Introduction
In addition to the Email API, Maileroo also provides an Account API for programmatically managing most things in your account.
The Account API lets you manage your Maileroo account programmatically. It’s a simple RESTful, JSON-based API that allows you to handle the same tasks you would normally do in the dashboard, directly from your own code.
All resources share the same conventions for authentication, rate limiting, responses, and errors described below.
Should you require more features, please reach out to our support team and we will be happy to help.
Base URL
All endpoints are served under the /v1 prefix:
https://api.maileroo.com/v1Authentication
Every request must be authenticated with an API key, supplied as a Bearer token in the Authorization header:
GET /v1/account HTTP/1.1
Host: api.maileroo.com
Authorization: Bearer roo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxcurl https://api.maileroo.com/v1/account \
-H "Authorization: Bearer roo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"Requirements for every request:
- The API key must be valid and not revoked.
- The key must include the scope required by the endpoint being called (see below).
- If the key has an IP allowlist configured, the request must originate from an allowed IP address.
Scopes
API keys are granted granular scopes. Each endpoint requires a specific scope, and write scopes imply their corresponding read scope. Common scopes include:
| Scope | Grants |
|---|---|
account.read | View account information |
statistics.read | View statistics |
user_logs.read | View account logs |
domains.read | View domains |
domains.write | Manage domains |
domains.delete | Delete domains |
suppressions.read | View suppressions |
suppressions.write | Manage suppressions |
templates.read | View templates |
templates.write | Manage templates |
applications.read | View applications |
webhooks.read | View webhooks |
dedicated_ips.read | View dedicated IPs |
A request made with a key that lacks the required scope is rejected with 403 Forbidden.
Rate Limits
Requests are rate limited per account to 180 requests per minute.
Every response includes the following headers so you can track your usage:
| Header | Description |
|---|---|
X-RateLimit-Limit | The maximum number of requests allowed per minute (180). |
X-RateLimit-Remaining | The number of requests remaining in the current window. |
X-RateLimit-Reset | The number of seconds until the current window resets. |
When the limit is exceeded, the API responds with 429 Too Many Requests and also sets a
Retry-After header (in seconds) indicating how long to wait before retrying.
Response
Successful responses return a 2xx status code with the payload wrapped in
a top-level data object:
{
"data": {
"user_id": 12345,
"name": "Jane Doe",
"email": "[email protected]"
}
}data may be an object or an array depending on the endpoint (for example, list endpoints
return a paginated collection). The HTTP status code indicates the outcome of the request.
Error Codes & Messages
Errors return the appropriate HTTP status code with the payload wrapped in a top-level error
object:
{
"error": {
"message": "Your API key does not have the required scope to access this resource."
}
}Common errors that can occur on any endpoint:
| Status | Condition | Example message |
|---|---|---|
401 | Missing API key | Please provide a valid API key in the Authorization header. |
401 | Invalid or revoked API key | The API key you provided is invalid or has been revoked. |
403 | Insufficient scope | Your API key does not have the required scope to access this resource. |
403 | IP not allowed | Your IP address is not authorized to use this API key. |
429 | Rate limit exceeded | You have exceeded the rate limit of 180 requests per minute. Please slow down and try again shortly. |
500 | Failure verifying the API key | We were unable to verify your API key. Please try again in a moment. |
500 | Unexpected server error | It looks like we are having trouble processing your request. Please try again later. |
501 | Endpoint not yet available | This endpoint is not yet available. |
Endpoint-specific validation errors (for example, a bad request body) are returned with a 4xx
status and a descriptive message in the same error envelope.