Tokens are presented as a Bearer header to POST /api/send-email. They are stored hashed; the plaintext is shown once at creation time.
| Label | Owner | Prefix | Created | Last used | Status |
|---|
| Username | Role | Active tokens | Created | Status |
|---|
Most recent 100 sends, newest first. The audit BCC address also delivers a copy to a real mailbox — that is the durable record.
| Sent | By | Token | Subject | Recipients | Status |
|---|
These settings are stored in the database and override the .env file. Leave the password field blank (or unchanged) to keep the existing password. Changes take effect immediately without restarting the container.