Management

Everything the dashboard does is this API: orgs, servers, domains, credentials, routes, webhooks, suppressions, users, IP pools. Authenticate with an admin API key (machine, full access) or a user session (RBAC-scoped).

The resource hierarchy

organization
└── server                # one tenant of mail
    ├── domains           # verified sending domains
    ├── credentials       # API + SMTP keys
    ├── routes            # inbound address → endpoint
    ├── webhooks          # signed event callbacks
    └── suppressions      # do-not-send list

The calls, by resource

ResourceBase path (under /api/v2/admin)Verbs
Organizations/organizationsGET, POST, PATCH, DELETE; members + invitations as sub-resources
Servers/organizations/{org}/serversGET, POST, PATCH, DELETE; suspend / unsuspend; ip_pool
Domains…/servers/{server}/domainsGET, POST, DELETE; POST {name}/verify
Credentials…/servers/{server}/credentialsGET, POST, PATCH, DELETE; the key is returned exactly once
Routes…/servers/{server}/routesGET, POST, PATCH, DELETE
Webhooks…/servers/{server}/webhooksGET, POST, PATCH, DELETE; enable / disable
Suppressions…/servers/{server}/suppressionsGET, POST, DELETE by address
Users/usersGET, POST, PATCH, DELETE (global admin)
IP pools/ip_poolsGET, POST, PATCH, DELETE; nested ip_addresses
Admin API keys/admin_api_keysGET, POST, DELETE
Auth audit log/auth_eventsGET

Example: bootstrap a tenant end to end

terminal
# 1. an organization
POST /api/v2/admin/organizations
   { "name": "Acme GmbH" }

# 2. a mail server in it
POST /api/v2/admin/organizations/acme/servers
   { "name": "production" }

# 3. a sending domain + verification
POST /api/v2/admin/organizations/acme/servers/production/domains
   { "name": "acme.com" }
POST /api/v2/admin/organizations/acme/servers/production/domains/acme.com/verify

# 4. an API credential for the app (returned exactly once!)
POST /api/v2/admin/organizations/acme/servers/production/credentials

Permissions

With a Bearer session, access is scoped by the user's role in the organization: viewer reads, member operates servers, admin manages members and settings, owner can delete the organization. Non-members get 404 for foreign orgs; the last owner is immovable. Admin API keys bypass RBAC entirely. Treat them like root credentials.

Secrets (credential keys, invitation tokens) are shown exactly once at creation and stored hashed. If you lose one, create a new one; there is no retrieve.

Full request/response schemas: OpenAPI.