Management
Everything the dashboard does is this API: orgs, servers, domains, credentials, routes, webhooks, suppressions, users, IP pools. Authenticate with an admin API key (machine, full access) or a user session (RBAC-scoped).
The resource hierarchy
organization └── server # one tenant of mail ├── domains # verified sending domains ├── credentials # API + SMTP keys ├── routes # inbound address → endpoint ├── webhooks # signed event callbacks └── suppressions # do-not-send list
The calls, by resource
| Resource | Base path (under /api/v2/admin) | Verbs |
|---|---|---|
| Organizations | /organizations | GET, POST, PATCH, DELETE; members + invitations as sub-resources |
| Servers | /organizations/{org}/servers | GET, POST, PATCH, DELETE; suspend / unsuspend; ip_pool |
| Domains | …/servers/{server}/domains | GET, POST, DELETE; POST {name}/verify |
| Credentials | …/servers/{server}/credentials | GET, POST, PATCH, DELETE; the key is returned exactly once |
| Routes | …/servers/{server}/routes | GET, POST, PATCH, DELETE |
| Webhooks | …/servers/{server}/webhooks | GET, POST, PATCH, DELETE; enable / disable |
| Suppressions | …/servers/{server}/suppressions | GET, POST, DELETE by address |
| Users | /users | GET, POST, PATCH, DELETE (global admin) |
| IP pools | /ip_pools | GET, POST, PATCH, DELETE; nested ip_addresses |
| Admin API keys | /admin_api_keys | GET, POST, DELETE |
| Auth audit log | /auth_events | GET |
Example: bootstrap a tenant end to end
terminal
# 1. an organization POST /api/v2/admin/organizations { "name": "Acme GmbH" } # 2. a mail server in it POST /api/v2/admin/organizations/acme/servers { "name": "production" } # 3. a sending domain + verification POST /api/v2/admin/organizations/acme/servers/production/domains { "name": "acme.com" } POST /api/v2/admin/organizations/acme/servers/production/domains/acme.com/verify # 4. an API credential for the app (returned exactly once!) POST /api/v2/admin/organizations/acme/servers/production/credentials
Permissions
With a Bearer session, access is scoped by the user's role in the organization: viewer reads, member operates servers, admin manages members and settings, owner can delete the organization. Non-members get 404 for foreign orgs; the last owner is immovable. Admin API keys bypass RBAC entirely. Treat them like root credentials.
Secrets (credential keys, invitation tokens) are shown exactly once at creation and stored hashed. If you lose one, create a new one; there is no retrieve.
Full request/response schemas: OpenAPI.
