Skip to main content

Overview

CardClan supports connecting your personal Microsoft account (Outlook.com, Hotmail, Live) via OAuth 2.0. Once connected, cards are sent directly from your Outlook address — no SMTP passwords or app passwords needed.
This uses Microsoft’s secure OAuth 2.0 flow. CardClan never stores your password — only an encrypted access token.

Prerequisites

Before connecting, make sure:
  • You have a personal Microsoft account (yourname@outlook.com, @hotmail.com, or @live.com)
  • You are logged in to CardClan
  • Pop-ups are allowed in your browser for CardClan

Step 1: Go to Email Settings

  1. Log in to CardClan
  2. Go to Settings → Email Accounts

Step 2: Connect Your Outlook Account

  1. Scroll to the One-Click OAuth Connections section
  2. Click Connect Outlook
  3. A Microsoft sign-in popup will appear — sign in with your Outlook/Hotmail account
  4. Review the permissions requested and click Accept
CardClan requests the https://outlook.office.com/SMTP.Send scope. This is the Microsoft-approved permission for sending emails via SMTP OAuth2 on your behalf. CardClan does not read, delete, or access your inbox.

Step 3: Confirm the Connection

The popup will close automatically and your Outlook address will appear under Connected OAuth Accounts with a Microsoft badge.

Step 4: Send a Card

From now on, all cards you send — both instant and scheduled — will automatically use your connected Outlook address as the From address. Token refresh happens silently in the background, so you won’t need to reconnect unless you explicitly disconnect.

Disconnecting

  1. Go to Settings → Email Accounts
  2. Find your Outlook account under Connected OAuth Accounts
  3. Click Disconnect
Cards will fall back to the default CardClan sending address.

Troubleshooting

Make sure pop-ups are enabled for CardClan in your browser. In Chrome: click the lock icon in the address bar → Site settings → Pop-ups → Allow.
Try disconnecting and reconnecting to issue a fresh token. If this continues, contact support.
This means your Microsoft account is managed by an organisation (not a personal account). If so, use the Office 365 OAuth guide instead, which includes admin approval steps.
Contact us if you have any questions or run into issues.