Developer docs · Rate-limited public endpoints

Temporary Email API for Developers

Use the MyTempMail temporary email API to create disposable inboxes, receive verification emails, and test signup flows.

Good fit for

Testing signup and verification email flows without exposing a personal inbox.
Building lightweight QA checks for apps that send onboarding or one-time emails.
Creating privacy-friendly disposable inboxes for low-risk browsing and downloads.

API endpoints

GET /api/settings

Fetch allowed domains, address rules, expiration options, Turnstile visibility, and public limits.

POST /api/address

Create a temporary receive-only address. Optional body fields include domain, name, expiry, and cf_token. Send a stable x-fingerprint header when possible.

Example response: token, address, expires_in, and verified. Store the token privately; it grants access to the temporary mailbox.

GET /api/address/:token

Read the active address, expiration timestamp, remaining TTL, and refresh count.

POST /api/address/refresh

Extend an active mailbox within the public refresh limit. Free mailboxes can currently be refreshed once.

GET /api/mails/:token

Poll message summaries for an active temporary mailbox. Query fields include limit and offset. The maximum limit is 50.

GET /api/mail/:token/:id

Fetch the subject, sender metadata, text body, HTML body, and attachment metadata.

GET /api/attachment/:token/:emailId/:attId

Download an attachment after verifying that the token owns the mailbox and message.

DELETE /api/mail/:token/:id

Delete one message and its stored attachment objects from an active mailbox.

Public limits

Address creation: 3 per IP and 3 per fingerprint per 24 hours.
Mailbox lifetime: 10 minutes, 30 minutes, or 1 hour; maximum 1 hour.
Mailbox refresh: 1 free refresh per mailbox.
Inbox storage: 10 messages per free mailbox.
Polling: 900 per token per hour and 1800 per IP per hour.
Message reads: 240 per token per hour and 600 per IP per hour.

Error codes and access rules

Common status codes are 400 for invalid input, 403 for required verification or refresh limits, 404 for expired or missing resources, 409 for active custom-address conflicts, 429 for rate limits, and 500 for temporary server errors.

Public endpoints are rate limited to prevent abuse. Server-side scripts and browser extensions are the best fit. External web pages may be limited by CORS. Temporary inbox tokens should be treated like passwords because anyone with the token can read that temporary inbox.

Chrome extension

Use the MyTempMail Chrome extension to generate, copy, refresh, and check temporary inboxes from the browser toolbar.

MyTempMail Chrome Extension · Chrome Web Store listing

Compare temporary email APIs

Review the documented benchmark table, downloadable CSV/JSON data, and official source links.

Temporary Email API Benchmark 2026