API Reference
REST + JSON
OpenAPI 3.1 spec available at /openapi.json. SendGrid v3 compatibility on every endpoint marked compat.
Authentication
All requests require a Bearer token. Create keys at app.inbox.onesourcesoft.com/settings/api-keys. Per-key scopes: send, read, manage. Add an IP allowlist for production keys.
POST /api/v1/mail/send HTTP/1.1
Host: api.inbox.onesourcesoft.com
Authorization: Bearer $INBOX_API_KEY
Content-Type: application/json
Idempotency-Key: 8f3a-5e21-7c10
{
"personalizations": [{"to": [{"email": "ada@example.com"}]}],
"from": {"email": "hello@yourapp.com"},
"subject": "Welcome",
"content": [{"type": "text/html", "value": "<h1>Hi Ada</h1>"}],
"tracking_settings": {"open_tracking": {"enable": true}, "click_tracking": {"enable": true}},
"categories": ["onboarding"]
}Rate limits
Default 600 req/sec per API key, 5,000 req/sec per account. Higher limits on Enterprise. Headers X-RateLimit-Remaining, X-RateLimit-Reset on every response. 429 with Retry-After on exceed.
Idempotency
Include Idempotency-Key header on writes. We dedupe for 24 hours; replay returns the original response.
Errors
RFC 7807 Problem Details. type, title, status, detail, optional instance. All 4xx errors include a errors array with field-level paths.
