API reference

Send email

Send transactional mail only from your verified custom domains over HTTPS — password resets, receipts, alerts, and similar event-driven messages. Not for newsletters or marketing bulk. One endpoint, domain-scoped API keys, delivery through AWS SES.

Overview

Endpointhttps://api.unbox.im/v1/email
MethodPOST
Content-Typeapplication/json
ScopeOne API key per custom domain

Generate keys in Account → Domains → your domain → API after DNS verification is complete. The full secret is shown once — store it securely. Optional SMTP credentials in the same Domains panel follow the same transactional-only rules.

Transactional mail only

Unbox HTTP API (POST /v1/email) and optional SMTP submission are for transactional mail only — messages tied to an account action, purchase, or operational event. They are not a newsletter or marketing broadcast service.

Permitted uses

  • Account verification, password resets, and security alerts
  • Order confirmations, receipts, shipping updates, and payment notices
  • Notifications triggered by a specific user or system event
  • Team and workspace messages (invites, assignments, internal alerts)

Prohibited uses

  • Newsletters, promotional campaigns, or broadcast marketing
  • Cold outreach or mail to purchased, scraped, or non-consenting lists
  • Affiliate spam, phishing, or deceptive content
  • Any attempt to bypass recipient caps, rate limits, or plan quotas

Rate and recipient limits

To protect recipients and deliverability, outbound API and SMTP traffic is subject to the limits below (in addition to your plan's monthly outbound quota). Enforcement is live on the web composer, HTTP API, and SMTP submission. The web composer warns after 25 recipients per message and blocks sends above 50.

LimitValue
Recipients per messageUp to 50 total (To + Cc + Bcc combined)
Unique recipients per dayUp to 1,000 per workspace
Send request rateUp to 10 API or SMTP submissions per minute per domain
Plan outbound quotaMonthly send limits on your subscription still apply

These rules are part of our Acceptable Use Policy. Automated enforcement is live on the web composer, HTTP API, and SMTP submission. Accounts that send marketing or bulk mail, or otherwise abuse sending infrastructure, may be throttled, suspended, or terminated.

We monitor deliverability signals. Sustained bounce rates above 3% or complaint rates above 0.1% may trigger a temporary send pause or manual review.

See our Terms of Service, Privacy Policy, and GDPR Statement for full policy details.

Authentication

Send your domain API key on every request:

Authorization: Bearer ubk_live_xxxxxxxxxxxxxxxxxxxxxxxx

Alternatively, use X-Api-Key: ubk_live_…. Keys are stored hashed; revoke or rotate from the Domains dashboard.

Request body

JSON with PascalCase field names (From, To, …). camelCase aliases are also accepted.

FieldRequiredDescription
FromYesSender — your personal mailbox on the key's domain (primary or alias). Shared queues are not valid senders.
ToYesRecipient(s) — string, comma-separated string, or array
SubjectYesSubject line
TextBodyOne of TextBody / HtmlBodyPlain text body
HtmlBodyOne of TextBody / HtmlBodyHTML body
CcNoCopy recipients
BccNoBlind copy recipients
ReplyToNoReply-To address
TagNoOptional metadata tag (stored with the send)

Example

{
  "From": "you@yourdomain.com",
  "To": "user@example.com",
  "Subject": "Welcome",
  "TextBody": "Thanks for signing up.",
  "HtmlBody": "<p>Thanks for signing up.</p>",
  "ReplyTo": "you@yourdomain.com",
  "Tag": "welcome"
}

Success response

HTTP 200 with JSON:

{
  "ErrorCode": 0,
  "Message": "OK",
  "MessageID": "0100018…-000000-…",
  "SubmittedAt": "2026-06-23T12:00:00.000Z",
  "To": "user@example.com"
}

Error responses

Errors return 4xx (or 500 for unexpected failures) with JSON:

{
  "ErrorCode": 300,
  "Message": "TextBody or HtmlBody is required."
}
ErrorCodeMeaning
0Success
10Missing API key
11Invalid or revoked key, or domain not verified for sending
300Validation error (missing fields, invalid JSON, etc.)
403From address not allowed — must be your personal mailbox on the key's domain
406SES rejected the message

Examples

Replace you@yourdomain.com with your personal mailbox on the domain and use your own API key.

curl "https://api.unbox.im/v1/email" \
  -H "Authorization: Bearer ubk_live_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
  "From": "you@yourdomain.com",
  "To": "user@example.com",
  "Subject": "Welcome",
  "TextBody": "Thanks for signing up.",
  "HtmlBody": "<p>Thanks for signing up.</p>",
  "ReplyTo": "you@yourdomain.com",
  "Tag": "welcome"
}'

Getting started

  1. Create an Unbox account and add your custom domain.
  2. Complete all DNS verification steps in Domains.
  3. Open Domains → your domain → API and generate a domain key.
  4. Send your first message with the examples above.
Unbox — API Docs | Unbox.im