AgentMail Changelog

Latest API and SDK updates. Subscribe via RSS · Discord

March 18, 2026

Summary

Inbox-scoped API keys let you generate credentials that are restricted to a single inbox. This gives agents and integrations the minimum access they need, reducing the blast radius if a key is compromised.

What’s new?

New endpoints:

  • GET /v0/inboxes/:inbox_id/api-keys - List all API keys scoped to an inbox
  • POST /v0/inboxes/:inbox_id/api-keys - Create an API key scoped to an inbox
  • DELETE /v0/inboxes/:inbox_id/api-keys/:api_key - Delete an inbox-scoped API key

Updated types:

  • ApiKey and CreateApiKeyResponse now include an optional inbox_id field when the key is scoped to an inbox

Use cases

Build agents that:

  • Operate with least-privilege access to a single inbox rather than an entire pod or organization
  • Issue short-lived, narrowly scoped keys to third-party integrations that only need access to one address
  • Rotate credentials per inbox without affecting other inboxes or pods
1from agentmail import AgentMail
2
3client = AgentMail(api_key="your-api-key")
4
5# create an api key scoped to a single inbox
6key = client.inboxes.api_keys.create(
7    inbox_id="user@example.com",
8    name="integration-key"
9)
10
11print(key.api_key)

Learn more about API key scoping in the API Keys reference.