API Reference

Conduit API

Conduit bridges inbound SMTP to outbound HTTP webhooks. This REST API manages accounts, sessions, webhooks, and domain ownership.

Version 1.0.0 /api/v1

Sessions

Authentication and session management

POST /api/v1/sessions

Sign in

ID: createSession Sessions

Responses

200
Either a full session (access_token + refresh_token) or a TOTP challenge when 2FA is enabled on the account.
application/json
any
401
Invalid credentials
application/json
Error
200 — any
"value"
401 — Error
{
  "code": "string",
  "error": "string"
}
{
  "email": "string",
  "password": "string"
}
curl -X POST "/api/v1/sessions"
  -H "Content-Type: application/json"
  -d '{"email": "string","password": "string"}'

200 Response application/json

any 
"value"

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
DELETE /api/v1/sessions Auth

Sign out

ID: deleteSession Sessions

Responses

204
Signed out
401
Unauthorized
application/json
Error
401 — Error
{
  "code": "string",
  "error": "string"
}
{
  "refresh_token": "string"
}
curl -X DELETE "/api/v1/sessions"
  -H "Authorization: Bearer <token>"
  -H "Content-Type: application/json"
  -d '{"refresh_token": "string"}'

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
POST /api/v1/sessions/2fa

Complete sign-in with TOTP code

ID: completeTOTPSession Sessions2FA

Responses

200
Session tokens
application/json
SessionResponse
401
Invalid TOTP code or challenge token
application/json
Error
200 — SessionResponse
{
  "access_token": "string",
  "expires_in": 0,
  "refresh_token": "string"
}
401 — Error
{
  "code": "string",
  "error": "string"
}
{
  "code": "string",
  "totp_token": "string"
}
curl -X POST "/api/v1/sessions/2fa"
  -H "Content-Type: application/json"
  -d '{"code": "string","totp_token": "string"}'

200 Response application/json

SessionResponse 
{
  "access_token": "string",
  "expires_in": 0,
  "refresh_token": "string"
}

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
POST /api/v1/sessions/refresh

Refresh access token

ID: refreshSession Sessions

Responses

200
New tokens issued
application/json
SessionResponse
401
Invalid or expired refresh token
application/json
Error
200 — SessionResponse
{
  "access_token": "string",
  "expires_in": 0,
  "refresh_token": "string"
}
401 — Error
{
  "code": "string",
  "error": "string"
}
{
  "refresh_token": "string"
}
curl -X POST "/api/v1/sessions/refresh"
  -H "Content-Type: application/json"
  -d '{"refresh_token": "string"}'

200 Response application/json

SessionResponse 
{
  "access_token": "string",
  "expires_in": 0,
  "refresh_token": "string"
}

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

Accounts

Account management operations

POST /api/v1/accounts

Sign up

ID: createAccount Accounts

Responses

201
Account created
application/json
AccountResponse
409
Email already registered
application/json
Error
422
Validation error
application/json
Error
201 — AccountResponse
{
  "created_at": "2026-04-02T12:00:00Z",
  "email": "string",
  "id": "string",
  "timezone": "string",
  "updated_at": "2026-04-02T12:00:00Z"
}
409 — Error
{
  "code": "string",
  "error": "string"
}
422 — Error
{
  "code": "string",
  "error": "string"
}
{
  "email": "string",
  "password": "string"
}
curl -X POST "/api/v1/accounts"
  -H "Content-Type: application/json"
  -d '{"email": "string","password": "string"}'

201 Response application/json

AccountResponse 
{
  "created_at": "2026-04-02T12:00:00Z",
  "email": "string",
  "id": "string",
  "timezone": "string",
  "updated_at": "2026-04-02T12:00:00Z"
}

409 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

422 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
GET /api/v1/accounts/me Auth

Get current account

ID: getAccount Accounts

Responses

200
Account details
application/json
AccountResponse
401
Unauthorized
application/json
Error
200 — AccountResponse
{
  "created_at": "2026-04-02T12:00:00Z",
  "email": "string",
  "id": "string",
  "timezone": "string",
  "updated_at": "2026-04-02T12:00:00Z"
}
401 — Error
{
  "code": "string",
  "error": "string"
}
curl -X GET "/api/v1/accounts/me"
  -H "Authorization: Bearer <token>"

200 Response application/json

AccountResponse 
{
  "created_at": "2026-04-02T12:00:00Z",
  "email": "string",
  "id": "string",
  "timezone": "string",
  "updated_at": "2026-04-02T12:00:00Z"
}

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
DELETE /api/v1/accounts/me Auth

Delete account

ID: deleteAccount Accounts

Responses

204
Account deleted
401
Unauthorized
application/json
Error
422
Validation error (confirm not set to true)
application/json
Error
401 — Error
{
  "code": "string",
  "error": "string"
}
422 — Error
{
  "code": "string",
  "error": "string"
}
{
  "confirm": true,
  "password": "string"
}
curl -X DELETE "/api/v1/accounts/me"
  -H "Authorization: Bearer <token>"
  -H "Content-Type: application/json"
  -d '{"confirm": true,"password": "string"}'

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

422 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
PUT /api/v1/accounts/me/timezone Auth

Update timezone

ID: updateTimezone Accounts

Responses

204
Timezone updated
401
Unauthorized
application/json
Error
422
Invalid timezone
application/json
Error
401 — Error
{
  "code": "string",
  "error": "string"
}
422 — Error
{
  "code": "string",
  "error": "string"
}
{
  "timezone": "string"
}
curl -X PUT "/api/v1/accounts/me/timezone"
  -H "Authorization: Bearer <token>"
  -H "Content-Type: application/json"
  -d '{"timezone": "string"}'

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

422 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
POST /api/v1/accounts/me/password-reset

Request password reset

ID: requestPasswordReset Accounts

Responses

202
Reset email sent (always returned; never reveals whether address exists)
{
  "email": "string"
}
curl -X POST "/api/v1/accounts/me/password-reset"
  -H "Content-Type: application/json"
  -d '{"email": "string"}'
PUT /api/v1/accounts/me/password Auth

Change password

ID: changePassword Accounts

Responses

204
Password changed
401
Unauthorized
application/json
Error
422
Validation error
application/json
Error
401 — Error
{
  "code": "string",
  "error": "string"
}
422 — Error
{
  "code": "string",
  "error": "string"
}
{
  "current_password": "string",
  "new_password": "string"
}
curl -X PUT "/api/v1/accounts/me/password"
  -H "Authorization: Bearer <token>"
  -H "Content-Type: application/json"
  -d '{"current_password": "string","new_password": "string"}'

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

422 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
PUT /api/v1/accounts/me/password-reset

Confirm password reset

ID: confirmPasswordReset Accounts

Responses

204
Password reset successful
401
Token invalid or expired
application/json
Error
422
Validation error
application/json
Error
401 — Error
{
  "code": "string",
  "error": "string"
}
422 — Error
{
  "code": "string",
  "error": "string"
}
{
  "new_password": "string",
  "token": "string"
}
curl -X PUT "/api/v1/accounts/me/password-reset"
  -H "Content-Type: application/json"
  -d '{"new_password": "string","token": "string"}'

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

422 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

Domains

Domain management operations

GET /api/v1/domains Auth

List domains

ID: listDomains Domains

Responses

200
List of domains
application/json
array<DomainResponse>
401
Unauthorized
application/json
Error
200 — array<DomainResponse>
[
  {
    "account_id": "string",
    "created_at": "2026-04-02T12:00:00Z",
    "id": "string",
    "is_public": true,
    "name": "string",
    "updated_at": "2026-04-02T12:00:00Z",
    "verification_token": "string",
    "verified": true
  }
]
401 — Error
{
  "code": "string",
  "error": "string"
}
curl -X GET "/api/v1/domains"
  -H "Authorization: Bearer <token>"

200 Response application/json

array<DomainResponse> 
[
  {
    "account_id": "string",
    "created_at": "2026-04-02T12:00:00Z",
    "id": "string",
    "is_public": true,
    "name": "string",
    "updated_at": "2026-04-02T12:00:00Z",
    "verification_token": "string",
    "verified": true
  }
]

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
POST /api/v1/domains Auth

Claim a domain

ID: createDomainClaim Domains

Responses

201
Domain claimed
application/json
DomainResponse
401
Unauthorized
application/json
Error
409
Domain already claimed
application/json
Error
422
Invalid domain name
application/json
Error
201 — DomainResponse
{
  "account_id": "string",
  "created_at": "2026-04-02T12:00:00Z",
  "id": "string",
  "is_public": true,
  "name": "string",
  "updated_at": "2026-04-02T12:00:00Z",
  "verification_token": "string",
  "verified": true
}
401 — Error
{
  "code": "string",
  "error": "string"
}
409 — Error
{
  "code": "string",
  "error": "string"
}
422 — Error
{
  "code": "string",
  "error": "string"
}
{
  "name": "string"
}
curl -X POST "/api/v1/domains"
  -H "Authorization: Bearer <token>"
  -H "Content-Type: application/json"
  -d '{"name": "string"}'

201 Response application/json

DomainResponse 
{
  "account_id": "string",
  "created_at": "2026-04-02T12:00:00Z",
  "id": "string",
  "is_public": true,
  "name": "string",
  "updated_at": "2026-04-02T12:00:00Z",
  "verification_token": "string",
  "verified": true
}

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

409 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

422 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
GET /api/v1/domains/{id} Auth

Get domain

ID: getDomain Domains

Parameters

id required string path
Domain ID

Responses

200
Domain details
application/json
DomainResponse
401
Unauthorized
application/json
Error
404
Not found
application/json
Error
200 — DomainResponse
{
  "account_id": "string",
  "created_at": "2026-04-02T12:00:00Z",
  "id": "string",
  "is_public": true,
  "name": "string",
  "updated_at": "2026-04-02T12:00:00Z",
  "verification_token": "string",
  "verified": true
}
401 — Error
{
  "code": "string",
  "error": "string"
}
404 — Error
{
  "code": "string",
  "error": "string"
}
curl -X GET "/api/v1/domains/{id}"
  -H "Authorization: Bearer <token>"

200 Response application/json

DomainResponse 
{
  "account_id": "string",
  "created_at": "2026-04-02T12:00:00Z",
  "id": "string",
  "is_public": true,
  "name": "string",
  "updated_at": "2026-04-02T12:00:00Z",
  "verification_token": "string",
  "verified": true
}

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

404 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
DELETE /api/v1/domains/{id} Auth

Delete domain

ID: deleteDomain Domains

Parameters

id required string path
Domain ID

Responses

204
Domain deleted
401
Unauthorized
application/json
Error
404
Not found
application/json
Error
401 — Error
{
  "code": "string",
  "error": "string"
}
404 — Error
{
  "code": "string",
  "error": "string"
}
curl -X DELETE "/api/v1/domains/{id}"
  -H "Authorization: Bearer <token>"

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

404 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
POST /api/v1/domains/{id}/verify Auth

Trigger DNS TXT verification for a domain

ID: verifyDomain Domains

Parameters

id required string path
Domain ID

Responses

200
Domain verified
application/json
DomainResponse
401
Unauthorized
application/json
Error
404
Not found
application/json
Error
422
DNS TXT record not found or does not match
application/json
Error
200 — DomainResponse
{
  "account_id": "string",
  "created_at": "2026-04-02T12:00:00Z",
  "id": "string",
  "is_public": true,
  "name": "string",
  "updated_at": "2026-04-02T12:00:00Z",
  "verification_token": "string",
  "verified": true
}
401 — Error
{
  "code": "string",
  "error": "string"
}
404 — Error
{
  "code": "string",
  "error": "string"
}
422 — Error
{
  "code": "string",
  "error": "string"
}
curl -X POST "/api/v1/domains/{id}/verify"
  -H "Authorization: Bearer <token>"

200 Response application/json

DomainResponse 
{
  "account_id": "string",
  "created_at": "2026-04-02T12:00:00Z",
  "id": "string",
  "is_public": true,
  "name": "string",
  "updated_at": "2026-04-02T12:00:00Z",
  "verification_token": "string",
  "verified": true
}

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

404 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

422 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

SMTP Policies

SMTP security policy management

GET /api/v1/smtp-policies Auth

List SMTP security policies

ID: listSmtpSecurityPolicies SMTP Policies

Responses

200
List of SMTP security policies
application/json
array<SmtpSecurityPolicyResponse>
401
Unauthorized
application/json
Error
200 — array<SmtpSecurityPolicyResponse>
[
  {
    "allowed_dkim_domains": "string",
    "allowed_source_ips": "string",
    "allowed_spf_domains": "string",
    "created_at": "2026-04-02T12:00:00Z",
    "id": "string",
    "name": "string",
    "require_dkim": true,
    "require_smtp_auth": true,
    "require_spf": true,
    "smtp_credentials": "string",
    "updated_at": "2026-04-02T12:00:00Z"
  }
]
401 — Error
{
  "code": "string",
  "error": "string"
}
curl -X GET "/api/v1/smtp-policies"
  -H "Authorization: Bearer <token>"

200 Response application/json

array<SmtpSecurityPolicyResponse> 
[
  {
    "allowed_dkim_domains": "string",
    "allowed_source_ips": "string",
    "allowed_spf_domains": "string",
    "created_at": "2026-04-02T12:00:00Z",
    "id": "string",
    "name": "string",
    "require_dkim": true,
    "require_smtp_auth": true,
    "require_spf": true,
    "smtp_credentials": "string",
    "updated_at": "2026-04-02T12:00:00Z"
  }
]

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
POST /api/v1/smtp-policies Auth

Create SMTP security policy

ID: createSmtpSecurityPolicy SMTP Policies

Responses

201
Policy created
application/json
SmtpSecurityPolicyResponse
401
Unauthorized
application/json
Error
422
Validation error
application/json
Error
201 — SmtpSecurityPolicyResponse
{
  "allowed_dkim_domains": "string",
  "allowed_source_ips": "string",
  "allowed_spf_domains": "string",
  "created_at": "2026-04-02T12:00:00Z",
  "id": "string",
  "name": "string",
  "require_dkim": true,
  "require_smtp_auth": true,
  "require_spf": true,
  "smtp_credentials": "string",
  "updated_at": "2026-04-02T12:00:00Z"
}
401 — Error
{
  "code": "string",
  "error": "string"
}
422 — Error
{
  "code": "string",
  "error": "string"
}
{
  "allowed_dkim_domains": "string",
  "allowed_source_ips": "string",
  "allowed_spf_domains": "string",
  "name": "string",
  "require_dkim": true,
  "require_smtp_auth": true,
  "require_spf": true,
  "smtp_credentials": "string"
}
curl -X POST "/api/v1/smtp-policies"
  -H "Authorization: Bearer <token>"
  -H "Content-Type: application/json"
  -d '{"allowed_dkim_domains": "string","allowed_source_ips": "string","allowed_spf_domains": "string","name": "string","require_dkim": true,"require_smtp_auth": true,"require_spf": true,"smtp_credentials": "string"}'

201 Response application/json

SmtpSecurityPolicyResponse 
{
  "allowed_dkim_domains": "string",
  "allowed_source_ips": "string",
  "allowed_spf_domains": "string",
  "created_at": "2026-04-02T12:00:00Z",
  "id": "string",
  "name": "string",
  "require_dkim": true,
  "require_smtp_auth": true,
  "require_spf": true,
  "smtp_credentials": "string",
  "updated_at": "2026-04-02T12:00:00Z"
}

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

422 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
GET /api/v1/smtp-policies/{id} Auth

Get SMTP security policy

ID: getSmtpSecurityPolicy SMTP Policies

Parameters

id required string path
SMTP security policy ID

Responses

200
Policy details
application/json
SmtpSecurityPolicyResponse
401
Unauthorized
application/json
Error
404
Not found
application/json
Error
200 — SmtpSecurityPolicyResponse
{
  "allowed_dkim_domains": "string",
  "allowed_source_ips": "string",
  "allowed_spf_domains": "string",
  "created_at": "2026-04-02T12:00:00Z",
  "id": "string",
  "name": "string",
  "require_dkim": true,
  "require_smtp_auth": true,
  "require_spf": true,
  "smtp_credentials": "string",
  "updated_at": "2026-04-02T12:00:00Z"
}
401 — Error
{
  "code": "string",
  "error": "string"
}
404 — Error
{
  "code": "string",
  "error": "string"
}
curl -X GET "/api/v1/smtp-policies/{id}"
  -H "Authorization: Bearer <token>"

200 Response application/json

SmtpSecurityPolicyResponse 
{
  "allowed_dkim_domains": "string",
  "allowed_source_ips": "string",
  "allowed_spf_domains": "string",
  "created_at": "2026-04-02T12:00:00Z",
  "id": "string",
  "name": "string",
  "require_dkim": true,
  "require_smtp_auth": true,
  "require_spf": true,
  "smtp_credentials": "string",
  "updated_at": "2026-04-02T12:00:00Z"
}

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

404 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
PUT /api/v1/smtp-policies/{id} Auth

Update SMTP security policy

ID: updateSmtpSecurityPolicy SMTP Policies

Parameters

id required string path
SMTP security policy ID

Responses

200
Updated policy
application/json
SmtpSecurityPolicyResponse
401
Unauthorized
application/json
Error
404
Not found
application/json
Error
422
Validation error
application/json
Error
200 — SmtpSecurityPolicyResponse
{
  "allowed_dkim_domains": "string",
  "allowed_source_ips": "string",
  "allowed_spf_domains": "string",
  "created_at": "2026-04-02T12:00:00Z",
  "id": "string",
  "name": "string",
  "require_dkim": true,
  "require_smtp_auth": true,
  "require_spf": true,
  "smtp_credentials": "string",
  "updated_at": "2026-04-02T12:00:00Z"
}
401 — Error
{
  "code": "string",
  "error": "string"
}
404 — Error
{
  "code": "string",
  "error": "string"
}
422 — Error
{
  "code": "string",
  "error": "string"
}
{
  "allowed_dkim_domains": "string",
  "allowed_source_ips": "string",
  "allowed_spf_domains": "string",
  "name": "string",
  "require_dkim": true,
  "require_smtp_auth": true,
  "require_spf": true,
  "smtp_credentials": "string"
}
curl -X PUT "/api/v1/smtp-policies/{id}"
  -H "Authorization: Bearer <token>"
  -H "Content-Type: application/json"
  -d '{"allowed_dkim_domains": "string","allowed_source_ips": "string","allowed_spf_domains": "string","name": "string","require_dkim": true,"require_smtp_auth": true,"require_spf": true,"smtp_credentials": "string"}'

200 Response application/json

SmtpSecurityPolicyResponse 
{
  "allowed_dkim_domains": "string",
  "allowed_source_ips": "string",
  "allowed_spf_domains": "string",
  "created_at": "2026-04-02T12:00:00Z",
  "id": "string",
  "name": "string",
  "require_dkim": true,
  "require_smtp_auth": true,
  "require_spf": true,
  "smtp_credentials": "string",
  "updated_at": "2026-04-02T12:00:00Z"
}

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

404 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

422 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
DELETE /api/v1/smtp-policies/{id} Auth

Delete SMTP security policy

ID: deleteSmtpSecurityPolicy SMTP Policies

Parameters

id required string path
SMTP security policy ID

Responses

204
Policy deleted
401
Unauthorized
application/json
Error
404
Not found
application/json
Error
401 — Error
{
  "code": "string",
  "error": "string"
}
404 — Error
{
  "code": "string",
  "error": "string"
}
curl -X DELETE "/api/v1/smtp-policies/{id}"
  -H "Authorization: Bearer <token>"

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

404 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

Webhooks

Webhook management and delivery logs

GET /api/v1/webhooks Auth

List webhooks

ID: listWebhooks Webhooks

Responses

200
List of webhooks
application/json
array<WebhookResponse>
401
Unauthorized
application/json
Error
200 — array<WebhookResponse>
[
  {
    "active": true,
    "address": "string",
    "created_at": "2026-04-02T12:00:00Z",
    "custom_headers": {
      "key": "value"
    },
    "id": "string",
    "payload_template": "string",
    "rate_limit": 0,
    "secret": "string",
    "smtp_security_policy_id": "string",
    "target_url": "string",
    "updated_at": "2026-04-02T12:00:00Z"
  }
]
401 — Error
{
  "code": "string",
  "error": "string"
}
curl -X GET "/api/v1/webhooks"
  -H "Authorization: Bearer <token>"

200 Response application/json

array<WebhookResponse> 
[
  {
    "active": true,
    "address": "string",
    "created_at": "2026-04-02T12:00:00Z",
    "custom_headers": {
      "key": "value"
    },
    "id": "string",
    "payload_template": "string",
    "rate_limit": 0,
    "secret": "string",
    "smtp_security_policy_id": "string",
    "target_url": "string",
    "updated_at": "2026-04-02T12:00:00Z"
  }
]

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
POST /api/v1/webhooks Auth

Create webhook

ID: createWebhook Webhooks

Responses

201
Webhook created (includes secret)
application/json
WebhookResponse
401
Unauthorized
application/json
Error
409
Address already registered
application/json
Error
422
Validation error
application/json
Error
201 — WebhookResponse
{
  "active": true,
  "address": "string",
  "created_at": "2026-04-02T12:00:00Z",
  "custom_headers": {
    "key": "value"
  },
  "id": "string",
  "payload_template": "string",
  "rate_limit": 0,
  "secret": "string",
  "smtp_security_policy_id": "string",
  "target_url": "string",
  "updated_at": "2026-04-02T12:00:00Z"
}
401 — Error
{
  "code": "string",
  "error": "string"
}
409 — Error
{
  "code": "string",
  "error": "string"
}
422 — Error
{
  "code": "string",
  "error": "string"
}
{
  "active": true,
  "address": "string",
  "custom_headers": {
    "key": "value"
  },
  "payload_template": "string",
  "rate_limit": 0,
  "secret": "string",
  "smtp_security_policy_id": "string",
  "target_url": "string"
}
curl -X POST "/api/v1/webhooks"
  -H "Authorization: Bearer <token>"
  -H "Content-Type: application/json"
  -d '{"active": true,"address": "string","custom_headers": {"key": "value"},"payload_template": "string","rate_limit": 0,"secret": "string","smtp_security_policy_id": "string","target_url": "string"}'

201 Response application/json

WebhookResponse 
{
  "active": true,
  "address": "string",
  "created_at": "2026-04-02T12:00:00Z",
  "custom_headers": {
    "key": "value"
  },
  "id": "string",
  "payload_template": "string",
  "rate_limit": 0,
  "secret": "string",
  "smtp_security_policy_id": "string",
  "target_url": "string",
  "updated_at": "2026-04-02T12:00:00Z"
}

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

409 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

422 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
GET /api/v1/webhooks/{id} Auth

Get webhook

ID: getWebhook Webhooks

Parameters

id required string path
Webhook ID

Responses

200
Webhook details
application/json
WebhookResponse
401
Unauthorized
application/json
Error
404
Not found
application/json
Error
200 — WebhookResponse
{
  "active": true,
  "address": "string",
  "created_at": "2026-04-02T12:00:00Z",
  "custom_headers": {
    "key": "value"
  },
  "id": "string",
  "payload_template": "string",
  "rate_limit": 0,
  "secret": "string",
  "smtp_security_policy_id": "string",
  "target_url": "string",
  "updated_at": "2026-04-02T12:00:00Z"
}
401 — Error
{
  "code": "string",
  "error": "string"
}
404 — Error
{
  "code": "string",
  "error": "string"
}
curl -X GET "/api/v1/webhooks/{id}"
  -H "Authorization: Bearer <token>"

200 Response application/json

WebhookResponse 
{
  "active": true,
  "address": "string",
  "created_at": "2026-04-02T12:00:00Z",
  "custom_headers": {
    "key": "value"
  },
  "id": "string",
  "payload_template": "string",
  "rate_limit": 0,
  "secret": "string",
  "smtp_security_policy_id": "string",
  "target_url": "string",
  "updated_at": "2026-04-02T12:00:00Z"
}

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

404 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
PUT /api/v1/webhooks/{id} Auth

Update webhook

ID: updateWebhook Webhooks

Parameters

id required string path
Webhook ID

Responses

200
Updated webhook
application/json
WebhookResponse
401
Unauthorized
application/json
Error
404
Not found
application/json
Error
409
Address already registered
application/json
Error
422
Validation error
application/json
Error
200 — WebhookResponse
{
  "active": true,
  "address": "string",
  "created_at": "2026-04-02T12:00:00Z",
  "custom_headers": {
    "key": "value"
  },
  "id": "string",
  "payload_template": "string",
  "rate_limit": 0,
  "secret": "string",
  "smtp_security_policy_id": "string",
  "target_url": "string",
  "updated_at": "2026-04-02T12:00:00Z"
}
401 — Error
{
  "code": "string",
  "error": "string"
}
404 — Error
{
  "code": "string",
  "error": "string"
}
409 — Error
{
  "code": "string",
  "error": "string"
}
422 — Error
{
  "code": "string",
  "error": "string"
}
{
  "active": true,
  "address": "string",
  "clear_security_policy": true,
  "custom_headers": {
    "key": "value"
  },
  "payload_template": "string",
  "rate_limit": 0,
  "secret": "string",
  "smtp_security_policy_id": "string",
  "target_url": "string"
}
curl -X PUT "/api/v1/webhooks/{id}"
  -H "Authorization: Bearer <token>"
  -H "Content-Type: application/json"
  -d '{"active": true,"address": "string","clear_security_policy": true,"custom_headers": {"key": "value"},"payload_template": "string","rate_limit": 0,"secret": "string","smtp_security_policy_id": "string","target_url": "string"}'

200 Response application/json

WebhookResponse 
{
  "active": true,
  "address": "string",
  "created_at": "2026-04-02T12:00:00Z",
  "custom_headers": {
    "key": "value"
  },
  "id": "string",
  "payload_template": "string",
  "rate_limit": 0,
  "secret": "string",
  "smtp_security_policy_id": "string",
  "target_url": "string",
  "updated_at": "2026-04-02T12:00:00Z"
}

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

404 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

409 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

422 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
DELETE /api/v1/webhooks/{id} Auth

Delete webhook

ID: deleteWebhook Webhooks

Parameters

id required string path
Webhook ID

Responses

204
Webhook deleted
401
Unauthorized
application/json
Error
404
Not found
application/json
Error
401 — Error
{
  "code": "string",
  "error": "string"
}
404 — Error
{
  "code": "string",
  "error": "string"
}
curl -X DELETE "/api/v1/webhooks/{id}"
  -H "Authorization: Bearer <token>"

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

404 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
GET /api/v1/webhooks/{id}/logs Auth

List delivery logs for a webhook

ID: listDeliveryLogs Webhooks

Parameters

id required string path
Webhook ID
page integer query
Page number (1-based)
page_size integer query
Number of results per page

Responses

200
List of delivery logs
application/json
array<DeliveryLogResponse>
401
Unauthorized
application/json
Error
404
Webhook not found
application/json
Error
200 — array<DeliveryLogResponse>
[
  {
    "attempted_at": "2026-04-02T12:00:00Z",
    "duration_ms": 0,
    "error": "string",
    "http_status": 0,
    "id": "string",
    "sender": "string",
    "simulated": true,
    "smtp_message_id": "string",
    "webhook_id": "string"
  }
]
401 — Error
{
  "code": "string",
  "error": "string"
}
404 — Error
{
  "code": "string",
  "error": "string"
}
curl -X GET "/api/v1/webhooks/{id}/logs"
  -H "Authorization: Bearer <token>"

200 Response application/json

array<DeliveryLogResponse> 
[
  {
    "attempted_at": "2026-04-02T12:00:00Z",
    "duration_ms": 0,
    "error": "string",
    "http_status": 0,
    "id": "string",
    "sender": "string",
    "simulated": true,
    "smtp_message_id": "string",
    "webhook_id": "string"
  }
]

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

404 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
POST /api/v1/webhooks/{id}/simulate Auth

Simulate an incoming email and trigger the webhook

Constructs a synthetic email message and delivers it to the webhook target, recording the result in the delivery log with a simulated flag.

ID: simulateWebhook Webhooks

Parameters

id required string path
Webhook ID

Responses

200
Delivery attempt completed (check http_status / error for outcome)
application/json
SimulateWebhookResponse
401
Unauthorized
application/json
Error
404
Webhook not found
application/json
Error
200 — SimulateWebhookResponse
{
  "duration_ms": 0,
  "error": "string",
  "http_status": 0,
  "simulated": true
}
401 — Error
{
  "code": "string",
  "error": "string"
}
404 — Error
{
  "code": "string",
  "error": "string"
}
{
  "from": "string",
  "subject": "string",
  "text": "string"
}
curl -X POST "/api/v1/webhooks/{id}/simulate"
  -H "Authorization: Bearer <token>"
  -H "Content-Type: application/json"
  -d '{"from": "string","subject": "string","text": "string"}'

200 Response application/json

SimulateWebhookResponse 
{
  "duration_ms": 0,
  "error": "string",
  "http_status": 0,
  "simulated": true
}

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

404 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
GET /api/v1/webhooks/{id}/logs/{logId} Auth

Get a single delivery log entry

ID: getDeliveryLog Webhooks

Parameters

id required string path
Webhook ID
logId required string path
Delivery log entry ID

Responses

200
Delivery log entry
application/json
DeliveryLogResponse
401
Unauthorized
application/json
Error
404
Not found
application/json
Error
200 — DeliveryLogResponse
{
  "attempted_at": "2026-04-02T12:00:00Z",
  "duration_ms": 0,
  "error": "string",
  "http_status": 0,
  "id": "string",
  "sender": "string",
  "simulated": true,
  "smtp_message_id": "string",
  "webhook_id": "string"
}
401 — Error
{
  "code": "string",
  "error": "string"
}
404 — Error
{
  "code": "string",
  "error": "string"
}
curl -X GET "/api/v1/webhooks/{id}/logs/{logId}"
  -H "Authorization: Bearer <token>"

200 Response application/json

DeliveryLogResponse 
{
  "attempted_at": "2026-04-02T12:00:00Z",
  "duration_ms": 0,
  "error": "string",
  "http_status": 0,
  "id": "string",
  "sender": "string",
  "simulated": true,
  "smtp_message_id": "string",
  "webhook_id": "string"
}

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

404 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

2FA

Two-factor authentication

DELETE /api/v1/accounts/me/2fa Auth

Disable TOTP two-factor authentication

ID: disableTOTP 2FA

Responses

204
TOTP disabled
401
Invalid TOTP code
application/json
Error
422
TOTP not enabled
application/json
Error
401 — Error
{
  "code": "string",
  "error": "string"
}
422 — Error
{
  "code": "string",
  "error": "string"
}
{
  "code": "string"
}
curl -X DELETE "/api/v1/accounts/me/2fa"
  -H "Authorization: Bearer <token>"
  -H "Content-Type: application/json"
  -d '{"code": "string"}'

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

422 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
POST /api/v1/accounts/me/2fa/backup-codes Auth

Regenerate TOTP backup codes

ID: regenerateBackupCodes 2FA

Responses

200
New backup codes
application/json
BackupCodesResponse
401
Invalid TOTP code
application/json
Error
422
TOTP not enabled
application/json
Error
200 — BackupCodesResponse
{
  "backup_codes": [
    "string"
  ]
}
401 — Error
{
  "code": "string",
  "error": "string"
}
422 — Error
{
  "code": "string",
  "error": "string"
}
{
  "code": "string"
}
curl -X POST "/api/v1/accounts/me/2fa/backup-codes"
  -H "Authorization: Bearer <token>"
  -H "Content-Type: application/json"
  -d '{"code": "string"}'

200 Response application/json

BackupCodesResponse 
{
  "backup_codes": [
    "string"
  ]
}

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

422 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
POST /api/v1/accounts/me/2fa/enable Auth

Enable TOTP two-factor authentication

ID: enableTOTP 2FA

Responses

200
TOTP enabled; backup codes returned
application/json
BackupCodesResponse
401
Invalid TOTP code
application/json
Error
409
TOTP already enabled
application/json
Error
422
TOTP not set up yet
application/json
Error
200 — BackupCodesResponse
{
  "backup_codes": [
    "string"
  ]
}
401 — Error
{
  "code": "string",
  "error": "string"
}
409 — Error
{
  "code": "string",
  "error": "string"
}
422 — Error
{
  "code": "string",
  "error": "string"
}
{
  "code": "string"
}
curl -X POST "/api/v1/accounts/me/2fa/enable"
  -H "Authorization: Bearer <token>"
  -H "Content-Type: application/json"
  -d '{"code": "string"}'

200 Response application/json

BackupCodesResponse 
{
  "backup_codes": [
    "string"
  ]
}

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

409 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

422 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
POST /api/v1/accounts/me/2fa/setup Auth

Set up TOTP two-factor authentication

ID: setupTOTP 2FA

Responses

200
TOTP setup details
application/json
SetupTOTPResponse
401
Unauthorized
application/json
Error
200 — SetupTOTPResponse
{
  "otpauth_url": "string",
  "qr_code_png": "string",
  "secret": "string"
}
401 — Error
{
  "code": "string",
  "error": "string"
}
curl -X POST "/api/v1/accounts/me/2fa/setup"
  -H "Authorization: Bearer <token>"

200 Response application/json

SetupTOTPResponse 
{
  "otpauth_url": "string",
  "qr_code_png": "string",
  "secret": "string"
}

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

API Tokens

Long-lived API token management

GET /api/v1/accounts/me/api-tokens Auth

List API tokens

ID: listAPITokens API Tokens

Responses

200
List of API tokens
application/json
array<APITokenResponse>
401
Unauthorized
application/json
Error
200 — array<APITokenResponse>
[
  {
    "allowed_ips": [
      "string"
    ],
    "created_at": "2026-04-02T12:00:00Z",
    "expires_at": "2026-04-02T12:00:00Z",
    "id": "string",
    "last_used_at": "2026-04-02T12:00:00Z",
    "name": "string",
    "token": "string"
  }
]
401 — Error
{
  "code": "string",
  "error": "string"
}
curl -X GET "/api/v1/accounts/me/api-tokens"
  -H "Authorization: Bearer <token>"

200 Response application/json

array<APITokenResponse> 
[
  {
    "allowed_ips": [
      "string"
    ],
    "created_at": "2026-04-02T12:00:00Z",
    "expires_at": "2026-04-02T12:00:00Z",
    "id": "string",
    "last_used_at": "2026-04-02T12:00:00Z",
    "name": "string",
    "token": "string"
  }
]

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
POST /api/v1/accounts/me/api-tokens Auth

Create an API token

ID: createAPIToken API Tokens

Responses

201
Token created
application/json
APITokenResponse
401
Unauthorized
application/json
Error
422
Validation error
application/json
Error
201 — APITokenResponse
{
  "allowed_ips": [
    "string"
  ],
  "created_at": "2026-04-02T12:00:00Z",
  "expires_at": "2026-04-02T12:00:00Z",
  "id": "string",
  "last_used_at": "2026-04-02T12:00:00Z",
  "name": "string",
  "token": "string"
}
401 — Error
{
  "code": "string",
  "error": "string"
}
422 — Error
{
  "code": "string",
  "error": "string"
}
{
  "allowed_ips": [
    "string"
  ],
  "expires_in": 0,
  "name": "string"
}
curl -X POST "/api/v1/accounts/me/api-tokens"
  -H "Authorization: Bearer <token>"
  -H "Content-Type: application/json"
  -d '{"allowed_ips": ["string"],"expires_in": 0,"name": "string"}'

201 Response application/json

APITokenResponse 
{
  "allowed_ips": [
    "string"
  ],
  "created_at": "2026-04-02T12:00:00Z",
  "expires_at": "2026-04-02T12:00:00Z",
  "id": "string",
  "last_used_at": "2026-04-02T12:00:00Z",
  "name": "string",
  "token": "string"
}

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

422 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}
DELETE /api/v1/accounts/me/api-tokens/{id} Auth

Revoke an API token

ID: deleteAPIToken API Tokens

Parameters

id required string path

Responses

204
Token revoked
401
Unauthorized
application/json
Error
404
Not found
application/json
Error
401 — Error
{
  "code": "string",
  "error": "string"
}
404 — Error
{
  "code": "string",
  "error": "string"
}
curl -X DELETE "/api/v1/accounts/me/api-tokens/{id}"
  -H "Authorization: Bearer <token>"

401 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}

404 Response application/json

Error 
{
  "code": "string",
  "error": "string"
}