POST /api/v1/accounts
Sign up
Operation ID: createAccount
accounts
Request Body
| Content-Type | Schema |
|---|
| application/json | CreateAccountRequest {
"email": "string",
"password": "string"
}
|
Responses
| Status | Description | Content-Type | Schema |
|---|
| 201 | Account created | application/json | |
| 409 | Email already registered | application/json | |
| 422 | Validation error | application/json | |
201 application/json AccountResponse
{
"created_at": "2026-04-02T12:00:00Z",
"email": "string",
"id": "string",
"timezone": "string",
"updated_at": "2026-04-02T12:00:00Z"
}
409 application/json Error
{
"code": "string",
"error": "string"
}
422 application/json Error
{
"code": "string",
"error": "string"
}
GET /api/v1/accounts/me
Get current account
Operation ID: getAccount
accounts
Responses
| Status | Description | Content-Type | Schema |
|---|
| 200 | Account details | application/json | |
| 401 | Unauthorized | application/json | |
200 application/json AccountResponse
{
"created_at": "2026-04-02T12:00:00Z",
"email": "string",
"id": "string",
"timezone": "string",
"updated_at": "2026-04-02T12:00:00Z"
}
401 application/json Error
{
"code": "string",
"error": "string"
}
DELETE /api/v1/accounts/me
Delete account
Operation ID: deleteAccount
accounts
Request Body
| Content-Type | Schema |
|---|
| application/json | DeleteAccountRequest |
Responses
| Status | Description | Content-Type | Schema |
|---|
| 204 | Account deleted | | |
| 401 | Unauthorized | application/json | |
401 application/json Error
{
"code": "string",
"error": "string"
}
DELETE /api/v1/accounts/me/2fa
Disable TOTP two-factor authentication
Operation ID: disableTOTP
2fa
Request Body
| Content-Type | Schema |
|---|
| application/json | TOTPCodeRequest |
Responses
| Status | Description | Content-Type | Schema |
|---|
| 204 | TOTP disabled | | |
| 401 | Invalid TOTP code | application/json | |
| 422 | TOTP not enabled | application/json | |
401 application/json Error
{
"code": "string",
"error": "string"
}
422 application/json Error
{
"code": "string",
"error": "string"
}
POST /api/v1/accounts/me/2fa/backup-codes
Regenerate TOTP backup codes
Operation ID: regenerateBackupCodes
2fa
Request Body
| Content-Type | Schema |
|---|
| application/json | TOTPCodeRequest |
Responses
| Status | Description | Content-Type | Schema |
|---|
| 200 | New backup codes | application/json | |
| 401 | Invalid TOTP code | application/json | |
| 422 | TOTP not enabled | application/json | |
200 application/json BackupCodesResponse
{
"backup_codes": [
"string"
]
}
401 application/json Error
{
"code": "string",
"error": "string"
}
422 application/json Error
{
"code": "string",
"error": "string"
}
POST /api/v1/accounts/me/2fa/enable
Enable TOTP two-factor authentication
Operation ID: enableTOTP
2fa
Request Body
| Content-Type | Schema |
|---|
| application/json | EnableTOTPRequest |
Responses
| Status | Description | Content-Type | Schema |
|---|
| 200 | TOTP enabled; backup codes returned | application/json | |
| 401 | Invalid TOTP code | application/json | |
| 409 | TOTP already enabled | application/json | |
| 422 | TOTP not set up yet | application/json | |
200 application/json BackupCodesResponse
{
"backup_codes": [
"string"
]
}
401 application/json Error
{
"code": "string",
"error": "string"
}
409 application/json Error
{
"code": "string",
"error": "string"
}
422 application/json Error
{
"code": "string",
"error": "string"
}
POST /api/v1/accounts/me/2fa/setup
Set up TOTP two-factor authentication
Operation ID: setupTOTP
2fa
Responses
| Status | Description | Content-Type | Schema |
|---|
| 200 | TOTP setup details | application/json | |
| 401 | Unauthorized | application/json | |
200 application/json SetupTOTPResponse
{
"otpauth_url": "string",
"qr_code_png": "string",
"secret": "string"
}
401 application/json Error
{
"code": "string",
"error": "string"
}
PUT /api/v1/accounts/me/password
Change password
Operation ID: changePassword
accounts
Request Body
| Content-Type | Schema |
|---|
| application/json | ChangePasswordRequest {
"current_password": "string",
"new_password": "string"
}
|
Responses
| Status | Description | Content-Type | Schema |
|---|
| 204 | Password changed | | |
| 401 | Unauthorized | application/json | |
| 422 | Validation error | application/json | |
401 application/json Error
{
"code": "string",
"error": "string"
}
422 application/json Error
{
"code": "string",
"error": "string"
}
PUT /api/v1/accounts/me/timezone
Update timezone
Operation ID: updateTimezone
accounts
Request Body
| Content-Type | Schema |
|---|
| application/json | UpdateTimezoneRequest |
Responses
| Status | Description | Content-Type | Schema |
|---|
| 204 | Timezone updated | | |
| 401 | Unauthorized | application/json | |
| 422 | Invalid timezone | application/json | |
401 application/json Error
{
"code": "string",
"error": "string"
}
422 application/json Error
{
"code": "string",
"error": "string"
}
POST /api/v1/accounts/password-reset
Request password reset
Operation ID: requestPasswordReset
accounts
Request Body
| Content-Type | Schema |
|---|
| application/json | RequestPasswordResetRequest |
Responses
| Status | Description | Content-Type | Schema |
|---|
| 202 | Reset email sent (always returned; never reveals whether address exists) | | |
PUT /api/v1/accounts/password-reset
Confirm password reset
Operation ID: confirmPasswordReset
accounts
Request Body
| Content-Type | Schema |
|---|
| application/json | ConfirmPasswordResetRequest {
"new_password": "string",
"token": "string"
}
|
Responses
| Status | Description | Content-Type | Schema |
|---|
| 204 | Password reset successful | | |
| 401 | Token invalid or expired | application/json | |
| 422 | Validation error | application/json | |
401 application/json Error
{
"code": "string",
"error": "string"
}
422 application/json Error
{
"code": "string",
"error": "string"
}
GET /api/v1/domains
List domains
Operation ID: listDomains
domains
Responses
| Status | Description | Content-Type | Schema |
|---|
| 200 | List of domains | application/json | |
| 401 | Unauthorized | application/json | |
200 application/json array<DomainResponse>
[
{
"account_id": "string",
"created_at": "2026-04-02T12:00:00Z",
"id": "string",
"is_public": true,
"name": "string",
"updated_at": "2026-04-02T12:00:00Z",
"verification_token": "string",
"verified": true
}
]
401 application/json Error
{
"code": "string",
"error": "string"
}
POST /api/v1/domains
Claim a domain
Operation ID: createDomainClaim
domains
Request Body
| Content-Type | Schema |
|---|
| application/json | CreateDomainRequest |
Responses
| Status | Description | Content-Type | Schema |
|---|
| 201 | Domain claimed | application/json | |
| 401 | Unauthorized | application/json | |
| 409 | Domain already claimed | application/json | |
| 422 | Invalid domain name | application/json | |
201 application/json DomainResponse
{
"account_id": "string",
"created_at": "2026-04-02T12:00:00Z",
"id": "string",
"is_public": true,
"name": "string",
"updated_at": "2026-04-02T12:00:00Z",
"verification_token": "string",
"verified": true
}
401 application/json Error
{
"code": "string",
"error": "string"
}
409 application/json Error
{
"code": "string",
"error": "string"
}
422 application/json Error
{
"code": "string",
"error": "string"
}
GET /api/v1/domains/{id}
Get domain
Operation ID: getDomain
domains
Parameters
| In | Name | Type | Required | Description |
|---|
| path | id | string | yes | Domain ID |
Responses
| Status | Description | Content-Type | Schema |
|---|
| 200 | Domain details | application/json | |
| 401 | Unauthorized | application/json | |
| 404 | Not found | application/json | |
200 application/json DomainResponse
{
"account_id": "string",
"created_at": "2026-04-02T12:00:00Z",
"id": "string",
"is_public": true,
"name": "string",
"updated_at": "2026-04-02T12:00:00Z",
"verification_token": "string",
"verified": true
}
401 application/json Error
{
"code": "string",
"error": "string"
}
404 application/json Error
{
"code": "string",
"error": "string"
}
DELETE /api/v1/domains/{id}
Delete domain
Operation ID: deleteDomain
domains
Parameters
| In | Name | Type | Required | Description |
|---|
| path | id | string | yes | Domain ID |
Responses
| Status | Description | Content-Type | Schema |
|---|
| 204 | Domain deleted | | |
| 401 | Unauthorized | application/json | |
| 404 | Not found | application/json | |
401 application/json Error
{
"code": "string",
"error": "string"
}
404 application/json Error
{
"code": "string",
"error": "string"
}
POST /api/v1/domains/{id}/verify
Trigger DNS TXT verification for a domain
Operation ID: verifyDomain
domains
Parameters
| In | Name | Type | Required | Description |
|---|
| path | id | string | yes | Domain ID |
Responses
| Status | Description | Content-Type | Schema |
|---|
| 200 | Domain verified | application/json | |
| 401 | Unauthorized | application/json | |
| 404 | Not found | application/json | |
| 422 | DNS TXT record not found or does not match | application/json | |
200 application/json DomainResponse
{
"account_id": "string",
"created_at": "2026-04-02T12:00:00Z",
"id": "string",
"is_public": true,
"name": "string",
"updated_at": "2026-04-02T12:00:00Z",
"verification_token": "string",
"verified": true
}
401 application/json Error
{
"code": "string",
"error": "string"
}
404 application/json Error
{
"code": "string",
"error": "string"
}
422 application/json Error
{
"code": "string",
"error": "string"
}
POST /api/v1/sessions
Sign in
Operation ID: createSession
sessions
Request Body
| Content-Type | Schema |
|---|
| application/json | CreateSessionRequest {
"email": "string",
"password": "string"
}
|
Responses
| Status | Description | Content-Type | Schema |
|---|
| 200 | Either a full session (access_token + refresh_token) or a TOTP
challenge when 2FA is enabled on the account. | application/json | |
| 401 | Invalid credentials | application/json | |
200 application/json any
"value"
401 application/json Error
{
"code": "string",
"error": "string"
}
DELETE /api/v1/sessions
Sign out
Operation ID: deleteSession
sessions
Request Body
| Content-Type | Schema |
|---|
| application/json | DeleteSessionRequest {
"refresh_token": "string"
}
|
Responses
| Status | Description | Content-Type | Schema |
|---|
| 204 | Signed out | | |
| 401 | Unauthorized | application/json | |
401 application/json Error
{
"code": "string",
"error": "string"
}
POST /api/v1/sessions/2fa
Complete sign-in with TOTP code
Operation ID: completeTOTPSession
sessions2fa
Request Body
| Content-Type | Schema |
|---|
| application/json | CompleteTOTPRequest {
"code": "string",
"totp_token": "string"
}
|
Responses
| Status | Description | Content-Type | Schema |
|---|
| 200 | Session tokens | application/json | |
| 401 | Invalid TOTP code or challenge token | application/json | |
200 application/json SessionResponse
{
"access_token": "string",
"expires_in": 0,
"refresh_token": "string"
}
401 application/json Error
{
"code": "string",
"error": "string"
}
POST /api/v1/sessions/refresh
Refresh access token
Operation ID: refreshSession
sessions
Request Body
| Content-Type | Schema |
|---|
| application/json | RefreshSessionRequest {
"refresh_token": "string"
}
|
Responses
| Status | Description | Content-Type | Schema |
|---|
| 200 | New tokens issued | application/json | |
| 401 | Invalid or expired refresh token | application/json | |
200 application/json SessionResponse
{
"access_token": "string",
"expires_in": 0,
"refresh_token": "string"
}
401 application/json Error
{
"code": "string",
"error": "string"
}
GET /api/v1/smtp-policies
List SMTP security policies
Operation ID: listSmtpSecurityPolicies
smtp-security-policies
Responses
| Status | Description | Content-Type | Schema |
|---|
| 200 | List of SMTP security policies | application/json | |
| 401 | Unauthorized | application/json | |
200 application/json array<SmtpSecurityPolicyResponse>
[
{
"allowed_dkim_domains": "string",
"allowed_source_ips": "string",
"allowed_spf_domains": "string",
"created_at": "2026-04-02T12:00:00Z",
"id": "string",
"name": "string",
"require_dkim": true,
"require_smtp_auth": true,
"require_spf": true,
"smtp_credentials": "string",
"updated_at": "2026-04-02T12:00:00Z"
}
]
401 application/json Error
{
"code": "string",
"error": "string"
}
POST /api/v1/smtp-policies
Create SMTP security policy
Operation ID: createSmtpSecurityPolicy
smtp-security-policies
Request Body
| Content-Type | Schema |
|---|
| application/json | CreateSmtpSecurityPolicyRequest {
"allowed_dkim_domains": "string",
"allowed_source_ips": "string",
"allowed_spf_domains": "string",
"name": "string",
"require_dkim": true,
"require_smtp_auth": true,
"require_spf": true,
"smtp_credentials": "string"
}
|
Responses
| Status | Description | Content-Type | Schema |
|---|
| 201 | Policy created | application/json | |
| 401 | Unauthorized | application/json | |
| 422 | Validation error | application/json | |
201 application/json SmtpSecurityPolicyResponse
{
"allowed_dkim_domains": "string",
"allowed_source_ips": "string",
"allowed_spf_domains": "string",
"created_at": "2026-04-02T12:00:00Z",
"id": "string",
"name": "string",
"require_dkim": true,
"require_smtp_auth": true,
"require_spf": true,
"smtp_credentials": "string",
"updated_at": "2026-04-02T12:00:00Z"
}
401 application/json Error
{
"code": "string",
"error": "string"
}
422 application/json Error
{
"code": "string",
"error": "string"
}
GET /api/v1/smtp-policies/{id}
Get SMTP security policy
Operation ID: getSmtpSecurityPolicy
smtp-security-policies
Parameters
| In | Name | Type | Required | Description |
|---|
| path | id | string | yes | SMTP security policy ID |
Responses
| Status | Description | Content-Type | Schema |
|---|
| 200 | Policy details | application/json | |
| 401 | Unauthorized | application/json | |
| 404 | Not found | application/json | |
200 application/json SmtpSecurityPolicyResponse
{
"allowed_dkim_domains": "string",
"allowed_source_ips": "string",
"allowed_spf_domains": "string",
"created_at": "2026-04-02T12:00:00Z",
"id": "string",
"name": "string",
"require_dkim": true,
"require_smtp_auth": true,
"require_spf": true,
"smtp_credentials": "string",
"updated_at": "2026-04-02T12:00:00Z"
}
401 application/json Error
{
"code": "string",
"error": "string"
}
404 application/json Error
{
"code": "string",
"error": "string"
}
PUT /api/v1/smtp-policies/{id}
Update SMTP security policy
Operation ID: updateSmtpSecurityPolicy
smtp-security-policies
Parameters
| In | Name | Type | Required | Description |
|---|
| path | id | string | yes | SMTP security policy ID |
Request Body
| Content-Type | Schema |
|---|
| application/json | UpdateSmtpSecurityPolicyRequest {
"allowed_dkim_domains": "string",
"allowed_source_ips": "string",
"allowed_spf_domains": "string",
"name": "string",
"require_dkim": true,
"require_smtp_auth": true,
"require_spf": true,
"smtp_credentials": "string"
}
|
Responses
| Status | Description | Content-Type | Schema |
|---|
| 200 | Updated policy | application/json | |
| 401 | Unauthorized | application/json | |
| 404 | Not found | application/json | |
| 422 | Validation error | application/json | |
200 application/json SmtpSecurityPolicyResponse
{
"allowed_dkim_domains": "string",
"allowed_source_ips": "string",
"allowed_spf_domains": "string",
"created_at": "2026-04-02T12:00:00Z",
"id": "string",
"name": "string",
"require_dkim": true,
"require_smtp_auth": true,
"require_spf": true,
"smtp_credentials": "string",
"updated_at": "2026-04-02T12:00:00Z"
}
401 application/json Error
{
"code": "string",
"error": "string"
}
404 application/json Error
{
"code": "string",
"error": "string"
}
422 application/json Error
{
"code": "string",
"error": "string"
}
DELETE /api/v1/smtp-policies/{id}
Delete SMTP security policy
Operation ID: deleteSmtpSecurityPolicy
smtp-security-policies
Parameters
| In | Name | Type | Required | Description |
|---|
| path | id | string | yes | SMTP security policy ID |
Responses
| Status | Description | Content-Type | Schema |
|---|
| 204 | Policy deleted | | |
| 401 | Unauthorized | application/json | |
| 404 | Not found | application/json | |
401 application/json Error
{
"code": "string",
"error": "string"
}
404 application/json Error
{
"code": "string",
"error": "string"
}
GET /api/v1/webhooks
List webhooks
Operation ID: listWebhooks
webhooks
Responses
| Status | Description | Content-Type | Schema |
|---|
| 200 | List of webhooks | application/json | |
| 401 | Unauthorized | application/json | |
200 application/json array<WebhookResponse>
[
{
"active": true,
"address": "string",
"created_at": "2026-04-02T12:00:00Z",
"custom_headers": {
"key": "value"
},
"id": "string",
"payload_template": "string",
"rate_limit": 0,
"secret": "string",
"smtp_security_policy_id": "string",
"target_url": "string",
"updated_at": "2026-04-02T12:00:00Z"
}
]
401 application/json Error
{
"code": "string",
"error": "string"
}
POST /api/v1/webhooks
Create webhook
Operation ID: createWebhook
webhooks
Request Body
| Content-Type | Schema |
|---|
| application/json | CreateWebhookRequest {
"active": true,
"address": "string",
"custom_headers": {
"key": "value"
},
"payload_template": "string",
"rate_limit": 0,
"secret": "string",
"smtp_security_policy_id": "string",
"target_url": "string"
}
|
Responses
| Status | Description | Content-Type | Schema |
|---|
| 201 | Webhook created (includes secret) | application/json | |
| 401 | Unauthorized | application/json | |
| 409 | Address already registered | application/json | |
| 422 | Validation error | application/json | |
201 application/json WebhookResponse
{
"active": true,
"address": "string",
"created_at": "2026-04-02T12:00:00Z",
"custom_headers": {
"key": "value"
},
"id": "string",
"payload_template": "string",
"rate_limit": 0,
"secret": "string",
"smtp_security_policy_id": "string",
"target_url": "string",
"updated_at": "2026-04-02T12:00:00Z"
}
401 application/json Error
{
"code": "string",
"error": "string"
}
409 application/json Error
{
"code": "string",
"error": "string"
}
422 application/json Error
{
"code": "string",
"error": "string"
}
GET /api/v1/webhooks/{id}
Get webhook
Operation ID: getWebhook
webhooks
Parameters
| In | Name | Type | Required | Description |
|---|
| path | id | string | yes | Webhook ID |
Responses
| Status | Description | Content-Type | Schema |
|---|
| 200 | Webhook details | application/json | |
| 401 | Unauthorized | application/json | |
| 404 | Not found | application/json | |
200 application/json WebhookResponse
{
"active": true,
"address": "string",
"created_at": "2026-04-02T12:00:00Z",
"custom_headers": {
"key": "value"
},
"id": "string",
"payload_template": "string",
"rate_limit": 0,
"secret": "string",
"smtp_security_policy_id": "string",
"target_url": "string",
"updated_at": "2026-04-02T12:00:00Z"
}
401 application/json Error
{
"code": "string",
"error": "string"
}
404 application/json Error
{
"code": "string",
"error": "string"
}
PUT /api/v1/webhooks/{id}
Update webhook
Operation ID: updateWebhook
webhooks
Parameters
| In | Name | Type | Required | Description |
|---|
| path | id | string | yes | Webhook ID |
Request Body
| Content-Type | Schema |
|---|
| application/json | UpdateWebhookRequest {
"active": true,
"address": "string",
"clear_security_policy": true,
"custom_headers": {
"key": "value"
},
"payload_template": "string",
"rate_limit": 0,
"secret": "string",
"smtp_security_policy_id": "string",
"target_url": "string"
}
|
Responses
| Status | Description | Content-Type | Schema |
|---|
| 200 | Updated webhook | application/json | |
| 401 | Unauthorized | application/json | |
| 404 | Not found | application/json | |
| 409 | Address already registered | application/json | |
| 422 | Validation error | application/json | |
200 application/json WebhookResponse
{
"active": true,
"address": "string",
"created_at": "2026-04-02T12:00:00Z",
"custom_headers": {
"key": "value"
},
"id": "string",
"payload_template": "string",
"rate_limit": 0,
"secret": "string",
"smtp_security_policy_id": "string",
"target_url": "string",
"updated_at": "2026-04-02T12:00:00Z"
}
401 application/json Error
{
"code": "string",
"error": "string"
}
404 application/json Error
{
"code": "string",
"error": "string"
}
409 application/json Error
{
"code": "string",
"error": "string"
}
422 application/json Error
{
"code": "string",
"error": "string"
}
DELETE /api/v1/webhooks/{id}
Delete webhook
Operation ID: deleteWebhook
webhooks
Parameters
| In | Name | Type | Required | Description |
|---|
| path | id | string | yes | Webhook ID |
Responses
| Status | Description | Content-Type | Schema |
|---|
| 204 | Webhook deleted | | |
| 401 | Unauthorized | application/json | |
| 404 | Not found | application/json | |
401 application/json Error
{
"code": "string",
"error": "string"
}
404 application/json Error
{
"code": "string",
"error": "string"
}
GET /api/v1/webhooks/{id}/logs
List delivery logs for a webhook
Operation ID: listDeliveryLogs
webhooks
Parameters
| In | Name | Type | Required | Description |
|---|
| path | id | string | yes | Webhook ID |
| query | page | integer | no | Page number (1-based) |
| query | page_size | integer | no | Number of results per page |
Responses
| Status | Description | Content-Type | Schema |
|---|
| 200 | List of delivery logs | application/json | |
| 401 | Unauthorized | application/json | |
| 404 | Webhook not found | application/json | |
200 application/json array<DeliveryLogResponse>
[
{
"attempted_at": "2026-04-02T12:00:00Z",
"duration_ms": 0,
"error": "string",
"http_status": 0,
"id": "string",
"sender": "string",
"smtp_message_id": "string",
"webhook_id": "string"
}
]
401 application/json Error
{
"code": "string",
"error": "string"
}
404 application/json Error
{
"code": "string",
"error": "string"
}
GET /api/v1/webhooks/{id}/logs/{logId}
Get a single delivery log entry
Operation ID: getDeliveryLog
webhooks
Parameters
| In | Name | Type | Required | Description |
|---|
| path | id | string | yes | Webhook ID |
| path | logId | string | yes | Delivery log entry ID |
Responses
| Status | Description | Content-Type | Schema |
|---|
| 200 | Delivery log entry | application/json | |
| 401 | Unauthorized | application/json | |
| 404 | Not found | application/json | |
200 application/json DeliveryLogResponse
{
"attempted_at": "2026-04-02T12:00:00Z",
"duration_ms": 0,
"error": "string",
"http_status": 0,
"id": "string",
"sender": "string",
"smtp_message_id": "string",
"webhook_id": "string"
}
401 application/json Error
{
"code": "string",
"error": "string"
}
404 application/json Error
{
"code": "string",
"error": "string"
}