Temporary Email for Developers: Automated QA API
Integrate instant disposable inboxes into your testing workflows. Parse activation links, extract OTP verification codes, and automate end-to-end user testing.
Ready to Start Testing?
Get your free beta developer credentials and connect to our local Australian routing nodes. Streamline your integration tests today.
1. The Automated QA Testing Challenge
Modern software engineering practices demand robust end-to-end (E2E) testing. For applications requiring user registration, passwordless logins, magic links, or automated alert notifications, testing the full lifecycle poses a significant hurdle: how do you automate email interaction?
QA teams frequently resort to subpar anti-patterns, including:
- Hardcoding Test Users: Pre-creating accounts in database migrations bypasses registration and activation flows entirely, leaving critical registration code untested.
- Gmail Plus-Addressing: Routing automated tests through a single static account (e.g., `test+run123@gmail.com`) causes tests to block each other. It also exposes corporate mailboxes to spam and risks hitting third-party anti-spam blocks.
- Mocking SMTP Gateways: Mocking out mail transfer agents inside the application code verifies that the code executed, but fails to test real-world SMTP routing, network latency, or deliverability.
The solution is programmatic, isolated disposable email accounts. By utilizing the TempMail AU developer REST API, engineers can generate temporary inboxes dynamically, complete signup forms, retrieve real email payloads, extract authentication tokens, and verify registration pipelines.
2. The TempMail AU REST API Architecture
TempMail AU is architected with a local-first philosophy, routing API queries and mail traffic through Australian server hubs. Our system leverages Cloudflare Workers and Appwrite to offer high reliability and minimal response latency.
The REST API operates on simple JSON exchanges. When a request is sent to create an inbox, our system dynamically updates domain routing rules and allocates a sandbox database partition for the new user handle. As emails arrive, they are instantly sanitized: HTML code is stripped of dangerous iframe payloads and malicious javascript tags, and the remaining body, subject line, headers, and attachment structures are exposed via REST.
This design enables developers to parse JSON responses natively rather than using complex HTML parsing utilities to extract activation URLs or verification pins.
3. Step-by-Step API Integration Workflow
Integrating temporary mailboxes into an automation framework involves three main API requests:
Step 1: Create a Temporary Inbox
Send a POST request to generate a randomized temporary mailbox or provision a custom username prefix on one of our active domains.
POST https://api.tempmail.com.au/v1/inbox
Headers:
Authorization: Bearer YOUR_DEVELOPER_KEY
Content-Type: application/json
Body:
{
"prefix": "qa-test-run-52"
}// JSON Response (201 Created)
{
"id": "inbox_abc123xyz",
"email": "qa-test-run-52@tempmail.com.au",
"createdAt": "2026-06-05T07:47:20Z",
"expiresAt": "2026-06-06T07:47:20Z"
}Step 2: Fetch and Poll Received Messages
After triggered actions (like submitting your application registration form), query the message list. If empty, implement a backoff polling loop.
GET https://api.tempmail.com.au/v1/inbox/inbox_abc123xyz/messages Headers: Authorization: Bearer YOUR_DEVELOPER_KEY
// JSON Response (200 OK)
{
"messages": [
{
"id": "msg_987654",
"from": "noreply@yourdomain.com",
"subject": "Activate Your Account",
"text": "Your OTP code is 88472. Or click here: https://yourdomain.com/verify?token=xyz",
"html": "<p>Your OTP code is <strong>88472</strong>...</p>",
"receivedAt": "2026-06-05T07:48:02Z"
}
]
}Step 3: Delete and Terminate session
Once the token or OTP is extracted and verified, delete the inbox to prevent future polling and instantly purge all metadata.
DELETE https://api.tempmail.com.au/v1/inbox/inbox_abc123xyz Headers: Authorization: Bearer YOUR_DEVELOPER_KEY
4. Automation Examples: Playwright & Cypress
Writing verification code logic inside standard browser test suites is easy. Below are copy-pasteable examples for Playwright and Cypress.
Playwright E2E Integration Script
import { test, expect } from '@playwright/test';
const API_KEY = process.env.TEMP_MAIL_API_KEY;
test('Verify registration flow via API', async ({ page }) => {
// 1. Create temporary email address
const inboxRes = await page.request.post('https://api.tempmail.com.au/v1/inbox', {
headers: { 'Authorization': `Bearer ${API_KEY}` },
data: { prefix: 'pw-test-' + Math.floor(Math.random() * 100000) }
});
const inbox = await inboxRes.json();
const testEmail = inbox.email;
// 2. Perform frontend action
await page.goto('https://myapp.com/signup');
await page.fill('input[name="email"]', testEmail);
await page.click('button[type="submit"]');
// 3. Poll API for email
let otp = null;
for (let attempt = 0; attempt < 5; attempt++) {
await page.waitForTimeout(3000); // Wait 3 seconds between retries
const msgRes = await page.request.get(`https://api.tempmail.com.au/v1/inbox/${inbox.id}/messages`, {
headers: { 'Authorization': `Bearer ${API_KEY}` }
});
const { messages } = await msgRes.json();
if (messages.length > 0) {
const match = messages[0].text.match(/OTP code is (\d{5})/);
if (match) {
otp = match[1];
break;
}
}
}
expect(otp).not.toBeNull();
// 4. Input OTP code and submit
await page.fill('input[name="otp"]', otp!);
await page.click('button[type="submit"]');
// 5. Verify signup success
await expect(page.locator('.welcome-banner')).toBeVisible();
// 6. Clean up inbox session
await page.request.delete(`https://api.tempmail.com.au/v1/inbox/${inbox.id}`, {
headers: { 'Authorization': `Bearer ${API_KEY}` }
});
});Cypress Integration Command
describe('Cypress email validation test', () => {
const apiKey = Cypress.env('TEMP_MAIL_API_KEY');
it('signs up and extracts email verification link', () => {
// 1. Generate temp mail inbox
cy.request({
method: 'POST',
url: 'https://api.tempmail.com.au/v1/inbox',
headers: { 'Authorization': `Bearer ${apiKey}` },
body: { prefix: 'cy-test-' + Date.now() }
}).then((res) => {
const inbox = res.body;
// 2. Submit signup form
cy.visit('https://myapp.com/signup');
cy.get('input[name="email"]').type(inbox.email);
cy.get('button[type="submit"]').click();
// 3. Poll API recursively
const pollMessages = (attempts = 0) => {
if (attempts > 5) throw new Error('Email did not arrive');
cy.wait(3000);
return cy.request({
method: 'GET',
url: `https://api.tempmail.com.au/v1/inbox/${inbox.id}/messages`,
headers: { 'Authorization': `Bearer ${apiKey}` }
}).then((msgRes) => {
if (msgRes.body.messages.length > 0) {
return msgRes.body.messages[0];
}
return pollMessages(attempts + 1);
});
};
pollMessages().then((message) => {
// Extract confirmation token via regex
const urlMatch = message.text.match(/https:\/\/myapp\.com\/verify\?token=\S+/);
expect(urlMatch).to.not.be.null;
const verificationLink = urlMatch[0];
// 4. Visit link to verify email
cy.visit(verificationLink);
cy.contains('Email Verified Successfully');
// 5. Clean up inbox session
cy.request({
method: 'DELETE',
url: `https://api.tempmail.com.au/v1/inbox/${inbox.id}`,
headers: { 'Authorization': `Bearer ${apiKey}` }
});
});
});
});
});5. Rate Limits and API Performance Tiers
To guarantee fair resource distribution and protect our infrastructure from bot abuse, TempMail AU enforces strict rate limits across our API endpoints. Rate limits are calculated per token using a sliding window algorithm:
| Plan Tier | Daily Inboxes Created | Rate Limit (Req/Min) | Support SLA | Primary Use Case |
|---|---|---|---|---|
| Free Beta | 50 | 30 request/min | Best effort support | Manual testing / hobby projects |
| Developer | 1,000 | 120 request/min | 24-hour email support | Small-scale automated QA builds |
| Pro | 10,000 | 600 request/min | 12-hour email/Slack support | Continuous CI/CD integration pipelines |
| Enterprise | Custom / Unlimited | Custom / Uncapped | Dedicated Slack channel & phone support | Large-scale distributed E2E suites |
6. QA Best Practices: Latency & Isolation
Integrating temporary inboxes into automated CI/CD builds requires careful planning to prevent tests from failing due to timing or latency issues. We recommend the following practices:
7. API Security Boundaries & Abuse Filters
The TempMail AU developer API is built strictly for application testing, development validation, and privacy-respecting automation. We actively filter and block domains associated with fraud, spamming, phishing, and hacking.
Prohibited API Activities
- Bulk Account Harvesting: Creating thousands of accounts on third-party sites using automated scripts.
- Circumventing Security Rules: Evading geo-blocks, rate limits, or signup limits on commercial platforms.
- Spam and Phishing testing: Routing outbound phishing simulation emails through temporary handles (our system is receive-only, so outbound mailing is impossible).
- Hacking & Verification Bypass: Using temporary keys to hide illicit activities.
We monitor API traffic for irregular volume spikes. Suspicious activities will trigger automated API key suspensions. To learn more about our acceptable use guidelines, read our full Abuse Policy.
8. Frequently Asked Questions
Streamline Your Automated Testing
Get reliable email routing, secure storage, and sandboxed content rendering for your test suites. Build confidence in your code.