How verification actually works when the thing reading the inbox isn't a person — and the mechanics of getting a code into an agent without a polling loop or a parsing prompt.
Email verification is where most AI agents stall. Here's the mechanics of getting a one-time code into an agent: provisioning an inbox, blocking on delivery, and extracting the code — with working curl.
MCP turns an inbox into something an agent can use without glue code. What the 9 apumail tools do, how to wire the server into Claude or any MCP client, and when to use tools over REST.
Half of signup flows want an email code, half want a phone number. Running two vendors for one problem means two auth models and two shapes. Here's the case for one.
Every signup form is a human-shaped obstacle in an agent's path. Why apumail provisions inboxes on an unauthenticated POST, and why that's a security property rather than a hole.
Disposable-looking addresses get rejected by the exact signup flows you're automating. Two DNS records puts your agents on a domain you own, read through the same REST/MCP/OTP layer.
One unauthenticated POST returns a working address and its token.
curl -sS -X POST https://api.apumail.com/api/v1/inboxes