Skip to content
Inbox OSS
All docs

Documentation

Authentication

API keys, scopes, IP allowlists, and SSO. Everything that gates access to your account.

API keys

Create keys in the dashboard at Settings → API Keys. Each key has scopes (any combination of send, read, manage) and an optional IP allowlist.

We store SHA-256 hashes of keys, not the raw value. Keys are visible only once at creation time.

Authorization: Bearer $INBOX_API_KEY

Scopes

  • send — POST to /api/v1/mail/send and /api/v1/mail/validate.
  • read — GET on /api/v1/messages, /api/v1/stats, /api/v1/events, /api/v1/suppressions.
  • manage — write access to domains, templates, automations, suppressions.

IP allowlist

Restrict where a key can be used from. Supports IPv4, IPv6, and CIDR. Requests from outside the allowlist return 403 with no further details, even if the key is otherwise valid.

SSO (Enterprise)

SAML 2.0 and OIDC supported. SCIM provisioning available for user lifecycle. Contact sales for provisioning support.

Rotation

Rotate keys in-place: create a new key, deploy it, then delete the old key. Audit log captures both events.

Stuck? We're here.

Free plan includes 3,000 emails/month forever. No credit card required.