Base URL
All API requests should be made to:Authentication
Authenticate using an API key from the Sendmux app. Pass it as a Bearer token in theAuthorization header.
Permissions
Each endpoint requires a specific permission. Keys with wildcard permissions (e.g.domain.*) satisfy any permission in that namespace, and the built-in root:full role includes every wildcard.
| Endpoint group | Required permission(s) |
|---|---|
| Sending accounts | provider.read for reads; provider.create for custom SMTP account creation and sending-account limit requests; provider.update for edits, activation, connection tests, and shared Amazon SES limit requests; provider.delete for delete. |
| Email metrics | analytics.read |
| Email logs | logs.read |
| Billing | billing.read |
| Domains | domain.read for reads; domain.create, domain.verify, domain.delete for the matching mutations. |
| Mailboxes | mailbox.admin.read for reads; mailbox.admin.create for create; mailbox.admin.delete for delete; mailbox.admin.manage for update, filter management, and per-mailbox API-key management. |
| Webhooks | webhook.read for reads; webhook.create, webhook.update, webhook.delete for the matching mutations; webhook.manage for rotate-secret and test. |
Response format
All responses use a consistent JSON envelope.Success
Paginated success
List endpoints include apagination object alongside data.
Error
retryable flag distinguishes transient failures (back off and retry) from permanent ones (fix the request). See the errors reference for the full envelope shape, the accumulated errors[] array on validation failures, and the Retry-After header semantics for 429/503.
Errors
| HTTP status | Error code | Default retryable | Description |
|---|---|---|---|
| 400 | invalid_parameter | false | Bad query parameter format or syntactic body validation failure. |
| 400 | missing_parameter | false | Required parameter missing. |
| 401 | authentication_required | false | No or invalid API key. |
| 403 | insufficient_permissions | false | Key lacks required permission. |
| 404 | not_found | false | Resource does not exist or belongs to a different team. |
| 409 | conflict | false | Resource state forbids the operation (e.g. If-Match mismatch). |
| 409 | limit_exceeded | false | Team resource limit reached for a create request. |
| 409 | idempotency_conflict | false | Idempotency-Key reused with a different body or while in-flight. |
| 413 | payload_too_large | false | Request body exceeds the server-side size limit. |
| 422 | validation_error | false | Body parsed but violates a semantic rule. |
| 429 | rate_limit_exceeded | true | Rate limit hit. Retry-After header included. |
| 500 | internal_error | true | Unexpected server error. |
| 503 | service_unavailable | true | Downstream component briefly unavailable. May include Retry-After. |
Rate limits
Each Management API key is rate-limited to 600 requests per 60 seconds. Sending API keys are limited separately to 1,800 requests per 60 seconds on the Sending API. See the Sending API introduction. Every response carries the current rate-limit state plus a request identifier:X-Request-Id matches meta.request_id in the JSON envelope. Include it when contacting support.
When the limit is exceeded, the API returns a 429 status with a Retry-After header indicating how many seconds to wait before retrying.
Conditional requests
EveryGET that returns a single resource emits a weak ETag. Send it back on the next request to avoid transferring unchanged data, and use If-Match on writes that document the header for optimistic concurrency control.
If-None-Matchon aGET: if the resource is unchanged, the API responds304 Not Modifiedwith no body. Reuse your cached copy.If-Matchon aPATCH,PUT, or supportedDELETE: if the resource changed since you fetched it, the API responds409 conflictso you do not overwrite a concurrent update. Re-fetch, reapply your change, and retry.
GETs, and on the Sending API.
Sending account management
Use the Management API’s Sending accounts group to manage accounts used by the Sending API. Custom SMTP accounts support full create, read, update, delete, activation, deactivation, usage, and connection-test flows. Connected account setup still starts in the Sendmux app. After connection, the API can read, activate, deactivate, delete, and update safe account metadata. The shared Amazon SES account is protected. You can read it, activate or deactivate it, and request a daily limit increase. You cannot edit its credentials, quotas, routing weight, sender defaults, or delete it through the API.Conventions
- snake_case fields in all JSON responses
- UTC ISO 8601 timestamps in RFC 3339 format:
2026-03-19T10:30:00Z - Public IDs only. Private numeric IDs are never exposed.
Cache-Control: no-storeon all responses- JSON only. Use
Content-Type: application/json.