Skip to content
Inbox OSS

Email API

The fastest path from trigger to inbox.

A production-grade transactional email API with full SendGrid v3 compatibility, eight official SDKs, signed webhooks, sandbox mode for CI pipelines, and sub-100ms p99 acceptance latency from six global edge regions. Built for developers who do not want surprises.

Send your first email in 60 seconds

One key. One endpoint. Eight SDKs.

The Inbox OSS Email API is a clean, well-documented REST API for sending transactional email at scale. Single-recipient, batch, templated, attached, dynamic — every shape of transactional send is supported under one consistent endpoint. SDKs in eight languages give you typed request models, retry-with-backoff logic, and automatic idempotency-key handling out of the box.

  • Official SDKs for Node.js, Python, Go, Ruby, PHP, Java, .NET, and Rust — all generated from the same OpenAPI 3.1 spec for behavior parity.
  • OpenAPI 3.1 specification published publicly so you can generate clients for any language we do not officially ship.
  • Idempotency keys on every write operation. Retry-safe by design with 24-hour deduplication windows.
  • Per-key scopes (send, read, manage) with optional IP allowlists. Production keys typically scope to send-only.
  • Sandbox mode validates every request — auth, schema, template syntax, suppression checks — without delivering. Built for CI pipelines.
  • Structured RFC 7807 problem-details errors with type, title, status, detail, and field-level paths on validation failures.
const payload = {
  personalizations: [{
    to: [{ email: 'ada@example.com' }],
    dynamic_template_data: { first_name: 'Ada' },
  }],
  from: { email: 'hello@yourapp.com', name: 'YourApp' },
  subject: 'Welcome to YourApp, {{first_name}}',
  content: [{ type: 'text/html', value: '<h1>Hi {{first_name}}</h1>' }],
  tracking_settings: { open_tracking: { enable: true }, click_tracking: { enable: true } },
  categories: ['onboarding', 'welcome'],
  custom_args: { user_id: 'u_42', cohort: 'march-2026' },
};

const response = await fetch('https://api.inbox.onesourcesoft.com/api/v1/mail/send', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer ' + process.env.INBOX_API_KEY,
    'Content-Type': 'application/json',
    'Idempotency-Key': 'welcome-u_42-2026-03-15',
  },
  body: JSON.stringify(payload),
});
const result = await response.json();

Built in

Everything an enterprise-grade email API should ship with

Not a marketing checklist. Operational features the platform team will rely on in production from day one.

Low-latency acceptance

Sub-100ms p99 acceptance latency from six anycast edge regions. Your hot path stays hot — we never block on downstream MX.

Signed webhooks

Ed25519 signatures on every event payload. Public keys rotate quarterly with 30-day overlap. Replay protection enforced server-side.

Retry & replay

Failed webhook? Exponential backoff for 24 hours, then surface to the dashboard for manual replay. Every event keeps full history.

Global delivery network

Anycast acceptance into the nearest of six regions, smart MX routing on egress, multi-region failover with no DNS change.

Encryption everywhere

TLS 1.3 in transit, MTA-STS enforced on egress, AES-256-GCM at rest, DKIM private keys sealed in a dedicated key vault.

Structured templates

Server-rendered Handlebars and Liquid. Per-recipient substitutions, partials, helpers, conditional blocks, loops, localization.

Schemaful events

29 event types, all documented with JSON Schema. Generate type-safe webhook handlers in any language with a JSON Schema codegen tool.

SendGrid compatibility

Drop-in replacement for the v3 /mail/send body shape. Migrate without touching templates, SDKs, or webhook handlers.

Sandbox mode

POST requests validate without delivering. Perfect for CI pipelines, smoke tests, and local development.

Durable acceptance

Two-zone fsync before 202 response. Zero acknowledged message loss across server crashes, region failures, or rolling deploys.

Granular API keys

Per-key scopes (send / read / manage), IP allowlists (IPv4/IPv6/CIDR), individual rate limits, audit log per key.

HIPAA + GDPR ready

HIPAA Business Associate Agreement on Enterprise. GDPR-compliant processing with pre-signed DPA and EU region option.

How the Inbox OSS Email API works

Sending transactional email at scale is not the same as sending a handful of test emails. Production email systems have to handle burst traffic during product launches, route around mailbox-provider outages, retain durability across region failures, surface delivery outcomes to the calling application, and protect sender reputation across thousands of customers simultaneously. The Inbox OSS Email API is built on the assumption that all of these matter.

Acceptance, queuing, and delivery

When your application POSTs to /api/v1/mail/send, we run the request through five stages: (1) authentication and scope checking against your API key, (2) schema validation against the OpenAPI specification, (3) suppression lookup against your account's suppression list, (4) durable acceptance with two-zone fsync, and (5) queueing onto the appropriate sending node based on warmup state and current rate. The 202 response is returned only after stage 4 — once we have durably accepted the message, you can be confident it will be delivered or surfaced as a failure event regardless of subsequent infrastructure events.

Categories, custom args, and tracking

Every message can carry an array of categories (semantic tags like “onboarding” or “billing”) and a custom_args dictionary (arbitrary key-value metadata preserved through to webhook events). Categories drive the 17 analytics dashboards in your platform console — you can filter every metric by any category combination. Custom args are useful for stamping per-message context likeuser_id, order_id, or cohort that your webhook handlers will need to route events back to the correct internal records.

Templates and personalization

Server-side template rendering uses Handlebars (the SendGrid-compatible dialect) with full support for {{variable}} substitution, {{#if}} conditionals, {{#each}} loops, partials, and custom helpers. Templates live in your account and are referenced by ID; per-recipient data is passed via the dynamic_template_data field on personalizations. For localization, pass a locale key in template data and we will route to the matching localized template version automatically.

Retries and durability

The Email API is retry-safe by design. Every write accepts an Idempotency-Key header; we deduplicate for 24 hours. Network failures during the POST can be safely retried with the same key — we return the original response without re-executing the send. On the delivery side, soft bounces and transient SMTP failures retry with exponential backoff for up to 72 hours before being marked failed. Hard bounces (permanent failures) are suppressed immediately and surfaced via a bounced webhook event.

Migration from SendGrid, Mailgun, or others

Because the API is SendGrid v3 compatible, migration from SendGrid is typically a two-line change: hostname and API key. We also provide a Mailgun-compatible /messages endpoint that accepts the form-encoded Mailgun request body. For Postmark, Amazon SES, or Resend migrations, the code change is slightly larger but our customer engineering team will run the playbook for free on every paid plan. See our comparison hub for detailed migration guides.

Reliable by design

Built to survive bad days, not just demo days

Every operational characteristic of the Email API is the product of deliberate engineering decisions, documented for the teams who will rely on this in production.

Multi-region failover

Active-active across six anycast regions. Acceptance never blocks on a single hot zone. Automatic regional failover requires no DNS change from your side.

Backpressure-aware queueing

When a downstream provider rate-limits us, we slow the right tenant — not yours. Per-account fair queueing prevents a noisy neighbor from affecting your sends.

Durable acceptance

Every accepted email is fsynced to two availability zones before we return 202. Zero acknowledged loss across server crashes or region events.

Capacity reservations

Enterprise customers can pre-reserve burst capacity for known traffic spikes — product launches, end-of-month billing runs, holiday campaigns.

Live observability

17 real-time dashboards, an immutable event log queryable for 30 days, and webhook firehose for streaming events into your data warehouse.

Operations transparency

Status page driven by real probes from 12 global locations every 30 seconds. Incident communication within 1 hour. Public post-mortems for SEV-1.

FAQ

Frequently asked questions about the Email API

A transactional email API is a programmatic interface that lets your application send individual emails triggered by user actions — password resets, order confirmations, magic links, security alerts, receipts. Transactional email differs from marketing email in that it is one-to-one rather than one-to-many, triggered by a specific event, and typically time-sensitive (sub-second to seconds rather than scheduled or batched). A transactional email API like Inbox OSS exposes a simple HTTP endpoint that accepts a JSON or form-encoded request describing the email — recipient, sender, subject, content — and asynchronously delivers it via the email infrastructure.

Ship better email. Today.

Free tier includes 3,000 emails per month and full API access. Upgrade only when you outgrow it.