Skip to content
Sairaph Mail

Email built for the agent, not the human

You're not looking for another webmail client. You need a mailbox an autonomous program can operate safely — scoped keys, idempotency, structured errors, real-time inbound, and a native MCP server so email is just another tool.

Read the quickstartAPI reference ↗
cURL
curl https://mail.sairaph.com/api/v1/mailboxes/$MAILBOX_ID/outbound \
  -H "Authorization: Bearer $SAIRAPH_MAIL_KEY" \
  -H "Idempotency-Key: $(uuidgen)" \
  -H "Content-Type: application/json" \
  -d '{
    "to": ["agent@acme.dev"],
    "subject": "Your verification code",
    "body_text": "Reply with APPROVE to continue."
  }'

Your agent's first call — over REST or MCP.

Why teams trust Sairaph Mail

Most email APIs assume a person is in the loop

Typical email products are built around a human clicking around a UI. Wire one into an agent and the gaps show: keys that are all-or-nothing and never expire, no idempotency so retries double-send, error blobs you can't branch on, no rate-limit signal to back off against, and inbound you have to poll a raw IMAP server for. Sairaph Mail is the inverse — every surface is shaped for a machine to act on safely and predictably.

How it works

  1. 01Issue a scoped, expiring key

    Per-inbox keys carry one role — read, read-write, or management — with an optional expiry, so an agent gets least privilege.

    Shell
    # Keys are issued from the dashboard, not over REST — the issuance surface is
# deliberately not agent-callable, so a leaked key can never mint or revoke
# another. To get one: Dashboard → API keys → pick the mailbox + a role
# (read / read_write / management) + an optional expiry → copy the sm_live_…
# secret (it is shown ONCE). Then set it for your agent and pass it as the
# Bearer token on every REST + MCP call:
export SAIRAPH_MAIL_KEY="sm_live_…"

  2. 02Send idempotently

    An Idempotency-Key header makes retries safe.

    cURL
    # Pass a unique Idempotency-Key on every mutating call so a retried request
# can never send the same email twice. On send the header is REQUIRED — the
# request is rejected without it.
curl https://mail.sairaph.com/api/v1/mailboxes/$MAILBOX_ID/outbound \
  -H "Authorization: Bearer $SAIRAPH_MAIL_KEY" \
  -H "Idempotency-Key: $(uuidgen)" \
  -H "Content-Type: application/json" \
  -d '{
    "to": ["agent@acme.dev"],
    "subject": "Your verification code",
    "body_text": "Reply with APPROVE to continue."
  }'

  3. 03Read errors you can branch on

    A Stripe-shaped envelope: type, code, message, param.

    JSON
    {
  "error": {
    "type": "resource_not_found",
    "code": "mailbox_not_found",
    "message": "No mailbox matches that id.",
    "param": "mailbox_id"
  }
}

  4. 04Back off on 429

    Hit the per-key limit and you get a 429 with Retry-After.

  5. 05Get inbound in real time

    IMAP IDLE plus a poll fallback, and ?live=true for an on-demand fetch.

    cURL
    # Blocking on a one-time code? Fetch inbound straight from the source.
curl "https://mail.sairaph.com/api/v1/mailboxes/$MAILBOX_ID/messages?direction=inbound&live=true" \
  -H "Authorization: Bearer $SAIRAPH_MAIL_KEY"

  6. 06Or skip REST entirely with MCP

    Point your MCP client at the endpoint and the mailbox's actions become tools.

    claude_desktop_config.json
    {
  "mcpServers": {
    "sairaph-mail": {
      "type": "streamable-http",
      "url": "https://mail.sairaph.com/mcp/v1/mcp",
      "headers": {
        "Authorization": "Bearer ${SAIRAPH_MAIL_KEY}"
      }
    }
  }
}

The core calls

Send, read, or wire up MCP — the same scoped key works across all three.

Send
curl https://mail.sairaph.com/api/v1/mailboxes/$MAILBOX_ID/outbound \
  -H "Authorization: Bearer $SAIRAPH_MAIL_KEY" \
  -H "Idempotency-Key: $(uuidgen)" \
  -H "Content-Type: application/json" \
  -d '{
    "to": ["agent@acme.dev"],
    "subject": "Your verification code",
    "body_text": "Reply with APPROVE to continue."
  }'

Send, read, or wire up MCP.

Every plan ships the full platform

No capability is gated behind a tier — these ship on every plan.

  • Native MCP server
  • REST API
  • Real-time inbound (?live=true)
  • Scoped, expiring API keys
  • Managed domain, DKIM & deliverability
  • Per-customer encryption
  • EU data residency
  • Optional two-factor authentication

Frequently asked questions

Related

  • Read OTP & verification codes

    Let an agent receive and read its own one-time codes in real time.

    Learn more

  • Inbox triage agent

    Watch an inbox, classify, draft and send replies — as MCP tools.

    Learn more

  • Multi-tenant SaaS inboxes

    A separate, encrypted mailbox per end-customer.

    Learn more

Build on a contract built for autonomous agents

Scoped keys, idempotency, MCP, real-time inbound.

Read the quickstartGet started

EU data residencyPer-customer encryptionNative MCP