Email API
The fastest path from trigger to inbox.
A production-grade transactional email API with full SendGrid v3 compatibility, eight official SDKs, signed webhooks, sandbox mode for CI pipelines, and sub-100ms p99 acceptance latency from six global edge regions. Built for developers who do not want surprises.
Send your first email in 60 seconds
One key. One endpoint. Eight SDKs.
The Inbox OSS Email API is a clean, well-documented REST API for sending transactional email at scale. Single-recipient, batch, templated, attached, dynamic — every shape of transactional send is supported under one consistent endpoint. SDKs in eight languages give you typed request models, retry-with-backoff logic, and automatic idempotency-key handling out of the box.
- Official SDKs for Node.js, Python, Go, Ruby, PHP, Java, .NET, and Rust — all generated from the same OpenAPI 3.1 spec for behavior parity.
- OpenAPI 3.1 specification published publicly so you can generate clients for any language we do not officially ship.
- Idempotency keys on every write operation. Retry-safe by design with 24-hour deduplication windows.
- Per-key scopes (send, read, manage) with optional IP allowlists. Production keys typically scope to send-only.
- Sandbox mode validates every request — auth, schema, template syntax, suppression checks — without delivering. Built for CI pipelines.
- Structured RFC 7807 problem-details errors with type, title, status, detail, and field-level paths on validation failures.
const payload = {
personalizations: [{
to: [{ email: 'ada@example.com' }],
dynamic_template_data: { first_name: 'Ada' },
}],
from: { email: 'hello@yourapp.com', name: 'YourApp' },
subject: 'Welcome to YourApp, {{first_name}}',
content: [{ type: 'text/html', value: '<h1>Hi {{first_name}}</h1>' }],
tracking_settings: { open_tracking: { enable: true }, click_tracking: { enable: true } },
categories: ['onboarding', 'welcome'],
custom_args: { user_id: 'u_42', cohort: 'march-2026' },
};
const response = await fetch('https://api.inbox.onesourcesoft.com/api/v1/mail/send', {
method: 'POST',
headers: {
'Authorization': 'Bearer ' + process.env.INBOX_API_KEY,
'Content-Type': 'application/json',
'Idempotency-Key': 'welcome-u_42-2026-03-15',
},
body: JSON.stringify(payload),
});
const result = await response.json();Built in
Everything an enterprise-grade email API should ship with
Not a marketing checklist. Operational features the platform team will rely on in production from day one.
Low-latency acceptance
Sub-100ms p99 acceptance latency from six anycast edge regions. Your hot path stays hot — we never block on downstream MX.
Signed webhooks
Ed25519 signatures on every event payload. Public keys rotate quarterly with 30-day overlap. Replay protection enforced server-side.
Retry & replay
Failed webhook? Exponential backoff for 24 hours, then surface to the dashboard for manual replay. Every event keeps full history.
Global delivery network
Anycast acceptance into the nearest of six regions, smart MX routing on egress, multi-region failover with no DNS change.
Encryption everywhere
TLS 1.3 in transit, MTA-STS enforced on egress, AES-256-GCM at rest, DKIM private keys sealed in a dedicated key vault.
Structured templates
Server-rendered Handlebars and Liquid. Per-recipient substitutions, partials, helpers, conditional blocks, loops, localization.
Schemaful events
29 event types, all documented with JSON Schema. Generate type-safe webhook handlers in any language with a JSON Schema codegen tool.
SendGrid compatibility
Drop-in replacement for the v3 /mail/send body shape. Migrate without touching templates, SDKs, or webhook handlers.
Sandbox mode
POST requests validate without delivering. Perfect for CI pipelines, smoke tests, and local development.
Durable acceptance
Two-zone fsync before 202 response. Zero acknowledged message loss across server crashes, region failures, or rolling deploys.
Granular API keys
Per-key scopes (send / read / manage), IP allowlists (IPv4/IPv6/CIDR), individual rate limits, audit log per key.
HIPAA + GDPR ready
HIPAA Business Associate Agreement on Enterprise. GDPR-compliant processing with pre-signed DPA and EU region option.
How the Inbox OSS Email API works
Sending transactional email at scale is not the same as sending a handful of test emails. Production email systems have to handle burst traffic during product launches, route around mailbox-provider outages, retain durability across region failures, surface delivery outcomes to the calling application, and protect sender reputation across thousands of customers simultaneously. The Inbox OSS Email API is built on the assumption that all of these matter.
Acceptance, queuing, and delivery
When your application POSTs to /api/v1/mail/send, we run the request through five stages: (1) authentication and scope checking against your API key, (2) schema validation against the OpenAPI specification, (3) suppression lookup against your account's suppression list, (4) durable acceptance with two-zone fsync, and (5) queueing onto the appropriate sending node based on warmup state and current rate. The 202 response is returned only after stage 4 — once we have durably accepted the message, you can be confident it will be delivered or surfaced as a failure event regardless of subsequent infrastructure events.
Categories, custom args, and tracking
Every message can carry an array of categories (semantic tags like “onboarding” or “billing”) and a custom_args dictionary (arbitrary key-value metadata preserved through to webhook events). Categories drive the 17 analytics dashboards in your platform console — you can filter every metric by any category combination. Custom args are useful for stamping per-message context likeuser_id, order_id, or cohort that your webhook handlers will need to route events back to the correct internal records.
Templates and personalization
Server-side template rendering uses Handlebars (the SendGrid-compatible dialect) with full support for {{variable}} substitution, {{#if}} conditionals, {{#each}} loops, partials, and custom helpers. Templates live in your account and are referenced by ID; per-recipient data is passed via the dynamic_template_data field on personalizations. For localization, pass a locale key in template data and we will route to the matching localized template version automatically.
Retries and durability
The Email API is retry-safe by design. Every write accepts an Idempotency-Key header; we deduplicate for 24 hours. Network failures during the POST can be safely retried with the same key — we return the original response without re-executing the send. On the delivery side, soft bounces and transient SMTP failures retry with exponential backoff for up to 72 hours before being marked failed. Hard bounces (permanent failures) are suppressed immediately and surfaced via a bounced webhook event.
Migration from SendGrid, Mailgun, or others
Because the API is SendGrid v3 compatible, migration from SendGrid is typically a two-line change: hostname and API key. We also provide a Mailgun-compatible /messages endpoint that accepts the form-encoded Mailgun request body. For Postmark, Amazon SES, or Resend migrations, the code change is slightly larger but our customer engineering team will run the playbook for free on every paid plan. See our comparison hub for detailed migration guides.
Reliable by design
Built to survive bad days, not just demo days
Every operational characteristic of the Email API is the product of deliberate engineering decisions, documented for the teams who will rely on this in production.
Multi-region failover
Active-active across six anycast regions. Acceptance never blocks on a single hot zone. Automatic regional failover requires no DNS change from your side.
Backpressure-aware queueing
When a downstream provider rate-limits us, we slow the right tenant — not yours. Per-account fair queueing prevents a noisy neighbor from affecting your sends.
Durable acceptance
Every accepted email is fsynced to two availability zones before we return 202. Zero acknowledged loss across server crashes or region events.
Capacity reservations
Enterprise customers can pre-reserve burst capacity for known traffic spikes — product launches, end-of-month billing runs, holiday campaigns.
Live observability
17 real-time dashboards, an immutable event log queryable for 30 days, and webhook firehose for streaming events into your data warehouse.
Operations transparency
Status page driven by real probes from 12 global locations every 30 seconds. Incident communication within 1 hour. Public post-mortems for SEV-1.
FAQ
Frequently asked questions about the Email API
Ship better email. Today.
Free tier includes 3,000 emails per month and full API access. Upgrade only when you outgrow it.
