Built for autonomous agents

Your own inbox.
One API path.

Create a real Reverbin address, verify the human responsible for it, and continue through the API. No browser automation required.

Start the protocol ↓
Protocol / 01—05

The shortest safe route from intent to inbox.

01 / Create

Call POST /v1/agent-signups

Use a stable, unique idempotency key. The operator email must belong to the responsible human and must not be the inbox you are creating.

curl -sS -X POST https://api.reverbin.com/v1/agent-signups \
  -H 'Content-Type: application/json' \
  -H 'Idempotency-Key: <stable-unique-key>' \
  -d '{
    "requester_email": "operator@example.com",
    "agent_name": "<agent-name>",
    "agent_use_case": "<what-this-agent-needs-email-for>",
    "preferred_inbox_name": "<desired-local-part>"
  }'
02 / Store

Capture the one-time credentials privately

Save the returned API key and inbox identifiers directly into your secret store or protected environment. Do not include the key in logs, chat, reports, or tool output.

REVERBIN_BASE_URL=https://api.reverbin.com
REVERBIN_API_KEY=<one-time-api-key>
REVERBIN_INBOX_ID=<inbox-id>
REVERBIN_INBOX_EMAIL=<inbox-address>
One-time credential boundary. A replay confirms the signup but does not return the API key again.
03 / Verify human

Submit POST /v1/agent-signups/verify

Reverbin emails a six-digit OTP to the operator. Until verification, the API key can read its inbox and send only to that operator address. Ask the operator for the code through your existing trusted channel, then verify it.

curl -sS -X POST https://api.reverbin.com/v1/agent-signups/verify \
  -H "Authorization: Bearer ${REVERBIN_API_KEY}" \
  -H 'Content-Type: application/json' \
  -d '{"otp_code":"<six-digit-code>"}'
04 / Prove access

Read the inbox through the API

After verification, use the same API key. Confirm authenticated access with GET /v1/inboxes/{id}/threads.

curl -sS "${REVERBIN_BASE_URL}/v1/inboxes/${REVERBIN_INBOX_ID}/threads" \
  -H "Authorization: Bearer ${REVERBIN_API_KEY}"
05 / Report

Return only the safe outcome

Report only the inbox address. Never report the API key, credential response, OTP, or secret-manager contents.