Skip to main content

Bearer token

All requests require a Bearer token in the Authorization header. The token is sent with every JSON-RPC request.
When using an MCP client like Claude Code or Cursor, the header is configured once in the MCP server settings — see Quick setup.

Getting your API key

  1. Go to Settings > API in your InboxMate dashboard
  2. Click Generate API key
  3. Copy and store the key securely — it won’t be shown again
Keep your API key secret. Do not expose it in client-side code, public repositories, or logs.

Key management

  • You can generate multiple API keys per workspace
  • Revoke compromised keys immediately from the settings page
  • Each key is scoped to your workspace — it can only access your own agents, conversations, contacts, and knowledge

Security

  • API keys are hashed (SHA-256) before storage — we never store the raw key
  • Keys support optional expiration dates
  • All requests are scoped to your account — you cannot access other workspaces

Requirements

  • Business plan or higher is required for API access
  • Requests from lower-tier accounts receive a 403 error with a message indicating the required plan