Temporary Email for Developers: Automated QA API

Integrate instant disposable inboxes into your testing workflows. Parse activation links, extract OTP verification codes, and automate end-to-end user testing.

Ready to Start Testing?

Get your free beta developer credentials and connect to our local Australian routing nodes. Streamline your integration tests today.

Get Developer API Key

1. The Automated QA Testing Challenge

Modern software engineering practices demand robust end-to-end (E2E) testing. For applications requiring user registration, passwordless logins, magic links, or automated alert notifications, testing the full lifecycle poses a significant hurdle: how do you automate email interaction?

QA teams frequently resort to subpar anti-patterns, including:

  • Hardcoding Test Users: Pre-creating accounts in database migrations bypasses registration and activation flows entirely, leaving critical registration code untested.
  • Gmail Plus-Addressing: Routing automated tests through a single static account (e.g., `test+run123@gmail.com`) causes tests to block each other. It also exposes corporate mailboxes to spam and risks hitting third-party anti-spam blocks.
  • Mocking SMTP Gateways: Mocking out mail transfer agents inside the application code verifies that the code executed, but fails to test real-world SMTP routing, network latency, or deliverability.

The solution is programmatic, isolated disposable email accounts. By utilizing the TempMail AU developer REST API, engineers can generate temporary inboxes dynamically, complete signup forms, retrieve real email payloads, extract authentication tokens, and verify registration pipelines.

2. The TempMail AU REST API Architecture

TempMail AU is architected with a local-first philosophy, routing API queries and mail traffic through Australian server hubs. Our system leverages Cloudflare Workers and Appwrite to offer high reliability and minimal response latency.

The REST API operates on simple JSON exchanges. When a request is sent to create an inbox, our system dynamically updates domain routing rules and allocates a sandbox database partition for the new user handle. As emails arrive, they are instantly sanitized: HTML code is stripped of dangerous iframe payloads and malicious javascript tags, and the remaining body, subject line, headers, and attachment structures are exposed via REST.

This design enables developers to parse JSON responses natively rather than using complex HTML parsing utilities to extract activation URLs or verification pins.

3. Step-by-Step API Integration Workflow

Integrating temporary mailboxes into an automation framework involves three main API requests:

Step 1: Create a Temporary Inbox

Send a POST request to generate a randomized temporary mailbox or provision a custom username prefix on one of our active domains.

POST https://api.tempmail.com.au/v1/inbox
Headers:
  Authorization: Bearer YOUR_DEVELOPER_KEY
  Content-Type: application/json
Body:
  {
    "prefix": "qa-test-run-52"
  }
// JSON Response (201 Created)
{
  "id": "inbox_abc123xyz",
  "email": "qa-test-run-52@tempmail.com.au",
  "createdAt": "2026-06-05T07:47:20Z",
  "expiresAt": "2026-06-06T07:47:20Z"
}

Step 2: Fetch and Poll Received Messages

After triggered actions (like submitting your application registration form), query the message list. If empty, implement a backoff polling loop.

GET https://api.tempmail.com.au/v1/inbox/inbox_abc123xyz/messages
Headers:
  Authorization: Bearer YOUR_DEVELOPER_KEY
// JSON Response (200 OK)
{
  "messages": [
    {
      "id": "msg_987654",
      "from": "noreply@yourdomain.com",
      "subject": "Activate Your Account",
      "text": "Your OTP code is 88472. Or click here: https://yourdomain.com/verify?token=xyz",
      "html": "<p>Your OTP code is <strong>88472</strong>...</p>",
      "receivedAt": "2026-06-05T07:48:02Z"
    }
  ]
}

Step 3: Delete and Terminate session

Once the token or OTP is extracted and verified, delete the inbox to prevent future polling and instantly purge all metadata.

DELETE https://api.tempmail.com.au/v1/inbox/inbox_abc123xyz
Headers:
  Authorization: Bearer YOUR_DEVELOPER_KEY

4. Automation Examples: Playwright & Cypress

Writing verification code logic inside standard browser test suites is easy. Below are copy-pasteable examples for Playwright and Cypress.

Playwright E2E Integration Script

import { test, expect } from '@playwright/test';

const API_KEY = process.env.TEMP_MAIL_API_KEY;

test('Verify registration flow via API', async ({ page }) => {
  // 1. Create temporary email address
  const inboxRes = await page.request.post('https://api.tempmail.com.au/v1/inbox', {
    headers: { 'Authorization': `Bearer ${API_KEY}` },
    data: { prefix: 'pw-test-' + Math.floor(Math.random() * 100000) }
  });
  const inbox = await inboxRes.json();
  const testEmail = inbox.email;

  // 2. Perform frontend action
  await page.goto('https://myapp.com/signup');
  await page.fill('input[name="email"]', testEmail);
  await page.click('button[type="submit"]');

  // 3. Poll API for email
  let otp = null;
  for (let attempt = 0; attempt < 5; attempt++) {
    await page.waitForTimeout(3000); // Wait 3 seconds between retries
    const msgRes = await page.request.get(`https://api.tempmail.com.au/v1/inbox/${inbox.id}/messages`, {
      headers: { 'Authorization': `Bearer ${API_KEY}` }
    });
    const { messages } = await msgRes.json();
    if (messages.length > 0) {
      const match = messages[0].text.match(/OTP code is (\d{5})/);
      if (match) {
        otp = match[1];
        break;
      }
    }
  }

  expect(otp).not.toBeNull();

  // 4. Input OTP code and submit
  await page.fill('input[name="otp"]', otp!);
  await page.click('button[type="submit"]');

  // 5. Verify signup success
  await expect(page.locator('.welcome-banner')).toBeVisible();

  // 6. Clean up inbox session
  await page.request.delete(`https://api.tempmail.com.au/v1/inbox/${inbox.id}`, {
    headers: { 'Authorization': `Bearer ${API_KEY}` }
  });
});

Cypress Integration Command

describe('Cypress email validation test', () => {
  const apiKey = Cypress.env('TEMP_MAIL_API_KEY');

  it('signs up and extracts email verification link', () => {
    // 1. Generate temp mail inbox
    cy.request({
      method: 'POST',
      url: 'https://api.tempmail.com.au/v1/inbox',
      headers: { 'Authorization': `Bearer ${apiKey}` },
      body: { prefix: 'cy-test-' + Date.now() }
    }).then((res) => {
      const inbox = res.body;

      // 2. Submit signup form
      cy.visit('https://myapp.com/signup');
      cy.get('input[name="email"]').type(inbox.email);
      cy.get('button[type="submit"]').click();

      // 3. Poll API recursively
      const pollMessages = (attempts = 0) => {
        if (attempts > 5) throw new Error('Email did not arrive');
        cy.wait(3000);
        return cy.request({
          method: 'GET',
          url: `https://api.tempmail.com.au/v1/inbox/${inbox.id}/messages`,
          headers: { 'Authorization': `Bearer ${apiKey}` }
        }).then((msgRes) => {
          if (msgRes.body.messages.length > 0) {
            return msgRes.body.messages[0];
          }
          return pollMessages(attempts + 1);
        });
      };

      pollMessages().then((message) => {
        // Extract confirmation token via regex
        const urlMatch = message.text.match(/https:\/\/myapp\.com\/verify\?token=\S+/);
        expect(urlMatch).to.not.be.null;
        const verificationLink = urlMatch[0];

        // 4. Visit link to verify email
        cy.visit(verificationLink);
        cy.contains('Email Verified Successfully');

        // 5. Clean up inbox session
        cy.request({
          method: 'DELETE',
          url: `https://api.tempmail.com.au/v1/inbox/${inbox.id}`,
          headers: { 'Authorization': `Bearer ${apiKey}` }
        });
      });
    });
  });
});

5. Rate Limits and API Performance Tiers

To guarantee fair resource distribution and protect our infrastructure from bot abuse, TempMail AU enforces strict rate limits across our API endpoints. Rate limits are calculated per token using a sliding window algorithm:

Plan TierDaily Inboxes CreatedRate Limit (Req/Min)Support SLAPrimary Use Case
Free Beta5030 request/minBest effort supportManual testing / hobby projects
Developer1,000120 request/min24-hour email supportSmall-scale automated QA builds
Pro10,000600 request/min12-hour email/Slack supportContinuous CI/CD integration pipelines
EnterpriseCustom / UnlimitedCustom / UncappedDedicated Slack channel & phone supportLarge-scale distributed E2E suites

6. QA Best Practices: Latency & Isolation

Integrating temporary inboxes into automated CI/CD builds requires careful planning to prevent tests from failing due to timing or latency issues. We recommend the following practices:

Handle Delivery Delays Gracefully
SMTP routing is not instantaneous. Do not fail a test if the email is missing on the first poll. Implement a retry threshold with incremental backoffs (e.g. retry after 2s, 4s, 8s, 16s) before timing out.
Enforce Inbox Isolation
Always append a unique timestamp or random numeric hash to the prefix of your generated email address in parallel test runs. This guarantees tests never overlap or query each other's message states.

7. API Security Boundaries & Abuse Filters

The TempMail AU developer API is built strictly for application testing, development validation, and privacy-respecting automation. We actively filter and block domains associated with fraud, spamming, phishing, and hacking.

Prohibited API Activities

  • Bulk Account Harvesting: Creating thousands of accounts on third-party sites using automated scripts.
  • Circumventing Security Rules: Evading geo-blocks, rate limits, or signup limits on commercial platforms.
  • Spam and Phishing testing: Routing outbound phishing simulation emails through temporary handles (our system is receive-only, so outbound mailing is impossible).
  • Hacking & Verification Bypass: Using temporary keys to hide illicit activities.

We monitor API traffic for irregular volume spikes. Suspicious activities will trigger automated API key suspensions. To learn more about our acceptable use guidelines, read our full Abuse Policy.

8. Frequently Asked Questions

Does TempMail AU support official SDKs?
No. We support a lightweight, standard REST API that can be queried from any language using native fetch/axios libraries. We do not require or publish custom packages to keep the integration light and simple.
Are incoming webhooks supported?
Webhooks are currently in private beta for enterprise plans. Standard integration relies on polling the messages endpoint. We recommend polling every 2-3 seconds with a retry limit of 5.
How long are developer inboxes retained?
Inboxes created via the API follow the standard 24-hour retention window. However, developers can issue manual DELETE requests to immediately wipe the inbox and message records after a test run completes.
Is there a free tier for developers?
Yes, our free beta API tier allows developers to generate up to 50 inboxes per day with basic polling features. Paid tiers are available for high-volume automated regression suites.
Can I receive HTML-formatted emails?
Yes. The API response returns both the raw email, sanitized HTML, and a plain-text payload, making it easy to parse links, codes, and tokens using standard parser libraries.
How do I fetch my developer API key?
You can retrieve a developer API token directly from our developer console after logging in. Standard rate limits apply immediately after token generation.
Can I use temporary domains to bypass third-party rate limits?
No. We enforce strict acceptable use rules. Using our API to bypass IP blocks, scrape services, or bypass security rules on external platforms is prohibited and will result in token termination.
What happens if a test email fails to arrive?
Ensure your application's mail transfer agent (MTA) is sending messages correctly and the testing domain is not blacklisted by the platform. You can check domain statuses on our blacklist checker page.

Streamline Your Automated Testing

Get reliable email routing, secure storage, and sandboxed content rendering for your test suites. Build confidence in your code.