API v1
Boring on purpose.
Scoped Bearer keys, JSON everywhere, idempotent sends, and a standards-based MCP endpoint.
Send an email
curl https://api.terriblemail.com/v1/emails \
-H 'Authorization: Bearer tm_live_…' \
-H 'Content-Type: application/json' \
-H 'Idempotency-Key: invoice-1842' \
-d '{
"from": "quiet-lantern-k7m2qd9x@terriblemail.com",
"to": ["person@example.com"],
"subject": "Hello from a tiny script",
"text": "It worked."
}'Use it as an MCP server
{
"mcpServers": {
"terriblemail": {
"url": "https://api.terriblemail.com/mcp",
"headers": {
"Authorization": "Bearer tm_live_…"
}
}
}
}Authentication
Pass an API key as Authorization: Bearer …. Keys are shown once, stored as SHA-256 hashes, and can be scoped, recipient-restricted, expiring, and rate-limited.
Idempotency
Give send requests an Idempotency-Key. The same key returns the original message for 24 hours.
Errors
REST errors use {"error":{"code":"…","message":"…"}} with meaningful HTTP statuses.
Key scopes
send sends mail; account:read reads account and usage data; messages:read reads message data and raw-message links; inboxes:read lists inboxes; and inboxes:write creates or deletes inboxes. Give scripts and agents only the scopes they need.