Programmatically generate disposable email addresses and retrieve incoming messages. Perfect for testing, automation, and privacy-focused workflows.
All API requests require an API key passed via the X-API-Key header. Include it in every request to authenticated endpoints.
# Replace with your key
X-API-Key: al_a805d555d3b875d4a88605219bae4a6261babddebfc1f8c9
Key Format
Keys follow the pattern al_ followed by 48 hexadecimal characters (24 random bytes).
Get a free API key
Rate-limited to one key per IP per hour.
https://aurelion-email-worker.officialelsa21516.workers.dev
Create a new disposable email address. The address is randomly generated and ready to receive messages immediately.
/api/v1/inboxesRequest
curl -X POST https://aurelion-email-worker.officialelsa21516.workers.dev/api/v1/inboxes \
-H "X-API-Key: your_api_key_here"
Response
{
"address": "bold.wave4404@aurelion.web.id"
}Fetch all messages for a specific inbox. Messages expire 15 minutes after receipt.
/api/v1/inboxes/:email/messagesRequest
curl https://aurelion-email-worker.officialelsa21516.workers.dev/api/v1/inboxes/bold.wave4404@aurelion.web.id/messages \
-H "X-API-Key: your_api_key_here"
Response
{
"messages": [
{
"id": "uuid",
"message_id": "uuid",
"recipient": "bold.wave4404@aurelion.web.id",
"sender": "sender@example.com",
"subject": "Hello!",
"body_text": "...",
"body_html": "<html>...</html>",
"created_at": "2026-01-01T00:00:00.000Z"
}
]
}/api/v1/messages?recipient=...Alternative query-parameter style.
Request
curl "https://aurelion-email-worker.officialelsa21516.workers.dev/api/v1/messages?recipient=bold.wave4404@aurelion.web.id&since=2026-01-01T00:00:00.000Z" \
-H "X-API-Key: your_api_key_here"
const BASE = "https://aurelion-email-worker.officialelsa21516.workers.dev";
// Create inbox
const create = await fetch(BASE + "/api/v1/inboxes", {
method: "POST",
headers: { "X-API-Key": "your_api_key_here" }
});
const data = await create.json();
// data.address -> "bold.wave4404@aurelion.web.id"
// Get messages
const res = await fetch(BASE + "/api/v1/messages?recipient=" + data.address, {
headers: { "X-API-Key": "your_api_key_here" }
});
const inbox = await res.json();
// inbox.messages -> [...]Administrators can generate, list, and revoke API keys using the master API key. Keys are stored in KV and validated on every request.
/api/v1/admin/keysGenerate a new API key. Returns the full key (only shown once at creation).
curl -X POST https://aurelion-email-worker.officialelsa21516.workers.dev/api/v1/admin/keys \
-H "X-API-Key: your_master_key"
{
"key": "al_a805d555d3b875d4a88605219bae4a6261babddebfc1f8c9",
"name": "",
"created": "2026-06-27T20:00:18.000Z",
"last_used": null
}/api/v1/admin/keysList all API keys. Full keys are truncated for security.
{
"keys": [
{
"key": "al_a805...",
"name": "",
"created": "2026-06-27T20:00:18.000Z",
"last_used": "2026-06-27T20:01:00.000Z"
}
]
}/api/v1/admin/keysRevoke an API key. Include the full key in the request body.
curl -X DELETE https://aurelion-email-worker.officialelsa21516.workers.dev/api/v1/admin/keys \
-H "X-API-Key: your_master_key" \
-H "Content-Type: application/json" \
-d '{"key": "al_a805..."}'
Current rate limits per API key:
Exceeding these limits returns 429 Too Many Requests.
All errors return a JSON body:
{
"error": "Invalid or missing API key"
}| Code | Description |
|---|---|
| 400 | Bad request — missing or invalid parameters |
| 401 | Invalid or missing API key |
| 405 | Method not allowed for this endpoint |
| 429 | Rate limit exceeded |
| 500 | Internal server error |