Skip to content
Inbox OSS

API Reference

REST + JSON

OpenAPI 3.1 spec available at /openapi.json. SendGrid v3 compatibility on every endpoint marked compat.

Authentication

All requests require a Bearer token. Create keys at app.inbox.onesourcesoft.com/settings/api-keys. Per-key scopes: send, read, manage. Add an IP allowlist for production keys.

POST /api/v1/mail/send HTTP/1.1
Host: api.inbox.onesourcesoft.com
Authorization: Bearer $INBOX_API_KEY
Content-Type: application/json
Idempotency-Key: 8f3a-5e21-7c10

{
  "personalizations": [{"to": [{"email": "ada@example.com"}]}],
  "from": {"email": "hello@yourapp.com"},
  "subject": "Welcome",
  "content": [{"type": "text/html", "value": "<h1>Hi Ada</h1>"}],
  "tracking_settings": {"open_tracking": {"enable": true}, "click_tracking": {"enable": true}},
  "categories": ["onboarding"]
}

Rate limits

Default 600 req/sec per API key, 5,000 req/sec per account. Higher limits on Enterprise. Headers X-RateLimit-Remaining, X-RateLimit-Reset on every response. 429 with Retry-After on exceed.

Idempotency

Include Idempotency-Key header on writes. We dedupe for 24 hours; replay returns the original response.

Errors

RFC 7807 Problem Details. type, title, status, detail, optional instance. All 4xx errors include a errors array with field-level paths.