Authentication

The SMTP API uses JWT bearer tokens to authenticate requests. You can view and manage your API keys via the auth API endpoints.

Your JWT bearer tokens carry many privileges, so be sure to keep them secure! Do not share your tokens via publicly accessible areas such as GitHub, client-side code, and so forth.

Authentication to the API is performed via HTTP Basic Auth. Provide your API key as the basic auth username value. You do not need to provide a password.

If you need to authenticate via bearer auth (e.g., for a cross-origin request), use -H "Authorization: Bearer RPqH8iq9xHd7ayjQc2Qkg4j>jv/HUdWH" instead of -u RPqH8iq9xHd7ayjQc2Qkg4j>jv/HUdWH.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

POST https://api.smtpd.dev/oauth/token?grant_type=password

This endpoint allows you to login and retrieve your JWT access token & refresh token.

Headers

Name

Type

Description

Authorization

string

Basic: Base64(username:password) OR Base64(key:secret)

{
  "token_type": "bearer",
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY2NvdW50X2lkIjoiNDFkZmM2NTYtNWJmNi00YzgxLWI0ODUtZTcxMTFhNmEzMDQxIiwiZXhwIjoxNTk5MTI3OTU3LCJpZCI6IjQ4ZmFmNzEwLTc4MTgtNDk0ZC1hMjQ3LTIzZGI3MjFkNmZlYSIsImlzX2FjY291bnRfdmVyaWZpZWQiOmZhbHNlLCJpc3MiOiJTTVRQRCBJbmMiLCJuYW1lIjoiIiwic2NvcGUiOlsxXSwic3ViIjoiamFjay50cnVvbmdAamFtZXNoYXJkaWUuY29tIiwic3ViamVjdCI6ImphY2sudHJ1b25nQGphbWVzaGFyZGllLmNvbSJ9.lE0XewYrOZDCevHINLGodAQ8RJH5nSr9GnY60ZwqWfk",
  "expires_at": 1712531293539,
  "Scope": [
    "admin"
  ],
  "refresh_token": "6f4T4ws_JPkwCu9xOkul7ZkTxPyL_eB-6TFZBgITCyuV86r-yU7aF5Y4_8Y4Y7-4fzqstRDdaVX1R49ND-wkjXUMe4B3EXngkkP7sg_dP8nE7yuem3HF0sUmfVyiInhU"
}

Refresh Access Token

POST https://api.smtpd.dev/oauth/token?grant_type=refresh_token

This endpoint allows you refresh your access token.

Request Body

Name

Type

Description

refresh_token

string

Refresh Token

{
  "token_type": "bearer",
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY2NvdW50X2lkIjoiNDFkZmM2NTYtNWJmNi00YzgxLWI0ODUtZTcxMTFhNmEzMDQxIiwiZXhwIjoxNTk5MTI4MjAzLCJpZCI6IjQ4ZmFmNzEwLTc4MTgtNDk0ZC1hMjQ3LTIzZGI3MjFkNmZlYSIsImlzX2FjY291bnRfdmVyaWZpZWQiOmZhbHNlLCJpc3MiOiJTTVRQRCBJbmMiLCJuYW1lIjoiIiwic2NvcGUiOlsxXSwic3ViIjoiamFjay50cnVvbmdAamFtZXNoYXJkaWUuY29tIiwic3ViamVjdCI6ImphY2sudHJ1b25nQGphbWVzaGFyZGllLmNvbSJ9.zUOD-Zf3mfcMF56ex5J__3KmWFNSKQrVyY5ZE28Uu3M",
  "expires_at": 1712531293539,
  "Scope": [
    "admin"
  ],
  "refresh_token": "6f4T4ws_JPkwCu9xOkul7ZkTxPyL_eB-6TFZBgITCyuV86r-yU7aF5Y4_8Y4Y7-4fzqstRDdaVX1R49ND-wkjXUMe4B3EXngkkP7sg_dP8nE7yuem3HF0sUmfVyiInhU"
}

Revoke refresh token (Logout)

POST https://api.smtpd.dev/oauth/revoke

Headers

Name

Type

Description

Authentication

string

Bearer {access_token}

Request Body

Name

Type

Description

refresh_token

string

Refresh Token to be revoked

null

Get Me

GET https://api.smtpd.dev/oauth/me

This endpoint returns the logged in users details.

Headers

Name

Type

Description

Authentication

string

Bearer {access_token}

{
  "id": "19ab52c7-da60-4dd2-af27-19f17d6afe37",
  "account_id": "811affc1-66c7-4982-b39e-29f9536b4720",
  "email_address": "[email protected]",
  "first_name": "Jack",
  "surname": "Truong",
  "gravatar_url": "",
  "is_owner": true,
  "is_verified": false,
  "created_at_utc": 1598610725000,
  "modified_at_utc": 1598610725000
}

PreviousCreate Account NextSending Profile

Last updated 1 year ago

hashtagGrant Token (Login)

hashtagHeaders

hashtagRefresh Access Token

hashtagRequest Body

hashtagRevoke refresh token (Logout)

hashtagHeaders

hashtagRequest Body

hashtagGet Me

hashtagHeaders

Grant Token (Login)

Headers

Refresh Access Token

Request Body

Revoke refresh token (Logout)

Headers

Request Body

Get Me

Headers