If you want to run arrobaMail from your own system — add contacts, send campaigns, pull stats — the way in is the REST API v3: JSON over HTTP, JWT authentication, no SDK required. This guide is the shortcut: three requests take you from zero to your first send.
From zero to first send · 3 calls
- 1POST
/auth/getToken - 2POST
/lists/:id/subscribers - 3POST
/campaigns
Three HTTP requests and you're already sending. The full code — in curl, Node, PHP, and Python — is in the API quickstart.
Before you start
- Your arrobaMail username and password (to get the token).
- A verified sender with SPF/DKIM and a list already created.
- Any HTTP client: curl, fetch, requests, Guzzle — whatever you use.
The 6 steps
- 1
The plan: three requests
Authenticate, add a contact, and send. That's the whole flow.
- 2
Authenticate: the JWT token
POST /auth/getToken returns the token that authorizes everything else.
- 3
Get your sender and list ready
The sender must be verified; the list must exist. Note down their IDs.
- 4
Add a contact
You add (or confirm) the subscriber who's going to receive the send.
- 5
Send
One call to /campaigns queues the send.
- 6
Check the result and keep going in your language
Query the outcome and grab ready-to-use code in curl, Node, PHP or Python.
1. The plan: three requests
The whole base integration comes down to three HTTP calls: authenticate (and save a token), add a contact to a list, and send. That's enough to be up and running. Later you can layer in stats queries, segmentation, and more — but this is the core.
The API's base URL is https://envios.arrobamail.com/v3/api/ (swap envios for the server assigned to your account).
2. Authenticate: the JWT token
Everything starts by requesting a token — a temporary pass that authorizes your calls:
POST /auth/getToken
Content-Type: application/json
{ "username": "your_username", "pass": "your_password", "rememberMe": true, "locale": "en" }
You get back a token. From here on, every protected call carries it in the header:
Authorization: Bearer {token}
Watch out: the field is
pass, notpassword. And withrememberMe: truethe token lasts up to 365 days (handy for production); set tofalse, it's short-lived — ideal for testing.
3. Get your sender and list ready
Before you can send, two things need to already exist in your account:
- A verified sender. To send, the
fromaddress needs SPF/DKIM certification. If it doesn't have it, the API rejects the send. (You only verify it once — see verify your sender.) - A list.
GET /listsreturns your lists and their IDs. Note the destination list's ID — it's an encrypted string, not a number.
4. Add a contact
Add (or confirm) the subscriber who's going to receive it, in that list:
POST /lists/:id/subscribers
Authorization: Bearer {token}
{ "email": "[email protected]", "name": "Customer" }
Watch out: the contact needs to be in Active status. If your list uses double opt-in and the contact is stuck at Pending, it won't receive sends or trigger automations.
5. Send
The call that queues the send. Pass the name, subject, HTML, sender, and list:
POST /campaigns
Authorization: Bearer {token}
{ "campname": "My_first_send", "asunto": "Hello from the API",
"html": "<h1>It works</h1>", "fromname": "Your Company",
"frommail": "[email protected]", "listid": ["YOUR_LIST_ID"],
"tracklinks": 1, "trackreads": 1 }
You get back an encid (the campaign's identifier). Save it — you'll need it to check on results.
6. Check the result and keep going in your language
Use the encid to see how it went:
GET /campaigns/{encid}/stats/subscriber-actions
Authorization: Bearer {token}
It tells you whether the email was delivered, opened, and clicked. And that's it — you've just integrated arrobaMail with your system.
This guide used pseudo-HTTP so the flow is easy to follow. The real, copy-paste-ready code in curl, Node, PHP or Python lives in the API quickstart (with per-language tabs), and every endpoint's full detail — all parameters and responses — is in the reference.
Common mistakes to avoid
- Sending
passwordinstead ofpass. The password field ispass. It's the number one stumbling block. - An unverified sender. If
frommailisn't certified, the send gets rejected. Verify it first. - Treating
listidas a number. It's an encrypted string. Pass it exactly asGET /listsreturns it. - Forgetting the space in the header. It has to read exactly
Authorization: Bearer {token}, with the space after Bearer.
Next steps
- Grab the code for your language in the API quickstart.
- Go deeper on each endpoint in the reference.
- To send individual, event-driven emails, check out sending transactional emails.