inbox
voidash API

API.

Throwaway email over plain HTTP. Plain REST, a live SSE stream, and the server pulls the verification code or magic link out of the email for you. No password, no SDK. Made for scripts and AI agents: create an inbox, use it to sign up, ask for the code.

REST + JSON SSE realtime OTP auto-extract await-a-code no signup

Auth

No password. Call POST /inboxes with no auth and you get a session_key back (just once). Send it as Authorization: Bearer <key> on every other call. Lose the key and you lose access to those inboxes, so store it.

Quickstart

bash 
# 1. get an address (and your session key)
RESP=$(curl -s -X POST https://api.voidash.com/api/v1/inboxes)
TM_KEY=$(echo "$RESP" | jq -r .session_key)
ID=$(echo "$RESP" | jq -r .id)
echo "$RESP" | jq -r .address

# 2. … paste the address into a signup, then wait for the code:
curl -s "https://api.voidash.com/api/v1/inboxes/$ID/otp?wait=60" \
  -H "Authorization: Bearer $TM_KEY" | jq -r .code
# → 624810

Wait for a verification code

The server finds the one-time code (any format) or magic link in the email for you. Add ?wait=N and the request stays open until it lands, so your whole flow is just create inbox, sign up, get code. No SSE setup, no regex, no polling loops.

curl 
# trigger your signup, then just wait for the code:
curl "https://api.voidash.com/api/v1/inboxes/$ID/otp?wait=60" \
  -H "Authorization: Bearer $TM_KEY"
response 
{
  "code": "624810",
  "message_id": "3e0d…",
  "from_addr": "noreply@github.com",
  "subject": "Your code is 624810",
  "received_at": "2026-06-16T12:54:52Z"
}

Endpoints

POST /api/v1/inboxes optional

Create a throwaway inbox. No key yet? You get a new session and a session_key (returned once - save it and send it as the Bearer token from now on). Body is optional: "domain" picks a domain (see GET /domains), "style" picks the name style (neutral, funny, or serious).

curl 
curl -X POST https://api.voidash.com/api/v1/inboxes \
  -H "Content-Type: application/json" \
  -d '{"domain":"voidash.cyou","style":"neutral"}'
response 
{
  "id": "df83…",
  "address": "swift-koala-8421@voidash.cyou",
  "domain": "voidash.cyou",
  "expires_at": "2026-06-15T04:49:56Z",
  "session_key": "tm_sess_…"   // only on first call
}
GET /api/v1/inboxes/{id}/otp required

The latest verification code found in this inbox. Add ?wait=N (up to 90s) to hold the request open until a code arrives; ?after=<RFC3339> skips codes older than a time. Returns 200 with the code, or 404 if none yet.

curl 
curl "https://api.voidash.com/api/v1/inboxes/$ID/otp?wait=60" \
  -H "Authorization: Bearer $TM_KEY"
response 
{ "code": "624810", "message_id": "…",
  "from_addr": "noreply@github.com",
  "subject": "Your code is 624810",
  "received_at": "…" }
GET /api/v1/me required

About your session: how many inboxes you have, whether you are a supporter, and your limits/lifetimes.

curl 
curl https://api.voidash.com/api/v1/me \
  -H "Authorization: Bearer $TM_KEY"
response 
{ "inbox_count": 3, "is_supporter": false,
  "max_inboxes": 1000,
  "limits": { "msg_cap_per_inbox": 50,
    "message_ttl_seconds": 432000 } }
GET /api/v1/inboxes required

Session's live inboxes.

curl 
curl https://api.voidash.com/api/v1/inboxes \
  -H "Authorization: Bearer $TM_KEY"
response 
{ "inboxes": [ { "id": "…", "address": "…", "expires_at": "…" } ] }
GET /api/v1/messages required

Every message across all your inboxes, newest first. Optional filters: ?limit (max 200), ?offset, ?inbox_id, ?unread=true, ?q=<text> (searches subject, sender, preview).

curl 
curl "https://api.voidash.com/api/v1/messages?limit=20&q=github" \
  -H "Authorization: Bearer $TM_KEY"
response 
{ "messages": [ { "id": "…",
  "from_addr": "noreply@github.com",
  "subject": "Your code", "otp_code": "402913",
  "is_read": false } ],
  "total": 1, "limit": 20, "offset": 0 }
GET /api/v1/inboxes/{id}/messages required

Messages for one inbox, newest first. Same ?limit / ?offset / ?unread filters.

curl 
curl https://api.voidash.com/api/v1/inboxes/$ID/messages \
  -H "Authorization: Bearer $TM_KEY"
response 
{ "messages": [],
  "total": 4, "limit": 50, "offset": 0 }
GET /api/v1/messages/{id} required

The full message: plain text, cleaned-up HTML, and attachments. Opening it marks the message read.

curl 
curl https://api.voidash.com/api/v1/messages/$MSG_ID \
  -H "Authorization: Bearer $TM_KEY"
response 
{ "subject": "…", "from_addr": "…",
  "text": "…", "html": "<safe html>",
  "otp_code": "402913", "attachments": [] }
PATCH /api/v1/messages/{id} required

Mark a message read or unread. Body: {"seen": true|false}. Returns the updated message summary.

curl 
curl -X PATCH https://api.voidash.com/api/v1/messages/$MSG_ID \
  -H "Authorization: Bearer $TM_KEY" \
  -H "Content-Type: application/json" -d '{"seen":false}'
response 
{ "id": "…", "is_read": false,}
GET /api/v1/messages/{id}/raw required

The original raw email (.eml, RFC822). Returns 404 once retention has cleared the raw copy.

curl 
curl https://api.voidash.com/api/v1/messages/$MSG_ID/raw \
  -H "Authorization: Bearer $TM_KEY" -o message.eml
response 
From: GitHub <noreply@github.com>
To: swift-koala-8421@voidash.cyou
Subject: Your code is 624810
DELETE /api/v1/messages/{id} required

Delete one message and its stored files. Returns 204.

curl 
curl -X DELETE https://api.voidash.com/api/v1/messages/$MSG_ID \
  -H "Authorization: Bearer $TM_KEY"
response 
204 No Content
GET /api/v1/inboxes/{id}/events required

A live stream (SSE) that pushes a message.new event the moment mail arrives - no polling. Use GET /events to stream all your inboxes at once.

curl 
curl -N https://api.voidash.com/api/v1/inboxes/$ID/events \
  -H "Authorization: Bearer $TM_KEY"
response 
event: message
data: {"type":"message.new","data":{
  "id":"…","subject":"Login code",
  "otp_code":"778899"}}
GET /api/v1/domains none

The domains you can create inboxes on, each with a tier (1 = best, 3 = weakest). Public - no auth needed.

curl 
curl https://api.voidash.com/api/v1/domains
response 
{ "domains": [
  { "domain": "voidash.cyou", "tier": 2, "default": true },
  { "domain": "voidash.bond", "tier": 2 } ] }
DELETE /api/v1/inboxes/{id} required

Delete an inbox and all of its mail. Returns 204.

curl 
curl -X DELETE https://api.voidash.com/api/v1/inboxes/$ID \
  -H "Authorization: Bearer $TM_KEY"
response 
204 No Content

Full machine-readable spec: GET /api/v1/openapi.yaml (OpenAPI 3.0).

Rate limits

  • POST /inboxes - 20 / min
  • reads (messages, list, /me, patch, delete) - 240 / min
  • SSE + otp?wait connects - 120 / min

Keyed by session (or IP when anonymous). Responses carry X-RateLimit-Remaining and Retry-After; over the limit you get 429.

voidash disposable mail from the void