arrobaMail
Module 012 endpoints

Auth /auth

Endpoints

2 total
POST/auth/getTokenPublic

Get JWT token

Public endpoint. Does not require prior authentication. The JWT token must be sent in subsequent requests. Supports rate limiting by IP and username.

Request body · application/json

NameTypeReq.Description
usernamestringYesUsername or account email
passstringYesPassword
rememberMebooleanNoIf true, the token lasts up to 365 days. Default: false
localestringNoLanguage code: "en" or "es". Default: "es"

Example

curl -X POST "https://envios.arrobamail.com/v3/api/auth/getToken" \
  -H "Content-Type: application/json" \
  -d '{
  "username": "...",
  "pass": "...",
  "rememberMe": true,
  "locale": "..."
}'

Response 200

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "id": 1234,
    "uname": "usuario_ejemplo",
    "email": "[email protected]",
    "role": "user",
    "lang": "es"
  }
}

Errors

StatusCodeDescription
500rate_limitUser or IP blocked for exceeding the rate limit
412account_suspendedThe account is suspended
404invalid_credentialsInvalid credentials
POST/auth/logoutUser

Log out and invalidate token

Invalidates the current JWT token. Requires authentication.

Example

curl -X POST "https://envios.arrobamail.com/v3/api/auth/logout" \
  -H "Authorization: Bearer $TOKEN"

Response 200

{
  "status": "ok",
  "message": "Session closed successfully"
}

Errors

StatusCodeDescription
400token_not_foundToken not found
401invalid_tokenInvalid or expired token

Integration notes · from real-world experience

  • Authentication is by JWT, not by API Key. The token comes from POST /auth/getToken with username + pass (the field is pass, not password). The panel's “API Key” is a different mechanism and does not authenticate this REST v3.
  • getToken is public and rate-limited by IP and username. rememberMe: true extends the token up to 365 days; otherwise it lasts the session.
  • Transient 401 on mutating operations. Under high concurrency, a PUT/DELETE may respond with 401 due to an antifraud guard. Refresh the token with a new getToken call and retry once.

Get started with arrobaMail
in under 5 minutes.

Free plan, AI generations included, no credit card required — and real support from a real team.

Try it free now
WhatsAppOur team replies