API reference
Use the OneForMail REST API to get a disposable email address and read the incoming OTP. Authenticate programmatic calls with an API key you create in the dashboard.
Authentication
Programmatic requests are authenticated with an API key. Create one from API keys in your dashboard. Two methods are supported:
Authorization: Bearer ofm_live_xxx # recommended ?api-key=ofm_live_xxx # backwards compatible
Base URL
/get_mailReturns a random active disposable email address and reserves $0.002 (hold) from your balance.
| Parameter | Required | Description |
|---|---|---|
| api-key | Yes | Customer key |
| domain | Yes | mail | mail.com | email | email.com |
| from | Yes | Expected sender (e.g. twitch.tv) |
curl "https://oneformail.com/get_mail?api-key=$KEY&domain=mail&from=twitch.tv"
# 200
{ "mail": "abc@mail.com", "domain": "mail.com", "from": "twitch.tv",
"balance": 9.998, "currency": "USD", "charged": 0.002 }/get_otpScans the inbox for the given email address for ~80s; if a matching message arrives, returns its contents and captures the charge.
| Parameter | Required | Description |
|---|---|---|
| api-key | Yes | Customer key |
| Yes | The address returned by /get_mail |
curl "https://oneformail.com/get_otp?api-key=$KEY&mail=abc@mail.com"
# 200 (code found)
{ "mail": "abc@mail.com", "subject": "522322 - Your code",
"sender": "Twitch <no-reply@twitch.tv>", "pending": false }/releaseReleases the reservation when no mail arrives; the hold is refunded. (Backwards compatible: /cancel.)
| Parameter | Required | Description |
|---|---|---|
| api-key | Yes | Customer key |
| Yes | The email address to release |
curl "https://oneformail.com/release?api-key=$KEY&mail=abc@mail.com"
# 200
{ "released": true, "refunded": true, "balance": 10.000 }/balanceReturns your current balance and the per-OTP unit price.
| Parameter | Required | Description |
|---|---|---|
| api-key | Yes | Customer key |
curl "https://oneformail.com/balance?api-key=$KEY"
# 200
{ "balance": 9.998, "currency": "USD", "mail_cost": 0.002 }Dashboard API
Wallet, transaction history, key management and billing endpoints live under /api/v1/* and are authenticated with the session cookie plus a CSRF token.