API Documentation

Mail Alias and Verification APIs

Mail Alias and Verification APIs

Authentication Requirements (As Implemented)

Endpoint Auth Required (as implemented)
GET /api/getDomainsForAlias Cookie session auth; secondary/API-key sessions blocked by global middleware on this path
GET /api/aliases Cookie session auth; secondary/API-key sessions blocked by global middleware on this path
POST /api/aliases Cookie session auth + application/json; secondary/API-key sessions blocked by global middleware on this path
DELETE /api/aliases/:aliasedMail Cookie session auth; secondary/API-key sessions blocked by global middleware on this path
POST /api/mailVerification/create Cookie session auth + application/json; secondary/API-key sessions blocked by global middleware on this path
DELETE /api/mailVerification/:email Cookie session auth; secondary/API-key sessions blocked by global middleware on this path
GET /api/mailVerification Cookie session auth; secondary/API-key sessions blocked by global middleware on this path
GET /api/verifyEmailAddress/:secret None
POST /admin/deleteAllManagerAliases Cookie session auth + superuser + application/json
POST /admin/pointCoolMailsToMeAtShishCat Cookie session auth + superuser + application/json
POST /admin/purgeKTKCI Cookie session auth + superuser + application/json
POST /admin/changeMeAtShishCatMailsDestWithAdminAtFileDotAx Cookie session auth + superuser + application/json
POST /admin/reserveSpecialWords Cookie session auth + superuser + application/json

Request and Response Examples

GET /api/getDomainsForAlias

Success response (200):

{
  "domains": ["@file.ax", "@file.wf", "@file.yt"]
}

GET /api/aliases

Success response (200):

{
  "aliases": [
    {
      "id": 12,
      "aliasedmail": "hello@file.ax",
      "destination": "me@example.com"
    }
  ]
}

POST /api/aliases

Request headers:

  • Content-Type: application/json (required)

Request body:

{
  "aliasedMail": "hello@file.ax",
  "destination": "me@example.com"
}

Success response (200):

{
  "alias": {
    "id": 12,
    "aliasedmail": "hello@file.ax",
    "destination": "me@example.com"
  }
}

Common failures:

  • 400: invalid alias or destination
  • 500: { "error": "Failed to create alias" }

DELETE /api/aliases/:aliasedMail

Example:

DELETE /api/aliases/hello@file.ax

Success response (200):

{ "success": true }

Common failures:

  • 400: { "error": "Invalid aliasedMail" }
  • 404: { "error": "Alias not found" }

POST /api/mailVerification/create

Request headers:

  • Content-Type: application/json (required)

Request body:

{ "email": "me@example.com" }

Success response (200):

{ "success": true }

Common failures:

  • 400: { "error": "Invalid email" } or { "error": "Email already verified" }

GET /api/mailVerification

Success response (200):

{
  "emails": [
    {
      "email": "me@example.com",
      "verified": false,
      "created_at": "2026-03-10T00:00:00.000Z"
    }
  ]
}

DELETE /api/mailVerification/:email

Example:

DELETE /api/mailVerification/me@example.com

Success response (200):

{ "success": true }

Common failures:

  • 400: { "error": "Invalid email" }
  • 404: { "error": "Email not found" }

GET /api/verifyEmailAddress/:secret

Success response (200):

{ "success": true }

Failure behavior (as implemented):

  • Invalid secret format or failed lookup returns 500 with { "error": "Invalid secret" }.

Superuser Mail Admin Endpoints

All endpoints below require:

  • superuser session
  • Content-Type: application/json

POST /admin/deleteAllManagerAliases

Request body:

{ "managerToken": "target-manager-token" }

POST /admin/pointCoolMailsToMeAtShishCat

Request body:

{ "mailToPoint": "localpart" }

POST /admin/purgeKTKCI

Request body:

{}

Current behavior: returns 501 not implemented.

POST /admin/changeMeAtShishCatMailsDestWithAdminAtFileDotAx

Request body:

{}

POST /admin/reserveSpecialWords

Request body:

{}