Resolve the authenticated tenant
Echoes the tenant the presented API key resolves to. Useful as an "is my key valid?" check. Returns `401` if the key is missing/invalid.
Echoes the tenant the presented API key resolves to. Useful as an
"is my key valid?" check. Returns 401 if the key is missing/invalid.
The per-tenant API key. Sent as the x-api-key request header. The key
is tenant-scoped.
In: header
Response Body
application/json
application/json
curl -X GET "https://example.com/whoami"{ "tenantId": "f97df110-f4de-492e-8849-4a6af68026b0", "role": "admin"}{ "name": "string", "message": "string"}Identity and scope of the calling key GET
Return the calling API key's **identity and scope** — the canonical "is my key valid, and what can it see?" probe. Returns identity/scope only; it never returns plan or limits (see `/metrics/usage` for usage). `scope_type` is `organization` for a key that reaches the whole tenant, or `inbox` for a key pinned to a single inbox. `scope_id` is the id that scope resolves to — the tenant for an organization key, the inbox for an inbox key. `inbox_id` is present only for an inbox-scoped key.
Create an inbox POST
Create an inbox and get back a live, addressable email identity. Every field is optional: omit `username` and a readable random address is generated on the shared domain. Supply a `client_id` for idempotency — repeating a create with the same `client_id` returns the existing inbox (`200`) instead of creating a duplicate.