Skip to content
Sairaph Mail

Let your agent read its own verification codes

Agents constantly hit 'we emailed you a code.' Sairaph Mail gives the agent a real mailbox it owns, surfaces new mail in near real time, and a single ?live=true call fetches the code straight from source the moment it's needed.

Get startedSee the API
cURL
# Blocking on a one-time code? Fetch inbound straight from the source.
curl "https://mail.sairaph.com/api/v1/mailboxes/$MAILBOX_ID/messages?direction=inbound&live=true" \
  -H "Authorization: Bearer $SAIRAPH_MAIL_KEY"

Poll for the latest message with ?live=true.

Why teams trust Sairaph Mail

The code is in an inbox your agent can't reach

Sign-up flows, payment confirmations, and step-up checks all fall back to 'we emailed you a code.' If your agent is driving the flow, that code lands in a human's inbox — or a shared one nobody scoped to the agent — and the run stalls waiting for a copy-paste. Forwarding rules and scraping a personal account are brittle and break the moment a provider changes layout. Your agent needs a mailbox it owns, that it can read the instant something arrives.

How it works

  1. 01Create a mailbox the agent owns

    Order or connect a domain, provision a mailbox, and use that address wherever the agent signs up.

  2. 02Issue a read-scoped key

    A per-inbox sm_live_ key with the read role — enough to receive, nothing else.

    Shell
    # Keys are issued from the dashboard, not over REST — the issuance surface is
# deliberately not agent-callable, so a leaked key can never mint or revoke
# another. To get one: Dashboard → API keys → pick the mailbox + a role
# (read / read_write / management) + an optional expiry → copy the sm_live_…
# secret (it is shown ONCE). Then set it for your agent and pass it as the
# Bearer token on every REST + MCP call:
export SAIRAPH_MAIL_KEY="sm_live_…"

  3. 03Trigger the action that sends the code

    Your agent submits the form / requests the login; the provider emails the OTP to its mailbox.

  4. 04Fetch the code in real time

    A long-lived IMAP IDLE watcher surfaces new mail in near real time, with a poll fallback. When the agent is blocking, ?live=true fetches the body straight from source, falling back to cache if the source is briefly unreachable.

    cURL
    # Blocking on a one-time code? Fetch inbound straight from the source.
curl "https://mail.sairaph.com/api/v1/mailboxes/$MAILBOX_ID/messages?direction=inbound&live=true" \
  -H "Authorization: Bearer $SAIRAPH_MAIL_KEY"

  5. 05Parse and continue

    Extract the code from the message body and resume the flow — no human in the loop.

Read the code

Fetch the latest message straight from source the moment your agent is blocking, or list what's already cached.

Read (live)
# Blocking on a one-time code? Fetch inbound straight from the source.
curl "https://mail.sairaph.com/api/v1/mailboxes/$MAILBOX_ID/messages?direction=inbound&live=true" \
  -H "Authorization: Bearer $SAIRAPH_MAIL_KEY"

Cache by default; opt into a live fetch with ?live=true.

What this leans on

The capabilities behind real-time OTP reads.

  • Real-time inbound (?live=true)
  • REST API
  • Native MCP server
  • Scoped, expiring API keys
  • EU data residency

Frequently asked questions

Related

  • Inbox triage agent

    Go beyond codes: classify and reply to everything that lands.

    Learn more

  • For AI agent developers

    The full API contract for agents.

    Learn more

  • Transactional notifications

    The send side — confirmations and alerts.

    Learn more

Stop pasting codes into your agent

Give it a mailbox it can read in real time.

Get startedRead the quickstart

EU data residencyPer-customer encryptionNative MCP