Docs

API reference

Use the OneForMail REST API to get a disposable email address and read the incoming OTP. Authenticate programmatic calls with an API key you create in the dashboard.

Authentication

Programmatic requests are authenticated with an API key. Create one from API keys in your dashboard. Two methods are supported:

Authorization: Bearer ofm_live_xxx      # recommended
?api-key=ofm_live_xxx                    # backwards compatible

Base URL

https://oneformail.com
GET/get_mail

Returns a random active disposable email address and reserves $0.002 (hold) from your balance.

ParameterRequiredDescription
api-keyYesCustomer key
domainYesmail | mail.com | email | email.com
fromYesExpected sender (e.g. twitch.tv)
curl "https://oneformail.com/get_mail?api-key=$KEY&domain=mail&from=twitch.tv"

# 200
{ "mail": "abc@mail.com", "domain": "mail.com", "from": "twitch.tv",
  "balance": 9.998, "currency": "USD", "charged": 0.002 }
GET/get_otp

Scans the inbox for the given email address for ~80s; if a matching message arrives, returns its contents and captures the charge.

ParameterRequiredDescription
api-keyYesCustomer key
mailYesThe address returned by /get_mail
curl "https://oneformail.com/get_otp?api-key=$KEY&mail=abc@mail.com"

# 200 (code found)
{ "mail": "abc@mail.com", "subject": "522322 - Your code",
  "sender": "Twitch <no-reply@twitch.tv>", "pending": false }
GET/release

Releases the reservation when no mail arrives; the hold is refunded. (Backwards compatible: /cancel.)

ParameterRequiredDescription
api-keyYesCustomer key
mailYesThe email address to release
curl "https://oneformail.com/release?api-key=$KEY&mail=abc@mail.com"

# 200
{ "released": true, "refunded": true, "balance": 10.000 }
GET/balance

Returns your current balance and the per-OTP unit price.

ParameterRequiredDescription
api-keyYesCustomer key
curl "https://oneformail.com/balance?api-key=$KEY"

# 200
{ "balance": 9.998, "currency": "USD", "mail_cost": 0.002 }

Dashboard API

Wallet, transaction history, key management and billing endpoints live under /api/v1/* and are authenticated with the session cookie plus a CSRF token.