Playwright Email Testing for OTP, Magic Links, and Password Resets

If you searched for , you are probably trying to verify a real user flow, not just inspect a mocked API response.

That usually means creating a unique inbox, triggering a signup or reset flow, waiting for the message to arrive, extracting a code or link, and finishing the journey in the same Playwright test. This guide shows how to make that workflow deterministic enough for CI.

Quick answer

Playwright email testing works best when your test can:

• create an isolated inbox or phone number for the run
• trigger the application flow that sends the message
• wait for the expected email or SMS using a bounded timeout
• extract the magic link, OTP code, or message content
• assert the post-click or post-code outcome in the same session

If you rely on shared inboxes, sleep statements, or manual message cleanup, your test will become flaky fast.

What teams usually test with Playwright

The most common Playwright email testing scenarios are:

• signup confirmation links
• password reset links
• email OTP codes
• SMS OTP codes
• invite emails
• billing and transactional notifications
• approval or lifecycle emails that must contain the right data

These are all flows where browser automation alone is not enough. The test also needs to control the inbox.

Why Playwright email tests get flaky

Most failures come from a small set of mistakes:

• reusing one inbox across parallel test runs
• waiting with arbitrary sleeps instead of mailbox polling
• matching on subject only
• extracting links from the wrong message
• not asserting that the link or code belongs to the current run
• treating SMS and email as interchangeable even when timing differs

Competitor quickstarts usually explain how to fetch a message, but they often skip inbox isolation, retry strategy, and cleanup patterns that matter in CI.

A safer Playwright email testing pattern

Use this flow instead:

1. create a fresh inbox or phone number for the test
2. use that address or number in the app flow
3. wait for the exact message using recipient plus subject or timeout rules
4. extract the link or code from the returned message body
5. continue the browser flow
6. assert the success state

This is the same pattern we use in:

• Playwright OTP testing
• Playwright fake email example

Playwright email testing for magic links

Magic links are one of the best fits for Playwright because the full user journey stays in the browser.

You typically need to:

• request the login link
• wait for the latest matching email
• extract the target URL
• open it in the same browser context
• assert that the authenticated page loads

The critical detail is making sure the test opens the link generated for the current inbox, not a stale message from a prior run.

Playwright email testing for OTP and MFA

For OTP and MFA testing, the browser is only half the job.

You also need to assert:

• the code arrives within the expected window
• the format is correct
• expired or retried messages behave as expected
• SMS and email variants both work when your auth flow supports them

See:

• How to test OTP login with SMS codes using Playwright
• How to test OTP (one time passwords)
• Testing TOTP one time passwords

Example Playwright email testing workflow

At a high level, the code looks like this:

1. create inbox
2. submit signup form
3. wait for matching message
4. parse body or extract links
5. use the code or link in Playwright
6. assert final UI state

MailSlurp already has example proof for this pattern in the examples manifest, including a dedicated example and SMS-based Playwright flows.

What to compare in a Playwright email testing tool

If you are evaluating tooling, compare:

• inbox creation speed
• support for both email and SMS
• wait APIs with deterministic matching
• HTML, text, and attachment access
• parallel test isolation
• framework support in TypeScript and Node
• CI readiness and API ergonomics

The strong buyer signal is not "can it read an email?" It is "can it let Playwright finish release-critical user journeys repeatedly without human help?"

Playwright email testing vs Cypress email testing

The workflow is similar, but the framework fit is different:

• Playwright is stronger for multi-browser coverage, auth flows, and richer browser control
• Cypress is strong for frontend-heavy browser tests and easier local developer ergonomics

If your team is already standardized on Cypress, see Cypress email testing. If you need broader browser or device coverage, Playwright usually gives you more headroom.

Where MailSlurp fits

MailSlurp gives Playwright tests the message layer they are missing:

• Email integration testing
• Phone number and SMS service
• Authentication testing workflows
• Email sandbox

That lets one test suite create inboxes and numbers, trigger real messages, wait for the exact content, and assert the outcome in CI.

FAQ

How do I test email with Playwright?

Create a unique inbox, trigger the message from your app, wait for the email, extract the code or link, and continue the test in Playwright.

Can Playwright test SMS OTP too?

Yes. The same pattern works with programmable phone numbers, especially for signup, MFA, and recovery flows.

What is the main source of flaky Playwright email tests?

Shared inboxes, loose message matching, and sleep-based waiting are the biggest causes.

Is Playwright email testing only for password resets?

No. It is also useful for signup verification, invites, approval flows, receipts, and MFA.

Final take

The best Playwright email testing setup is not a mailbox hack. It is a deterministic message layer that your test controls from start to finish. If you need Playwright to validate real auth, lifecycle, or notification flows, treat inbox creation and message waiting as first-class parts of the test design.