REST APIMCP

MCP Server

Public Model Context Protocol endpoint. Connect any MCP client (Claude Desktop, Claude Code, etc.) to query MailTempo inboxes from a chat. Read-only, CORS-enabled, no auth required. Per-IP rate limits apply.

Endpoint

POST https://mailtempo.com/api/mcp
Content-Type: application/json
Accept: application/json, text/event-stream

Quick start — Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "mailtempo": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://mailtempo.com/api/mcp"]
    }
  }
}

Other clients

Any MCP client that speaks Streamable HTTP works. For stdio-only clients, wrap the endpoint with mcp-remote as shown above.

Quick start — curl

# 1. List the available tools
curl -X POST https://mailtempo.com/api/mcp \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json, text/event-stream' \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'

# 2. List active domains
curl -X POST https://mailtempo.com/api/mcp \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json, text/event-stream' \
  -d '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"list_domains","arguments":{}}}'

Tools

  • list_domains

    List active catchall domains.

    Input
    (none)
    Output
    { domains: [{ domain, displayName }] }
    Errors
  • list_messages

    List up to 100 most-recent non-hidden messages for a MailTempo address.

    Input
    { address: string } // e.g. "[email protected]"
    Output
    { address, messages: [{ id, fromAddr, fromName, subject, snippet, receivedAt, otp }] }
    Errors
    invalid_address, unknown_domain
  • get_message

    Fetch a single message by public id — sanitized HTML, plain text, headers, attachment metadata, OTP.

    Input
    { id: string } // 8-32 chars, [A-Za-z0-9_-]
    Output
    { id, fromAddr, fromName, toAddr, subject, receivedAt, text, html, otp, headers, attachments }
    Errors
    invalid_id, not_found

Notes

  • All inboxes are public. Anyone with the address can read the contents. Pick long random local-parts for practical privacy.
  • Mail history is retained for 60 days; older messages are pruned automatically.
  • Polling guidance: the Gmail backend is synced once a minute, so calling list_messages more often than every 10–15 seconds doesn't reveal newer mail.
  • The detected otp field is a best-effort heuristic. Always cross-check against the full message body for high-stakes flows.
  • Rate limits are per IP. A 429 response includes a Retry-After header in seconds.
  • Stateless transport — every request is independent. No Mcp-Session-Id is issued or tracked.