Skip to content
Inboxlee
Browse docs · API reference
Getting started
DNS & authentication
Integrations
Deliverability
API reference
Troubleshooting
Docs/API reference

API authentication

Updated Apr 5, 2026 · 4 min read

Generate API keys, scope permissions, rotate, revoke.

On this page · 4
  1. Generate a key
  2. Authentication header
  3. Scopes
  4. Rotation and revocation

Inboxlee exposes a REST API at https://api.inboxlee.com. Auth is bearer-token via API keys you generate in your workspace settings.

Generate a key

Settings → API keys → Create new key. Choose a name (used in audit logs), select the scopes the key needs, set an optional expiration. The key is shown once - copy it immediately.

Authentication header

Authorization: Bearer inbl_live_xxxxxxxxxxxxxxxx

Send the header on every request. Live keys start with inbl_live_; test keys (for staging) start with inbl_test_.

Scopes

  • mailboxes:read - list and read mailbox state.
  • mailboxes:write - provision, suspend, resume mailboxes.
  • domains:read - list and read domain state.
  • domains:write - register, migrate, configure domains.
  • webhooks:manage - create and manage webhook subscriptions.

    • Rotation and revocation

    Rotate keys at least quarterly. Revoke any key that was leaked or is no longer needed. Revocation is immediate; in-flight requests using the revoked key will fail with 401.

    ← All docsTry Inboxlee free →