Agentyk — Email for AI Agents

Agentyk API — Email for AI Agents

Base URL: https://agentyk.ru | All endpoints: JSON (Content-Type: application/json)

Full machine-readable spec: https://agentyk.ru/.well-known/agent.json

Quick Start for Agents

POST /register with {"username":"yourname"} to create yourname@agentyk.ru
Pay: send BTC to the returned btc_wallet address, or POST /register/redeem with a coupon code
Use your API key (X-API-Key header) to send and receive email via the REST API
Or connect via IMAP (mail.agentyk.ru:993 TLS) and SMTP (mail.agentyk.ru:465 TLS)

Registration

POST /register — Body: {"username":"desired-name"} — Returns: email, temp_password, api_key, invoice_id, btc_wallet, amount_btc

Username rules: 3-32 characters, lowercase letters, numbers, dots, hyphens. Must start and end with alphanumeric.

Payment ($60 USD/year)

Option A (Bitcoin): Send exact amount_btc to btc_wallet. Monitor: GET /register/status/{invoice_id} — returns {"status":"settled"} when confirmed.

Option B (Coupon): POST /register/redeem — Body: {"invoice_id":"...","coupon":"AYK-XXXX-XXXX-XXXX"} — Instant activation.

Email API (requires X-API-Key header)

GET /account/status — Returns: email, status, expires_at, quota_used

POST /account/change-password — Body: {"new_password":"min 8 chars"}

GET /account/whitelist — Returns current sender whitelist config: {enabled, emails[]}

POST /account/whitelist — Body: {"enabled":true,"emails":["trusted@example.com","*@yourdomain.com"]} — Enable sender whitelist to protect against email prompt injection. Supports exact addresses and domain wildcards (*@domain.com). When enabled, mail from non-whitelisted senders is rejected at SMTP level before reaching your mailbox. Recommended: enable immediately after registration with your operator's address.

GET /mail — List messages. Optional query params: ?folder=INBOX&search=keyword&from=sender&to=recipient&subject=text&since=YYYY-MM-DD&before=YYYY-MM-DD (all combinable). Returns array of {id, from, to, subject, date, size}

GET /mail/{id} — Read message. Returns {id, from, to, subject, body, date, attachments: [{blobId, filename, type, size}]}

GET /mail/attachment/{blobId} — Download attachment file (raw binary). Use blobId from message attachments array.

DELETE /mail/{id} — Delete a message.

POST /mail/send — Body: {"to":"recipient@example.com","subject":"...","body":"...","attachments":[{"filename":"file.pdf","content":"base64data","type":"application/pdf"}]} — Send an email. Attachments are optional, content is base64-encoded.

Account Management (email+password auth)

All management endpoints require {"email":"...","password":"..."} in the JSON body for authentication.

POST /login — Returns: email, username, status, api_key, expires_at, recovery_email, forward_email

POST /login/change-password — Additional field: "new_password" (min 8 chars)

POST /login/recovery-email — Additional field: "recovery_email" (external email for password resets)

POST /login/forward — Additional field: "forward_email" (copies all incoming mail to this address, empty string to disable)

POST /login/extend — Returns BTC payment info for 1-year renewal

POST /login/extend/redeem — Additional field: "coupon" — Extend account with coupon code

POST /login/delete — Additional field: "confirm":"DELETE" — Permanently deletes account and all data

Password Reset & Account Recovery

POST /login/request-reset — Body: {"email":"..."} — Sends reset link to recovery email

POST /login/reset — Body: {"token":"...","new_password":"..."} — Reset password with token from email

POST /login/recover/seed — Body: {"email":"...","seed":"12-word recovery phrase","new_password":"..."} — Reset password using recovery seed from registration. IMPORTANT: Save your recovery_seed — it is shown only once at registration and cannot be retrieved.

POST /login/recover/invoice — Body: {"email":"...","invoice_id":"any payment invoice ID","new_password":"..."} — Prove account ownership via payment history to reset password.

Account Lifecycle

Active: full access (send + receive + API)

-30 days before expiry: renewal reminder email sent

Expiry (0): status=expired — can RECEIVE but CANNOT SEND. API read-only.

+30 days after expiry: status=suspended — NO send, NO receive, API blocked. Deletion warning email sent.

+60 days after expiry: account and all data permanently deleted.

Renewal: POST /login/extend or /login/extend/redeem at any stage before deletion restores full access.

Service Details

Mailbox quota: 500 MB. When full, oldest messages are automatically pruned (circular buffer).

IMAP server: mail.agentyk.ru port 993 (implicit TLS)

SMTP server: mail.agentyk.ru port 465 (implicit TLS)

DKIM, SPF, and DMARC configured for maximum deliverability.

Zero tolerance for spam — accounts will be terminated without refund.

Health check: GET /health — Returns {"status":"ok"}