new access tokens. This value defaults to Gmail https://accounts.google.com/o/oauth2/token.
- tlsOption — specify one of the options if you want to connect with TLS:
  - tls — is used by default. TLS is a separate protocol that operates on a different port (usually port 443 for HTTPS).
  - starttls — is a command used to upgrade an existing insecure connection to a secure one within the same port.
  - none — don’t connect with TLS.
Click Create.

Cognigy caches connections by default, and for OAuth2 connections, Cognigy also caches the refresh and access tokens. To update the refresh token or access token, create a snapshot.

Attachments

By default, the No Attachment option is selected.

Attachment Type	Description
From URL	You can specify a public Web URL or a data URL. The linked File will then be attached to that mail. You can also pick a custom filename for the attached file.
From Text Content	You can define a text that should be sent as an attachment.
From Base64 String	You can define Base64-encoded data that should be attached.
Custom Content Attachment	If you need to send text content with a specific MIME-Type, allowing you to define an own MIME-Type.
From Pregenerated MIME Node	Allows to send a fully customized attachment body manually.

Result Storage & Error Handling

Option	Description
Don’t store result	Default option. The result isn’t stored.
Input	The result is stored at a specified location in the Input Key to store Result field.
Context	The result is stored at a specified location in the Context Key to store Result field.

Stop on Error

If switched on, the flow execution will halt in case the mail-sending fails.

Advanced

Parameter	Description
Custom From Email Address	This email address will be displayed in the “from” field (sender’s address).
CC Email Addresses	The CC recipients of your email.
BCC Email Addresses	The BCC recipients of your email.
Reply To Address	This email address is the target for receiving mails when recipients reply to your email.
Define custom text Email Content	If your content contains non-text content, you can provide a customized text-only version of the mail content here for improved compatibility with limited devices.
Email Priority	You can use this option to set your priority to `high`, `normal` (default), or `low`.
Execute Request asynchronous	If switched on, the flow execution will continue directly after the Send Email Node was triggered. If turned-off, flow execution will wait until the email is sent.

Example

This example shows how to configure OAuth2 Client Credentials with Microsoft 365 SMTP using Microsoft Entra ID.

Prerequisites

Before starting, ensure the following:

Your Microsoft Entra account must have one of the following roles:
- Application Developer (minimum).
- Cloud Application Administrator or Global Administrator (recommended).
The mailbox that will send emails must:
- Be hosted in Microsoft 365 or Exchange Online.
- Have SMTP AUTH activated.

Create a Multi-Tenant Application in Microsoft Entra ID

Log in to the Microsoft Entra admin center.
In the left sidebar, select Entra ID > App registrations.
Click New registration. On the Register an application page, enter a name, for example, Cognigy SMTP Integration.
In the Supported account types section, select Accounts in any organizational directory (Any Azure AD directory - Multitenant). Follow Microsoft best practices for multitenant applications, especially regarding security and permission scope.
Leave Redirect URI empty, this field isn’t required for OAuth2 Client Credentials. Click Register.
After the registration, the Application Overview page appears. Copy and securely store:
- Application (client) ID.
- Directory (tenant) ID.
You will need these IDs later for the Send SMTP Email Node.

Create a Client Secret

In the created application, go to Manage > Certificates & secrets.
Click New client secret.
Enter the required information:

Description – for example, Cognigy SMTP Secret.
Expiration – specify the date according to your company’s security policy.

Click Add. Copy the appeared secret value and store it securely. You will need this secret later for the Send SMTP Email Node.

Configure API Permissions

Add the SMTP.SendAsApp permission to your Microsoft Entra application. Ensure admin consent is granted where required.
Register a Service Principal for the your application.

Configure the Send SMTP Email Node

In the Send SMTP Email Node, select Microsoft 365 as the email service.
For the Authentication Method, select OAuth2 Client Credentials and click + to create a new connection.
In the connection configuration, fill in the required fields:

Connection Name — enter a unique name for the connection.
Client ID — enter the application (Client) ID from Microsoft Entra.
Client Secret — enter the secret value created under Certificates & Secrets from Microsoft Entra.
Scope — enter https://outlook.office365.com/.default
Token Endpoint URL — enter https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token and replace {tenant_id} with your Directory (tenant) ID from Microsoft Entra.
User — enter the email address of the sender mailbox. Make sure SMTP AUTH is activated for the user, and the user is granted the SMTP.SendAsApp permission.

Click Create to save the connection, then fill in the required fields for the email configuration, such as Recipient TO Email Addresses, Email Subject, and Email Content.

Troubleshooting

Issue	Possible Cause	Solution
General errors	Typos in the configuration, expired or missing secrets.	Double-check the scope, the token endpoint, the client secret, and ensure you are using the same mailbox as the OAuth2 credentials.
Invalid login or authentication failed	Custom FROM Email Address is set, OAuth credentials mismatch, disabled SMTP AUTH, or wrong token endpoint or scope.	Leave Custom FROM Email Address empty, ensure credentials match the sender mailbox, enable SMTP AUTH, and verify the scope (`https://outlook.office365.com/.default`) and the token endpoint (`https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token`).
401 Unauthorized	Your application lacks `SMTP.SendAsApp`, Admin consent isn’t granted, the Service Principal is missing, or the `SendAs` permission is missing.	Grant the `SMTP.SendAsApp` permission, provide admin consent, ensure the Service Principal exists in Exchange, and assign the `SendAs` permission for the mailbox.
535 Authentication failed	The mailbox SMTP AUTH is deactivated.	Activate SMTP AUTH in Microsoft 365 Admin Center > Mailbox > SMTP AUTH.
Multitenant app issues or token acquisition failed	App not multi-tenant, the Service Principal missing, or incorrect client ID, tenant ID, or client secret.	Ensure the app is multitenant, the Service Principal exists, and verify the client ID, tenant ID, and Client Secret used in Cognigy.AI.

Overview

AI Agents

Human Escalation

Platform Features

For Developers

Administration and Installation

Description

Parameters

Stop on Error

Example

Overview

AI Agents

Human Escalation

Platform Features

For Developers

Administration and Installation

​Description

​Parameters

​Stop on Error

​Example

Description

Parameters

Stop on Error

Example