How we use GOV.UK Notify
GOV.UK Notify is a Government-as-a-Platform service that allows clients of their API to send emails, text messages and letters. We use GOV.UK Notify to send emails to users - both members of the public and publishers. Historically, we’ve also used Amazon SES directly to send emails, but that’s being phased out in favour of GOV.UK Notify.
We have three main services on GOV.UK Notify (nine in total as we have a service for each environment):
- GOV.UK Emails
This service is used by Email Alert API only. It’s used to send public-facing email updates about pieces of content on GOV.UK. It’s our biggest sender of emails generating millions of emails per day.
The Email Alert API Product dashboard shows usage over time.
Note: GOV.UK Notify limits this account (as a special case) to a daily limit of 8 million emails, at a maximum rate of roughly 400 messages per second (in fact they define this as 24,000 messages per rolling minute), meaning that we should adhere to these limits when using Notify to deliver emails for our applications. We set our rate slightly below that at 21,600 requests per second in the SendEmailJob. If you wish to double check these figures you could ask in their slack channel #govuk-notify.
- GOV.UK Publishing
This service is used by our publishing applications. It’s used to send publisher-facing emails. The type of email can vary a lot, but a typical example might be to receive an email when a scheduled document on GOV.UK has been automatically published.
- GOV.UK
This service is for any public-facing application that does not use the Email Alert Api to send emails.
Currently it is used by Feedback to email a survey link
to users who click a survey banner or use the Is this page useful? feature.
Accessing the dashboard
👉 Sign in to the GOV.UK Notify dashboard
You’ll need to use your own account, which should have been created as part of getting production admin access. If you lack an account, ask your tech lead or a GOV.UK Senior Tech member to invite you to the GOV.UK, GOV.UK Email and GOV.UK Publishing services in Notify.
For the GOV.UK Email (Integration) and GOV.UK Email (Staging) applications, the administrator accounts
are email-alert-api-integration@digital.cabinet-office.gov.uk and email-alert-api-staging@digital.cabinet-office.gov.uk respectively. To gain access you will need to be a member of the appropriate group.
Rotating API Keys
GOV.UK Notify suggests that API keys should be rotated every 6 months, or when a member of the service team leaves. Create a new key in Notify’s dashboard (give it a date name so that we know when it was created), and update the equivalent secret in Secrets Manager. The API Integration section on Notify’s dashboard includes a message log, so you should be able to see when the new key is being used. Once it is, you can revoke the old key.
Getting urgent support
GOV.UK Notify provides 24/7 support for emergencies. They commit to providing a response to emergencies within 30 minutes.
Request support here: https://www.notifications.service.gov.uk/support.
Receiving emails from GOV.UK Notify
Note: we have specific documentation for receiving Email Alert API emails in the integration and staging.
GOV.UK Notify services have two modes: live and trial. Our production services are all in live mode; most other services are in trial mode. In this mode emails will only be sent to members of the service or email address in the allow-list, any request to send an email to another email address will fail.
To receive emails in integration and staging through GOV.UK Notify, you should add yourself to the service:
Choose the service in the appropriate environment and navigate to “Team members”.
The members with the permission
Manage settings, team and usagewill be able to add you to this team.
The GOV.UK Publishing services are a special case: for these services, integration and staging also run in production mode. This is because Signon needs to be able to send emails to all users, even in integration and production. However, most of the apps using this service use a team-only API key with the same restriction; only Signon has a live key.