Open source — free for everyone

Email verification API for agents & QA

Disposable inbox, SSE wait, OTP and magic links — one call from MCP, REST, or @mailagent/qa in Playwright. Clone the repo, self-host on Cloudflare, or use our hosted API.

View on GitHub Self-host

              MCP
              Playwright
              API
              CLI
            

              // mailagent_wait_and_extract — one shot
await mailagent_wait_and_extract({
  service: "github",
  timeoutSeconds: 90,
  deleteAfter: true,
});

// → { address, verification: { otp, links } }
            

github.com/Alex0nder/MailAgent MIT · open source

Runs on

Cloudflare Workers
Resend Inbound
Neon Postgres
Durable Objects SSE
Model Context Protocol

Open source

For everyone — run it yourself

Full source on GitHub: Worker, MCP server, QA SDK, and docs. No black box — deploy on your Cloudflare account with your Resend inbound domain.

MIT license — free to use, fork, and self-host
Same stack we run in production (Workers, Queues, Durable Objects, Neon)
Hosted API at api.webmailagent.com optional — ask for a key

View on GitHub Integration guide

Features

Everything an agent needs to verify email

Not a privacy burner for humans — programmatic inboxes with strict sender allowlists and structured verification output.

SSE-first wait

Durable Object pushes new messages over /v1/inboxes/:id/events. Poll fallback at 500ms when needed.

Sender allowlist

expectFrom rejects unexpected senders. Presets for GitHub, Stripe, Auth0, Google, Dribbble.

OTP + links

Verification codes and magic links parsed at ingest — ready for your agent without reading raw MIME.

Queue + idempotency

Webhook acks instantly; Resend events processed via Queues with DLQ and deduped provider_id.

TTL inboxes

Short-lived addresses (default 30m). Hourly cron purge. Delete after successful extract.

API + MCP + CLI

REST for backends, MCP tools for Cursor, JSON CLI for CI pipelines — same flows everywhere.

For QA teams

Stop fighting shared test inboxes

Each Playwright worker gets its own address. Filter by label, narrow with subjectContains, optional webhook when the letter lands — same API agents use.

Parallel runs collide

label=pw-0-… per worker — list and debug inboxes for one CI job without stepping on teammates.

Wrong email in the pile

subjectContains and sender allowlists so you read the signup OTP, not yesterday’s newsletter.

Mailosaur bill & lock-in

Self-hosted domain on Resend inbound. Pay for mail volume, not per-seat QA SaaS — API you own.

              Playwright
              open (one-shot)
            

              import { createMailAgentQa, MailAgentQa } from "@mailagent/qa";

const mail = createMailAgentQa();
const { address, id } = await mail.createInbox({
  label: MailAgentQa.runLabel("signup"),
  service: "auth0",
});

// … fill signup form with address …

const { otp } = await mail.waitForVerification(id, {
  subjectContains: "verify",
});
            

Read the QA guide — labels, callbacks, CI env, Playwright flow.

MCP

Tools your agent can call

Add mailagent to Cursor MCP. The agent creates inboxes, waits, and returns structured verification — no inbox UI required.

mailagent_wait_and_extract Create → wait (SSE) → OTP + links → delete Recommended

mailagent_create_inbox Temporary address with TTL and allowlist

mailagent_wait_for_message Block until first allowed email (up to 120s)

mailagent_extract_verification OTP and links from latest message

mailagent_delete_inbox Early cleanup after signup completes

How it works

Three steps to verified signup

Create inbox

Agent calls MCP or API. You get an address on your INBOX_DOMAIN and an inbox id.

Submit on the service

Use the address on GitHub, Stripe, Auth0, etc. Resend inbound webhook enqueues the message.

Extract & continue

SSE delivers the event; OTP and links return to the agent. Inbox deleted. Flow complete.

Positioning

Agents, not burner extensions

Consumer burner mail protects your personal inbox. MailAgent automates verification for code.

	MailAgent	Mailosaur / QA SaaS	Typical burner mail
MCP / API-first	Yes	REST	Browser UI
OTP + link extraction	Built-in	Built-in	Manual
SSE wait	Yes	Poll	—
Per-run isolated inbox	label + API	Yes	Shared pool
Sender allowlist	Yes	Patterns	Block in UI
Self-hosted domain	Your Resend	Their domain	Their domain
Long-lived aliases	TTL only	Yes	Yes

API

Simple REST, Bearer auth

              curl
            

              # One-shot (recommended)
curl -X POST https://api.webmailagent.com/v1/inboxes/open \
  -H "Authorization: Bearer $API_KEY" \
  -d '{"service":"github","timeoutSeconds":90}'

# → verification.otp, verification.primaryLink
            

Full reference: API docs · OpenAPI

Give your agent or test suite an inbox

Open source: clone and deploy in minutes. Hosted API: optional — email us for a key on the shared endpoint.

Star on GitHub API docs Hosted API key