For Agents
Run end-to-end tests against email and SMS flows — search inbound messages on a Mailosaur server, inspect content and spam analysis, and forward or reply for round-trip assertions across 23 endpoints.
Get started with Mailosaur API in minutes using your preferred integration method.
# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
"jentic": {
"url": "https://api.jentic.com/mcp",
"auth": "oauth"
}
}
# Then ask your agent:
"search captured emails on mailosaur"
# → Jentic returns the GET /events tool with parameter schema, agent executes.What an agent can do with Mailosaur API API.
Provision and delete virtual mail servers for isolated test environments
Search inbound messages by sender, subject, or body content
Inspect a delivered message including HTML, text, and attachments
Run spam analysis against a captured message
Forward or reply to a captured message for round-trip flow tests
GET STARTED
Use for: Create a Mailosaur server for the staging integration tests, Search for the password-reset email sent to test+abc@mailosaur.io in the last minute, Get the body of message id 9999 to assert on the OTP code, Run spam analysis on the most recent welcome email
Not supported: Does not deliver production email or SMS, manage marketing lists, or run load tests — use for email and SMS testing in CI only.
Mailosaur is a service for testing email and SMS flows in development and CI. The API exposes 23 endpoints to manage virtual mail servers, search and inspect inbound messages, run spam analysis, simulate replies and forwards, and provision SMS-capable test devices. It is most often used by QA engineers to assert on signup, password-reset, and OTP flows in end-to-end tests.
Provision SMS-capable test devices and capture inbound SMS
Read account usage limits and transaction history
Patterns agents use Mailosaur API API for, with concrete tasks.
★ End-to-End Signup and OTP Testing
Assert that a signup flow actually delivers the expected email by capturing it on a Mailosaur server in CI. POST /messages/search returns the matching message by recipient and subject filter, GET /messages/{messageId} returns the body, and the test extracts the OTP or confirmation link. Mailosaur eliminates flaky tests that depend on a real inbox.
POST /messages/search with sentTo=test+abc@mailosaur.io and subject containing "Reset", then GET /messages/{messageId} and extract the reset code from the HTML body.
Spam Score Regression
Run spam analysis against every transactional email type on a release candidate to catch regressions in subject lines or content that would push deliverability down. GET /analysis/spam/{messageId} returns SpamAssassin score and per-rule contributions so a CI pipeline can fail the build when the score crosses a threshold.
After the password-reset email is captured, GET /analysis/spam/{messageId} and fail the test if the score exceeds 5.0.
Inbound SMS Test Automation
Capture and assert on inbound SMS flows by provisioning Mailosaur test devices and searching for received messages by phone number or content. This is the right pattern for testing two-factor authentication flows that depend on phone-based one-time passwords without using a real SIM.
Provision a device via POST /devices, trigger the app's SMS OTP flow, then POST /messages/search with the device id and parse the OTP from the latest message.
Round-Trip Reply and Forward Tests
Test workflows that depend on a recipient replying or forwarding a message — for example helpdesk auto-responders or distribution lists — by using POST /messages/{messageId}/reply and POST /messages/{messageId}/forward. The simulated outbound message is delivered through Mailosaur's outbound infrastructure and arrives at the system under test as if a human had pressed reply.
After capturing the helpdesk acknowledgement, POST /messages/{messageId}/reply with a body of "more info please" and assert the helpdesk re-acknowledges within 60 seconds.
Agent-Driven QA Verification
An AI agent that drives a manual-test-replacement workflow can use Mailosaur through Jentic to spin up a test server, run a flow against the system under test, then search and assert on the captured messages. The basic-auth API key lives in the Jentic vault, so the agent has scoped access to test inboxes without exposing credentials.
Create a Mailosaur server, run a signup flow, then poll /messages/search until the welcome email arrives and assert that the activation link is present in the body.
23 endpoints — mailosaur is a service for testing email and sms flows in development and ci.
METHOD
PATH
DESCRIPTION
/servers
Create a virtual test mail server
/messages/search
Search inbound messages by criteria
/messages/{messageId}
Retrieve a captured message
/analysis/spam/{messageId}
Run spam analysis on a message
/messages/{messageId}/forward
Forward a captured message
/messages/{messageId}/reply
Reply to a captured message
/devices
Provision an SMS test device
/servers
Create a virtual test mail server
/messages/search
Search inbound messages by criteria
/messages/{messageId}
Retrieve a captured message
/analysis/spam/{messageId}
Run spam analysis on a message
/messages/{messageId}/forward
Forward a captured message
Three things that make agents converge on Jentic-routed access.
Credential isolation
The Mailosaur API key is stored encrypted in the Jentic vault and presented as basic-auth at execution time (key as username, empty password). Agents never read or log the raw key.
Intent-based discovery
Agents search Jentic by intent (e.g., "search mailosaur messages") and Jentic returns POST /messages/search with its input schema, ready to execute against the right server.
Time to first call
Direct integration: half a day to wire up basic auth, message-search polling, and spam-analysis retrieval. Through Jentic: under 30 minutes — search, load, execute.
Alternatives and complements available in the Jentic catalogue.
MailerSend API
Transactional email sender that pairs with Mailosaur for end-to-end test flows.
Use MailerSend in production and Mailosaur in CI to assert that the same flow actually delivers the expected message.
Mailjet API
Transactional and marketing email provider that can be tested via Mailosaur capture.
Run signup or reset flows through Mailjet in staging and assert on the message via Mailosaur.
Twilio Messaging
Real SMS provider — the production equivalent of Mailosaur's test SMS.
Use Twilio Messaging in production for real SMS delivery and Mailosaur devices in CI to test the same flow without sending real messages.
Specific to using Mailosaur API API through Jentic.
What authentication does the Mailosaur API use?
Mailosaur uses HTTP Basic authentication via the basicAuth scheme. The username is your Mailosaur API key and the password is left empty (a colon-only password). Through Jentic the API key is stored encrypted in the vault and injected into the Authorization header at execution time.
Can I search messages received in the last minute?
Yes. POST /messages/search accepts criteria such as sentTo, sentFrom, subject, and body, plus a server id. It returns the most recent matching messages, which is the standard pattern for e2e tests that wait for a freshly sent email after triggering a flow.
What are the rate limits for the Mailosaur API?
Mailosaur uses a credit-based usage model rather than a per-second rate limit. GET /usage/limits returns your current limits and GET /usage/transactions returns recent consumption. The OpenAPI spec does not declare a per-second cap.
How do I run a signup-email test through Jentic?
Search Jentic for "search mailosaur messages" to load POST /messages/search, then execute with the recipient address that your signup test used. Follow up with GET /messages/{messageId} to extract the body and assert on the activation link or OTP.
Is the Mailosaur API free?
Mailosaur offers a free trial for evaluation; production use requires a paid plan whose monthly credit allowance is reported via /usage/limits. Pricing tiers are listed at https://mailosaur.com/pricing.
Can I test inbound SMS as well as email?
Yes. POST /devices provisions an SMS-capable test device, and inbound SMS messages are captured the same way as emails — searchable through POST /messages/search with the device id and inspectable through GET /messages/{messageId}.
/messages/{messageId}/reply
Reply to a captured message
/devices
Provision an SMS test device