Industry Standard API Documentation

Mailsac API Documentation has been converted over to use OpenAPI.

Code Examples

The new format gives developers and quality assurance testers code samples for common programming languages (curl, Node, Python, PHP, Go, etc).

Explore the API Using Swagger UI

The API can be explored without writing any code using the Swagger UI Explorer. All that is needed to get started is a free Mailsac API Key (requires sign up).

In the Swagger UI Explorer, choose the Authorize button and enter your Mailsac API Key


Use the “Try it out” button to interact with any of the REST API endpoints. A curl example, request URL, response body, and headers are provided.

Organize Your Team’s Email Accounts for Testing

Stop using mailing lists, shared inboxes, and GMail aliases for email testing. Things get messy fast, and often they aren’t easily shared with a team.

Use Mailsac for test email accounts. Make private or shared email addresses for each environment and test scenario. It’s disposable mail designed for QA.

Mailsac helps software teams organize their test accounts in 2 steps.

1. Setup a custom domain.
Pick any available subdomain of *.msdc.co.
Or, add a few DNS entries and use your existing domain, like test.example.com.

2. Start getting email immediately. You are ready to start testing! No need to create any inboxes.
Send an email to any address at your Mailsac domain.
Then check the mail.

If you want, an email inbox can be saved for reuse.

Add a comment so you and your team can see what that address is used for (“test account with admin role for dev and uat environments”).

Advanced: Catch-All

Enable a catch-all under the custom domain’s settings. It’s useful for one-off signup tests. A Catch-All inbox receives all email sent to a specific domain (for non-reserved addresses).

how to enable a sisposable email catch-all inbox

Now, any email address under your mailsac domain will be routed to the catch-all.

Get Started Receiving Mailsac Email For Free

Public inboxes for any @mailsac.com email address are free.

Custom domain plans start at $12 per month, or $10 per month when paid yearly.

We serve small dev shops, financial institutions, and government project teams with the same friendly support.

Advanced Disposable Mail Features

Create a free account to get started

New Features Available On All Plans

All of our plans now included additional features. These features will help quality assurance teams and individual developers test sending and receiving of email, and easily share non-production email accounts.

To see a complete listing of feature visit see our pricing page.

We are in the process of rolling out these features to our existing customers. Please contact support@team.mailsac.com if you need access to the features ahead of our scheduled roll out.

Free Plan

Old PlanNew Plan Feature / Limit
N/AEmail Capture
N/AWebhook Forwarding (requires private inbox)
N/AWebSocket Forwarding (requires private inbox)
N/APurge Inbox (requires private inbox)
N/ASlack Webhooks (requires private inbox)
N/ACommunity Support

Indie Plan

Old PlanNew Plan Feature / Limit
10 Private Addresses50 Private Addresses
0 Outgoing Messages500 Outgoing Messages (non-recurring)
N/AEmail Capture
N/AMessage Logs (15 minutes)
N/ADelete all messages by domain

Business Plan

Old PlanNew Plan Feature / Limit
50 Private Addresses250 Private Addresses
0 Outgoing Messages2,500 Outgoing Messages (non-recurring)
N/AWebsite Login using API Key (2 users)
N/AMessage Logs (1 month)

Enterprise Plan (New Plan)

New and Improved SMTP Header REST API Endpoint

Devs and Quality Assurance Testers Can Easily Validate Mail Headers

The SMTP header endpoint provides quality assurance testers with the option to view an email message’s SMTP headers in parsed formats that easily integrate with automated testing frameworks.

Problem

Developers and QAs are often asked to validate contents of emails. This can include from address, links, and subject. For many organizations this can be a manual process of checking the email and validating if the test criteria has been met.

Solution

Mailsac’s new message header endpoint provides SMTP headers in 3 formats:

1. JSON object format, grouped by lowercased header key. This format is easily consumed by industry standard tools such as Selenium.

{
  "received": [
    "from 107.174.234.77 by frontend1-172-31-29-224 via 172.31.42.57 with HTTP id 8m7iqeiZKJ3MzwTwUQlU for <cd@mailsac.com>; Mon Dec 24 2018 15:29:06 GMT+0000 (Coordinated Universal Time)",
    "from 107.174.234.77 by smtp-in2-172-31-42-57 via 172.31.23.10 (proxy) with SMTP id 8m7iqeiZKJ3MzwTwUQlU for <cd@mailsac.com>; Mon, 24 Dec 2018 15:29:06 UTC",
  ],
  "from": [
    "grem@hello.msdc.co"
  ],
  "to": [
    "cd@mailsac.com"
  ],
  "subject": [
    "invitation to collaborate"
],
  "date": [
    "Mon, 24 Dec 2018 15:29:06 +0000"
  ]
}

2. Ordered JSON array format. This formats pre-parses the headers, but maintains the original order, while still handling duplicate headers such as Received.

?format=ordered-json

[
  {
    "name": "received",
    "value": "from 107.174.234.77 by frontend1-172-31-29-224 via 172.31.42.57 with HTTP id 8m7iqeiZKJ3MzwTwUQlU for <cd@mailsac.com>; Mon Dec 24 2018 15:29:06 GMT+0000 (Coordinated Universal Time)"
  },
  {
    "name": "received",
    "value": "from 107.174.234.77 by smtp-in2-172-31-42-57 via 172.31.23.10 (proxy) with SMTP id 8m7iqeiZKJ3MzwTwUQlU for <cd@mailsac.com>; Mon, 24 Dec 2018 15:29:06 UTC"
  },
...
  {
    "name": "to",
    "value": "cd@mailsac.com"
  },
]

3. Plaintext original format. This format is useful when you are interested in parsing or inspecting the email headers yourself, and do not wish to download the entire message.


?format=plain

Received: from 107.174.234.77 by frontend1-172-31-29-224 via 172.31.42.57 with HTTP id 8m7iqeiZKJ3MzwTwUQlU for <cd@mailsac.com>; Mon Dec 24 2018 15:29:06 GMT+0000 (Coordinated Universal Time)
Received: from 107.174.234.77 by smtp-in2-172-31-42-57 via 172.31.23.10 (proxy) with SMTP id 8m7iqeiZKJ3MzwTwUQlU for <cd@mailsac.com>; Mon, 24 Dec 2018 15:29:06 UTC
...
To: cd@mailsac.com

“We are currently using the REST API headers endpoint in support between our own microservices. Our POP3 server fetches headers of message to implement the POP3 TOP command.” — Michael Mayer, Partner Forking Software LLC

Getting Started

The message header endpoint /api/messages/:messageId/headers is available on all Mailsac plans (including our free tier). See our API Specification for more information.

This code example could can be modified to view the headers for the first email message on an inbox calendartrinity@mailsac.com. Make sure to insert your API Key and change the email address to an email address you which is public or reserved by your account.

const superagent = require('superagent') // npm install superagent

const mailsac_api_key = 'YOUR_API_KEY_HERE' // change this!

superagent
  .get('https://mailsac.com/api/addresses/calendartrinity@mailsac.com/messages')
  .set('Mailsac-Key', mailsac_api_key)
  .then((messages) => {
      const messageId = messages.body[0]._id
      superagent
          .get('https://mailsac.com/api/addresses/calendartrinity@mailsac.com/messages/' + messageId + '/headers')
          .set('Mailsac-Key', mailsac_api_key)
           .then((response) => {
               console.log(response.body)
           })
  })
  .catch(err => console.error(err))

/**
{
  received: [
    'from [ by fireroof via ::1 with HTTP id bo4xdVji_oqEixBO0gGLbvIoe for <calendartrinity@mailsac.com>; Wed, 28 Oct 2020 23:05:29 GMT',
    'from [ fireroof with SMTP id bo4xdVji_oqEixBO0gGLbvIoe for <calendartrinity@mailsac.com>; Wed, 28 Oct 2020 16:05:29 PDT'
  ],
  'x-mailsac-inbound-version': [ '' ],
  date: [ 'Wed, 28 Oct 2020 16:05:29 -0700' ],
  to: [ 'calendartrinity@mailsac.com' ],
  from: [ 'bclinton@mailsac.com' ],
  subject: [ 'test Wed, 28 Oct 2020 16:05:29 -0700' ],
  'message-id': [ '<20201028160528.2893005@fireroof>' ],
  'x-mailer': [ 'swaks v20190914.0 jetmore.org/john/code/swaks/' ]
}
**/

Multi-User Login using API Credentials, For Team Collaboration

Update: April 2021 – Multi-User login is now called “Sub-Accounts”

Named API Keys can now be used as website authentication.

Custom domains and Private Addresses have been great for quality assurance teams to conduct end to end automated testing of email. But sometimes interacting with an REST API can be a lot of overhead for non-repeating tasks. API Credentials can now be used to login to the website.

All private addresses and custom domains associated with the primary account will be visible from the website for API users. The permissions for API users are the same as API keys.

Quality assurance teams often share credentials of test accounts for the web application they are testing. These test accounts might to be associated with an email provisioned by their IT department or the QA tester’s personal email. Mailsac private domains allow the test accounts to be created in an an environment all members of the QA team have access to.

This feature allows teams to work together in the Mailsac platform. There is no longer a need to for each person to have their own Mailsac account. A named API Key can be created for each person. That API key can be used to interact with the REST API and the website. As a result, password resets and transaction emails sent to a Mailsac private domain can be accessed by any member of the QA team.

“Internally we have used Mailsac for collaboration. Being able to share a private address or domain allows my team members to see exactly what I am seeing. This feature allows our customers to do the same with their own private domains and addresses” Michael Mayer – Member – Forking Software LLC

Getting started is as easy as provisioning a new set of API credentials and enabling the website login on the API Key. This can be done the the Dashboard and selecting API Credentials & Users

Enable Website Login

We will be rolling this feature out to our Business and Enterprise Plans in the next couple weeks. If you have an immediate need for this feature we can enable it on your account. Contact support@team.mailsac.com to get early access to this feature on you Business or Enterprise Plan.

Retiring TLS 1.0 and TLS 1.1

Our REST APIs and website will require the use of TLSv1.2 on October 24, 2020. TLS 1.2 was published as RFC 5246 in 2008.

All major web browsers (Chrome, Edge, Internet Explorer, Firefox, and Safari) have already disabled TLS 1.0 and TLS 1.1. Most modern programming languages have support for TLS 1.2.

Integrations written in Java 6 and Python 2.6 do not have TLS 1.2 support.

References

Announcing the Email Capture Service

With email capture, Quality Assurance teams testing email delivery can easily see the exact emails customers will receive.

The new Email Capture Service is an SMTP server that accepts all mail regardless of the To and From address. It is similar to Mailsac’s existing disposable mail, with some key differences. The capture service acts like a fake outbound relay, rather than a fake inbound relay.

Messages sent via capture.mailsac.com are available for viewing from the Mailsac Website or REST API. This allows Quality Assurance teams to validate that the message was sent and the contents of the message.

Web applications frequently send transactional emails to users. During development and User Acceptance Testing, sending email is disabled in the application – so emails are not accidentally sent to customers or fake test addresses. Sending lots of bounces from a development application is a great way to get your domain blacklisted, greylisted, or onto a spam list.

Send via capture.mailsac.com instead

Web applications can be configured to use the Email Capture Service as their SMTP server. Emails sent by the application can then be viewed by developers and testers.

Customers have been sending test emails to hosted custom domains at Mailsac for years. The email capture services simplifies the process of sending emails to Mailsac by allowing developers to relay through Mailsac without any additional email infrastructure.

Michael Mayer – LLC Member at Forking Software LLC.

Most customers can get started sending through the Email Capture service instantly.
Wherever you input SMTP credentials in your application, change to the following:

  • Server Name: capture.mailsac.com
  • Port: 5587
  • Use Secure Connection: Yes (TLS)
  • User Authentication – Username: Mailsac account username *
  • User Authentication – Password: any Mailsac API Key for the account

Any email sent to the capture server will be available at the TO address in Mailsac’s UI or API.

* a private address or custom domain address may be used if your email library does not support a separate FROM address for the username.

Further Reading

Easy purging of inboxes

We’ve listened to your feedback. This week we released new functionality to delete all the messages in an inbox.

Purging an inbox can be accomplished in two ways:

  • programmatically, via the REST API DELETE /api/addresses/:email/messages route
  • by clicking the new “Purge Inbox” button

Here’s an example of clicking the Purge Inbox button, instantly recycling over 80 messages:

Why were all the messages not deleted?

Starred messages (savedBy in the REST API) will not be purged.

We recommend un-starring those messages first, then purging the inbox, if you want to completely clear the inbox. Or, use the existing single-message deletion feature will allow you to delete a starred message. There is a button for deleting messages on the inbox page. The REST API route to delete a single message is DELETE /api/addresses/:email/messages/:messageId.