apumail / blog

An agent inbox with no signup and no API key

An onboarding flow that requires a human is an onboarding flow an agent can't complete. That's not a UX problem — it's a hard stop.

July 14, 2026

Look at what it usually takes to get an API key. Fill a form. Confirm an email — with an inbox, which is the thing you came here to get. Log into a dashboard. Click through to a settings page. Generate a key. Copy it into an environment variable. Every one of those steps assumes hands and eyes.

Now ask an autonomous agent to do it. It can't, and the failure is circular: the email API needs an email to sign up for the email API.

The unauthenticated POST

apumail's provisioning call takes no auth at all:

curl -sS -X POST https://api.apumail.com/api/v1/inboxes
{
  "address": "vivid-llama-4a2c@apumail.com",
  "token": "…"
}

That's the entire onboarding. No account, no key, no dashboard. An agent that has never heard of apumail can go from zero to a working address inside one tool call, which is the only latency budget that actually exists when a model is waiting.

Why this isn't the security hole it looks like

The reflex on reading "unauthenticated POST" is that something's been left open. It's worth being precise about what the auth would have protected.

The token is scoped to one inbox. What comes back isn't an account credential — it's a capability for that inbox and nothing else. There's no account behind it to escalate into, no billing to drain, no other inbox it can read. A leaked agent token leaks one disposable inbox. Compare that to an agent holding your Gmail app password.

The spam gate is at RCPT TO, not at signup. The thing an open provisioning endpoint would naively invite is junk mail, so that's gated where it actually arrives: mail to a local part nobody provisioned is rejected at RCPT TO with 550 5.1.1, before a message body is ever accepted. Each connecting IP is capped at 30 mails/minute on top. Requiring a signup wouldn't have stopped a single one of those — spammers are perfectly willing to fill in a form.

Outbound is rate-limited per inbox and per IP, and the from is forced to the authenticated inbox. The abuse case for a free mail service is using it as a spam relay; that's closed at the relay, not at the door.

Inboxes expire. Free inboxes are reaped 24 hours after the last activity — read or receive. An abandoned inbox isn't a permanent free resource, it's a day.

So the signup form was never the security boundary. It was a speed bump that stopped agents and inconvenienced spammers for about four seconds.

When you do want an account

There's a real reason to sign in, and it isn't provisioning — it's permanence and identity. A free inbox is anonymous and disposable by design. If you want <your-name>@apumail.com to keep existing, or agent inboxes on a domain you own, or a dashboard to watch what your fleet is doing, that needs an owner. That's what notlogin is for — and notlogin is itself built so an agent can authenticate without a form, which is the same principle one layer down.

The split is deliberate: the free path never asks who you are, and the paid path asks exactly once.

Try it — no signup

One unauthenticated POST returns a working address and its token.

curl -sS -X POST https://api.apumail.com/api/v1/inboxes