Skip to content
Postern Postern Docs
Postern — a side gate for agents

A real mailbox for your agent, in one call

Postern gives an AI agent a real, persistent mailbox in one API call — sends and receives, on a domain we own, behind a scoped key that expires and revokes on its own.
Mailbox in one call API reference

A postern is the small fortified side-gate of a fortress: trusted parties pass through it without anyone opening the main gate. Postern is exactly that for email. An agent gets a scoped enrollment key that mints up to N real mailboxes — and nothing else. No org-wide credential ever reaches the model host.

mailbox-in-one-call.ts
import { Postern } from "@postern/sdk";


const postern = new Postern({ apiKey: process.env.POSTERN_API_KEY! });


// One call. A real, send-and-receive-capable mailbox.
const inbox = await postern.inboxes.create({ display_name: "Support Bot" });
console.log(inbox.address); // agent7@x4p.mszazu.com


// Send from it — ACS-authenticated, so it doesn't bounce.
await inbox.send({ to: "ops@acme.test", subject: "agent online", text: "Reporting in." });

What you get

Section titled “What you get”

One call to a live mailbox

agent7@x4p.mszazu.com, sending and receiving on a pre-verified mszazu.com subdomain — no DNS, no waiting. ACS-authenticated sending means it doesn’t bounce.

wait_for_email

The killer primitive. Block until the next matching message lands and get the OTP code and verification link already extracted as structured fields. No polling loop.

Scoped keys

Hand an MCP host a pk_enroll_… key that mints up to N mailboxes and nothing else. It expires, revokes instantly, and is server-enforced — a cloned key can’t exceed its quota.

Domains the way you want

Default to a zero-config shared subdomain, or delegate one NS record and let our authoritative DNS serve MX, SPF, DKIM, and DMARC for your subdomain — no further DNS work.

Why not just SMTP or SES?

Section titled “Why not just SMTP or SES?”

Raw SMTP or SES gives you a sending pipe. Postern gives an agent an identity: a persistent, owned mailbox, a per-agent scoped capability key, real-time structured inbound, and automated DNS and reputation — none of which a sending API does. The defensible difference is the whole gate, not one hinge.

Raw SMTP / SESPostern
ProvisioningYou buy a domain, wire DNS, warm itOne call on a pre-warmed owned subdomain
Per-agent identityShared credentialsScoped, expiring, revocable agent keys
InboundYou run IMAP / a mail serverStructured webhooks + wait_for_email
OTP / verificationYou parse it yourselfextracted.otp / extracted.link, server-side
DeliverabilityYour problemACS-authenticated, karma-throttled, segmented

Start here

Section titled “Start here”
Mailbox in one call curl, the TypeScript SDK, and MCP — three ways to a live mailbox.
wait_for_email Trigger a sign-up, block on the inbox, read the OTP in the same turn.
Concepts Agents, enrollment tokens, inboxes, domains, deliverability — the model.
API reference The /v1 REST contract: enroll, inboxes, messages, wait, webhooks.

Postern is a product of Message Science. A side gate for agents.