OpenInbox.io

📱 OpenInbox is now on Android & iOS! Get the app today.

GET IT ONGoogle PlayDownload on theApp Store

OpenInbox on Telegram

Get a temp inbox right inside Telegram.

Open Telegram bot

Custom domains

Use your own domain on paid plans.

Learn More
Email Testing • /postman

/postman Email Testing

Test signup, OTP, and verification-email flows in Postman — create a disposable inbox, poll it, and extract the code with pm.* test scripts, then run it in CI with Newman.

Get API KeyAPI Reference

Postman is great for exercising your own API, but verification flows depend on an email you can’t normally see from a collection. With the OpenInbox API you create a disposable inbox in one request, poll a second request until the email lands, and pull the OTP out of textBody in a test script. The whole collection then runs in CI with Newman. Everything below uses the real OpenInbox endpoints.

How the flow works

  • Request 1 "Create inbox" → POST /api/inbox (no auth); a test script saves the email to an environment variable.
  • Request 2 "Trigger" → hit your own app so it sends the verification email to that address.
  • Request 3 "Poll for email" → GET /api/inbound/api/emails?inboxEmail={{inbox_email}} with X-API-KEY; the test script loops until an email arrives and extracts the OTP.
  • Use the captured {{otp}} variable in the next request to complete verification.

Setup

Create a Postman environment with two variables: base_url = https://api.openinbox.io/api and openinbox_api_key = your premium key. The inbox_email and otp variables are filled in at run time by the test scripts. Never hard-code the key into the collection.

environment (variables)json
{
  "base_url": "https://api.openinbox.io/api",
  "openinbox_api_key": "your-premium-api-key",
  "inbox_email": "",
  "otp": ""
}

Request 1 — Create inbox

Method POST, URL {{base_url}}/inbox, no auth header. In the request’s Tests tab, save the generated address so later requests can poll it.

"Create inbox" → Testsjavascript
// POST {{base_url}}/inbox
const inbox = pm.response.json();
pm.environment.set("inbox_email", inbox.email);
pm.test("Inbox created", () => {
  pm.expect(inbox.email).to.include("@");
  pm.expect(inbox).to.have.property("id");
});

Request 3 — Poll for the email and extract the OTP

Method GET, URL {{base_url}}/inbound/api/emails?inboxEmail={{inbox_email}}, with a header X-API-KEY: {{openinbox_api_key}}. The Tests script below loops by re-running itself via postman.setNextRequest until an email arrives (cap the attempts so it can never loop forever), then pulls the OTP from textBody. Pair it with Newman’s --delay-request so each retry waits ~2 seconds.

"Poll for email" → Testsjavascript
// GET {{base_url}}/inbound/api/emails?inboxEmail={{inbox_email}}
// Header: X-API-KEY: {{openinbox_api_key}}
const { emails } = pm.response.json();
const attempts = (pm.environment.get("attempts") || 0) + 1;
pm.environment.set("attempts", attempts);

if (emails.length === 0 && attempts < 15) {
  // Re-run this request; pair with: newman run ... --delay-request 2000
  postman.setNextRequest("Poll for email");
} else {
  pm.environment.unset("attempts");
  pm.test("Verification email arrived", () =>
    pm.expect(emails.length).to.be.above(0),
  );
  const otp = (emails[0].textBody.match(/\b\d{4,8}\b/) || [])[0];
  pm.environment.set("otp", otp);
  pm.test("OTP extracted", () => pm.expect(otp).to.match(/^\d{4,8}$/));
}

Running it in CI with Newman

Export the collection and environment, then run them with Newman. --delay-request spaces out the polling retries, and you inject the API key at run time so it never lives in the exported files.

terminalbash
npm i -g newman

newman run openinbox.postman_collection.json \
  -e openinbox.postman_environment.json \
  --delay-request 2000 \
  --env-var "openinbox_api_key=$OPENINBOX_API_KEY"

Common pitfalls

  • Postman has no built-in "wait" — loop a request with postman.setNextRequest and always cap the attempt count, or a missing email will loop forever.
  • Pair the polling loop with Newman --delay-request 2000 (or a small sleep). Without a delay, the retries hammer the endpoint instantly and hit rate limits.
  • The poll request must send X-API-KEY: {{openinbox_api_key}}; creating the inbox does not. A 401/403 on the poll means the key is missing or the plan is not premium.
  • Read emails[0].textBody — there is no parsed code field. Match /\b\d{4,8}\b/ and narrow it if your emails contain other numbers.
  • Unset the attempts counter once an email arrives (as shown) so a re-run of the collection starts clean.

Frequently Asked Questions

Can Postman receive emails?

Not directly — but it can create a disposable inbox with POST /api/inbox and poll GET /api/inbound/api/emails, so the whole verification flow lives inside one Postman collection.

How do I poll until the email arrives in Postman?

Re-run the polling request from its Tests script with postman.setNextRequest("Poll for email"), guarded by an attempt counter, and run Newman with --delay-request 2000 so each retry waits ~2 seconds.

Do I need an API key?

Creating an inbox is unauthenticated; polling emails requires a premium X-API-KEY. Store it in the environment as openinbox_api_key and pass it to Newman via --env-var at run time.

How do I extract the OTP in a test script?

In the poll request’s Tests tab, run emails[0].textBody.match(/\b\d{4,8}\b/) and save the result with pm.environment.set("otp", ...) for the next request to use.

Can I run this in CI/CD?

Yes — export the collection and environment and run them with Newman in any pipeline. It only makes HTTPS calls, so no mail server or open ports are required.

Related Pages

Cypress Email Testing — Test OTP & Verification FlowsSelenium Email Testing — Automate Email VerificationNodejs Temp Email APIPython Temp Email APIJava Temp Email API

Explore More

Temp EmailDisposable EmailFor DevelopersAPI DocsBlogChrome Extension

Your private inbox is one click away

Free, instant, no registration needed. Works with any service. Expires automatically after 1 hour.

View API Docs