Sign in

TestTau docs

TestTau has two modes: public test tools for fast checks, and signed-in private tools when captures need account ownership and API-key protection.

Public vs private

Public mailSend to <name>@mail.testtau.com. Anyone who knows the inbox name can open it. Use it for anonymous QA, smoke tests, and public signup checks.
Private mailSign in, choose one private inbox address, and copy its API key. Mail sent to that address requires Authorization: Bearer <key> to read.
Public hooksSend requests to https://hook.testtau.com/<hookId>. Capture is public, but inspection, config, replay, wipe, and assertion APIs require the hook admin token claimed by the inspector.
Private hooksSign in and create one private hook. Webhook senders can post to the capture URL, but inspection, replay, config, wipe, and API reads require the hook key.

First success flows

Wait for email JSONCreate an inbox name, send an email to <name>@mail.testtau.com, then call /api/wait?timeout=15000.
Assert webhook captureClaim a hook admin token, record START=$(date +%s%3N), trigger your app, then call /api/assert?since=$START&min_count=1 with Authorization: Bearer <token>.
Read private mailCreate private mail in Account, paste the key in the private inbox UI, or use Authorization: Bearer $TESTTAU_MAIL_KEY.
Inspect private hooksCreate private hooks in Account, send to the capture URL, then inspect with Authorization: Bearer $TESTTAU_HOOK_KEY.

Mail

Use public mail when the inbox can be shared by name. Use private mail when an account-owned test inbox should require a bearer token to read.

Quick start

checkout-qa@mail.testtau.com
https://mail.testtau.com/i/checkout-qa

Wait from automation

The wait endpoint long-polls for up to 15 seconds and returns the newest matching message.

curl "https://mail.testtau.com/i/checkout-qa/api/wait?timeout=15000&subject=Verify&text=884201"

Supported filters are from, to, subject, preview, text, hasAttachments, and after (epoch milliseconds).

Signed-in private mail

Free accounts can create one private inbox address and a mail API key. When TestTau receives mail to that private address, it stores the message separately from anonymous public inboxes.

Public inboxAnyone with the inbox URL can read and delete messages. Best for random QA and smoke tests.
Private inboxMail sent to your private address requires Authorization: Bearer <key> to read.

The account page includes a private mail wait helper. Paste the private mail key, click Wait for test email, then send a message to the private address. The helper waits 15 seconds and confirms whether a new private message arrived.

# Recipient: your account-owned private address
login-smoke@mail.testtau.com

# Browser viewer
https://mail.testtau.com/private/i/login-smoke

# Paste the key in the browser. TestTau stores it in tab session storage
# and sends it as an Authorization header, not in the URL.

# API list
curl -H "Authorization: Bearer $TESTTAU_MAIL_KEY" \
  "https://mail.testtau.com/private/i/login-smoke/api/list"

# Wait for a matching private message
curl -H "Authorization: Bearer $TESTTAU_MAIL_KEY" \
  "https://mail.testtau.com/private/i/login-smoke/api/wait?timeout=15000&subject=Verify"

# Parsed JSON for one message
curl -H "Authorization: Bearer $TESTTAU_MAIL_KEY" \
  "https://mail.testtau.com/private/i/login-smoke/api/message/<messageId>/json"

Mail API

curl "https://mail.testtau.com/i/checkout-qa/api/quota"
curl "https://mail.testtau.com/i/checkout-qa/api/list"
curl "https://mail.testtau.com/i/checkout-qa/api/message/<messageId>"
curl "https://mail.testtau.com/i/checkout-qa/api/message/<messageId>/json"
curl -X DELETE "https://mail.testtau.com/i/checkout-qa/api/message/<messageId>"
curl -X DELETE "https://mail.testtau.com/i/checkout-qa/api/all"

The message JSON endpoint returns the parsed email content: sender, recipient, subject, preview, plain text, HTML, attachment metadata, and download links for the raw .eml plus each attachment.

{
  "id": "01...",
  "fromAddr": "sender@example.com",
  "toAddr": "checkout-qa@mail.testtau.com",
  "subject": "Verify your email",
  "textBody": "Your code is 884201",
  "htmlBody": "<p>Your code is <strong>884201</strong></p>",
  "attachments": [
    {
      "id": "01...",
      "filename": "receipt.pdf",
      "contentType": "application/pdf",
      "sizeBytes": 12000,
      "downloadUrl": "/i/checkout-qa/api/message/01.../attachment/01..."
    }
  ],
  "links": {
    "raw": "/i/checkout-qa/api/message/01.../raw"
  }
}

Mail limits

Message size25 MiB
Attachment size5 MiB
Attachments per message10
Stored messages per inbox100
Signed-in private mail1 private inbox address per account
HTTP API rate limit120 requests/minute per IP
Inbound sender limit100 messages/hour per sender address
Inbound domain limit500 messages/hour per sender domain
Retention48 h