API Reference

REST API
Reference

Complete reference for all 71+ REST API endpoints. Authentication methods, request/response formats, and curl examples for every operation.

JWT + API Keys71+ EndpointsRate LimitedJSON APIOpenAPI Compatible

Authentication

Three Authentication Methods

PostMTA supports JWT Bearer tokens, API key headers, and API key Bearer tokens.

JWT Bearer Token

Obtain a JWT by logging in, then include it in the Authorization header.

# Login
curl -X POST /api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"admin@co.com","password":"..."}'

# Use token
curl /api/v1/credits \
  -H "Authorization: Bearer eyJhbG..."

API Key (Header)

Create scoped API keys and use them via the X-API-Key header.

curl /api/v1/credits \
  -H "X-API-Key: pmta_a1b2c3d4_..."

API Key (Bearer)

API keys can also be used as Bearer tokens for convenience.

curl /api/v1/credits \
  -H "Authorization: Bearer pmta_a1b2c3d4_..."

Endpoints

Complete API Endpoint Reference

All API groups with HTTP methods, paths, and descriptions. Every endpoint returns JSON.

Health & Metrics

Method	Path	Description
GET	/health	Service health check (no auth required)
GET	/metrics	Prometheus and JSON metrics

Authentication

Method	Path	Description
POST	/api/v1/auth/register	Register a new user and organization
POST	/api/v1/auth/login	Login with email and password, returns JWT
GET	/api/v1/auth/me	Get current authenticated user details

Users

Method	Path	Description
GET	/api/v1/users	List all users in organization
GET	/api/v1/users/:id	Get user details
PUT	/api/v1/users/:id/role	Update user role

Credits

Method	Path	Description
GET	/api/v1/credits	Get all credit balances
GET	/api/v1/credits/:type	Get specific credit type balance
POST	/api/v1/credits/consume	Consume credits
GET	/api/v1/credits/usage	Credit usage history
GET	/api/v1/credits/packages	Available credit packages
GET	/api/v1/credits/alerts	Credit alert thresholds
POST	/api/v1/credits/alerts	Set credit alert threshold

API Keys

Method	Path	Description
POST	/api/v1/api-keys	Create a new API key
GET	/api/v1/api-keys	List all API keys
GET	/api/v1/api-keys/:id	Get API key details
POST	/api/v1/api-keys/:id/rotate	Rotate API key
DELETE	/api/v1/api-keys/:id	Delete an API key

Messages

Method	Path	Description
POST	/api/v1/messages/send	Send a single email message
POST	/api/v1/messages/batch	Send up to 100 messages in one request
GET	/api/v1/messages	List messages with pagination and filters
GET	/api/v1/messages/:id	Get message by ID
POST	/api/v1/messages/:id/cancel	Cancel a queued message
POST	/api/v1/messages/simulate-delivery	Simulate delivery for testing

Queues

Method	Path	Description
GET	/api/v1/queues/status	Queue status overview
GET	/api/v1/queues	List all queues
POST	/api/v1/queues/:id/:action	Queue action (flush, hold, release)

Domains

Method	Path	Description
POST	/api/v1/domains	Create domain with DKIM key generation
GET	/api/v1/domains	List all domains
GET	/api/v1/domains/:id	Get domain details
POST	/api/v1/domains/:id/verify	Verify domain DNS configuration
POST	/api/v1/domains/:id/rotate-dkim	Rotate DKIM keys
PUT	/api/v1/domains/:id/bimi	Update BIMI configuration
DELETE	/api/v1/domains/:id	Delete a domain

vMTAs

Method	Path	Description
POST	/api/v1/vmtas	Create a virtual MTA
GET	/api/v1/vmtas	List all vMTAs
GET	/api/v1/vmtas/:id	Get vMTA details
PUT	/api/v1/vmtas/:id	Update vMTA configuration
POST	/api/v1/vmtas/:id/pause	Pause vMTA sending
POST	/api/v1/vmtas/:id/resume	Resume vMTA sending
GET	/api/v1/vmtas/:id/warmup	Get warmup status
GET	/api/v1/vmtas/:id/queue	Get vMTA queue status
DELETE	/api/v1/vmtas/:id	Delete a vMTA

Webhooks & Tracking

Method	Path	Description
POST	/api/v1/webhooks	Create a webhook endpoint
GET	/api/v1/webhooks	List all webhooks
GET	/api/v1/webhooks/:id	Get webhook details
PUT	/api/v1/webhooks/:id	Update webhook configuration
POST	/api/v1/webhooks/:id/test	Send test event to webhook
GET	/api/v1/webhooks/:id/deliveries	Get webhook delivery logs
DELETE	/api/v1/webhooks/:id	Delete a webhook
GET	/track/open/:id	Open tracking pixel (1x1 transparent GIF)
GET	/track/click/:token	Click tracking redirect

Security

Method	Path	Description
GET	/api/v1/security/status	Security system status overview
GET	/api/v1/security/greylisting/stats	Greylisting statistics
GET	/api/v1/security/greylisting/config	Greylisting configuration
POST	/api/v1/security/dnsbl/check	Check IP against DNS blocklists
GET	/api/v1/security/dnsbl/blocklists	Configured blocklists
POST	/api/v1/security/dnsbl/clear-cache	Clear DNSBL cache
POST	/api/v1/security/spam-score	Analyze message spam score
POST	/api/v1/security/av-scan	Scan attachment for viruses
GET	/api/v1/security/auto-block/rules	List auto-block rules
POST	/api/v1/security/auto-block/toggle	Toggle auto-block rule
GET	/api/v1/security/auto-block/active	Get active blocks
POST	/api/v1/security/auto-block/:id/resolve	Resolve an auto-block

Analytics

Method	Path	Description
GET	/api/v1/analytics/summary	Delivery summary statistics
GET	/api/v1/analytics/timeseries	Time-series delivery data
GET	/api/v1/analytics/breakdown	Delivery breakdown by dimension
GET	/api/v1/analytics/isp	ISP-level delivery analytics
GET	/api/v1/analytics/trend	Delivery trend analysis
GET	/api/v1/analytics/bounce-reasons	Bounce reason categorization
GET	/api/v1/analytics/report	Generate delivery report
GET	/api/v1/analytics/export	Export analytics as CSV

Billing

Method	Path	Description
GET	/api/v1/billing/plan	Get current plan details
POST	/api/v1/billing/upgrade	Upgrade plan
POST	/api/v1/billing/downgrade	Downgrade plan
POST	/api/v1/billing/checkout	Create checkout session
GET	/api/v1/billing/invoices	List invoices
GET	/api/v1/billing/usage-rollup	Usage rollup by period
GET	/api/v1/billing/organization	Get organization billing details

Examples

Common API Operations

Curl examples for the most common API operations.

Send an Email

curl -X POST https://mail.yourdomain.com/api/v1/messages/send \
  -H "Authorization: Bearer YOUR_JWT" \
  -H "Content-Type: application/json" \
  -d '{
    "from": "sender@yourdomain.com",
    "to": ["recipient@example.com"],
    "subject": "Hello from PostMTA",
    "html": "<h1>Hello!</h1><p>Test message.</p>",
    "track_opens": true,
    "track_clicks": true
  }'

Batch Send (100 messages)

curl -X POST https://mail.yourdomain.com/api/v1/messages/batch \
  -H "Authorization: Bearer YOUR_JWT" \
  -H "Content-Type: application/json" \
  -d '{
    "messages": [
      {"from":"noreply@co.com","to":["a@test.com"],"subject":"Hi A","text":"Hello A"},
      {"from":"noreply@co.com","to":["b@test.com"],"subject":"Hi B","text":"Hello B"}
    ],
    "batch_id": "campaign_spring_2026"
  }'

Create Domain with DKIM

curl -X POST https://mail.yourdomain.com/api/v1/domains \
  -H "Authorization: Bearer YOUR_JWT" \
  -H "Content-Type: application/json" \
  -d '{"domain":"example.com","dkim_selector":"pmta"}'

Check Credit Balances

curl -X GET https://mail.yourdomain.com/api/v1/credits \
  -H "Authorization: Bearer YOUR_JWT"

Analytics Summary (7 days)

curl -X GET "https://mail.yourdomain.com/api/v1/analytics/summary?period=7d" \
  -H "Authorization: Bearer YOUR_JWT"

Start Using the API

Deploy PostMTA and start sending email through the API in under 30 minutes. Built on KumoMTA for enterprise-grade performance.

Request a Demoarrow_forward Back to Docs

REST APIReference

Three Authentication Methods

JWT Bearer Token

API Key (Header)

API Key (Bearer)

Complete API Endpoint Reference

Health & Metrics

Authentication

Users

Credits

API Keys

Messages

Queues

Domains

vMTAs

Webhooks & Tracking

Security

Analytics

Billing

Common API Operations

Send an Email

Batch Send (100 messages)

Create Domain with DKIM

Check Credit Balances

Analytics Summary (7 days)

Start Using the API

REST API
Reference