OTP Email API
Programmatic access to disposable inboxes for developers — create inboxes, receive emails, and extract OTP codes via a simple REST API.
What the OTP Email API Does
OpenInbox provides a REST API that lets you create temporary email inboxes on demand, receive inbound messages with full body and attachment access, and delete them when no longer needed. All operations complete in milliseconds, returning structured JSON — no IMAP, no SMTP, no email server setup.
Use Cases
- Email-based signup and account activation testing
- 2FA / OTP code extraction and submission automation
- Password reset flow verification in CI pipelines
- Magic link delivery and click-through testing
- QA regression testing for transactional email flows
- Multi-tenant email routing in staging environments
Example — Create Inbox & Receive Email
const API_KEY = process.env.OPENINBOX_API_KEY;
const BASE = 'https://api.openinbox.io/api';
// 1. Create a disposable inbox
const inbox = await fetch(`${BASE}/inbox`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
}).then((r) => r.json());
console.log('Inbox:', inbox.email, '| Expires:', inbox.expiresAt);
// 2. Trigger your email flow (signup, reset, OTP…)
await triggerMyEmailFlow(inbox.email);
// 3. Poll for the email (max 30s)
let email;
for (let i = 0; i < 10; i++) {
await sleep(3000);
const { emails } = await fetch(
`${BASE}/inbound/api/emails?inboxEmail=${inbox.email}&limit=5`,
{ headers: { 'X-API-KEY': API_KEY } },
).then((r) => r.json());
if (emails.length > 0) { email = emails[0]; break; }
}
// 4. Extract OTP or link
const otp = email?.textBody?.match(/\b(\d{4,8})\b/)?.[1];
const link = email?.textBody?.match(/https?:\/\/[^\s"]+confirm[^\s"]*/)?.[0];
console.log({ otp, link });Fast
Inbox ready in < 200ms
Secure
TLS, no data retention after expiry
Simple
JSON REST, no SDK required
Frequently Asked Questions
What is the OpenInbox OTP Email used for?
The OpenInbox API lets you programmatically create disposable email inboxes, receive inbound messages, and read email content — all over REST. It is designed for developers who need to automate email verification in test pipelines, QA environments, or production systems.
How do I authenticate API requests?
All requests require an X-API-KEY header. You can generate an API key in your OpenInbox account settings. Free accounts have limited daily calls; Pro, Business, and 7-Day Pass plans have higher limits.
What does a typical API response look like?
POST /inbox returns an inbox object with id, email, and expiresAt. GET /inbound/api/emails returns a paginated array of email objects including subject, from, textBody, htmlBody, receivedAt, and isRead. Extract OTP codes with a regex on textBody (e.g. /\b\d{4,8}\b/).
Is there rate limiting?
Yes — free plans are rate-limited to prevent abuse. Pro, Business, and 7-Day Pass plans provide much higher limits and are suitable for CI/CD pipelines and bulk test generation.
Can I use this API in production?
Yes — the API is production-hardened and served over HTTPS with 99.9% uptime SLA on paid plans. Many developers use it for automated testing before deploying to production.
Related Pages
Explore More
Your private inbox is one click away
Free, instant, no registration needed. Works with any service. Expires automatically after 1 hour.