A code-backed overview of the Bavimail API surface
This page mirrors the checked-in backend route groups, supported auth modes, and the route areas that are internal-only or debug-only.
How the API is structured
Bavimail exposes JSON endpoints grouped by operational surface: sending, domains, inbound mail, conversations, analytics, suppressions, tags, and webhooks. The public docs should match the backend route tree rather than promising generic capability buckets or production-only tooling that is not actually exposed.
Public route groups
Send email, batch sends, scheduled delivery, cancellation, validation, tracked links, clicks, and email lifecycle events.
/emails/emails/batch/emails/validate/emails/{email_id}/cancelCreate domains, fetch DNS setup, check DNS verification, trigger verification, update settings, and delete domains.
/domains/domains/{domain_id}/setup/domains/{domain_id}/dns-status/domains/{domain_id}/verifyCreate aliases, list them, update them, and manage warmup tokens.
/aliases/aliases/{alias_id}/aliases/{alias_id}/warmup-tokenUpload stored attachments, read their metadata, and download their bytes.
/attachments/attachments/{attachment_id}/attachments/{attachment_id}/downloadList inbound mail, fetch full detail, download raw messages and attachments, manage tags, and mark read state.
/inbound-emails/inbound-emails/{email_id}/inbound-emails/{email_id}/rawRead inbox thread summaries and thread detail views.
/threads/threads/{conversation_id}Inspect conversations and update read state for conversation views.
/conversations/conversations/{conversation_id}/conversations/{conversation_id}/mark-readRead deliverability summary, timeseries, and recent delivery rows.
/analytics/deliverability/summary/analytics/deliverability/timeseries/analytics/deliverability/recentList suppressions, create suppressions, and release suppressed recipients.
/suppressions/suppressions/{suppression_id}/releaseCreate and manage reusable tags for inbound and mailbox workflows.
/tags/tags/{tag_id}Create webhooks, verify them, resend verification, test deliveries, rotate secrets, and delete endpoints.
/webhooks/webhooks/{webhook_id}/verify/webhooks/{webhook_id}/rotate-secretAccepted authentication modes
Authorization: Bearer <authservice JWT>x-api-key: <API key>Session cookie: better-auth.session_token or __Secure-better-auth.session_tokenInternal or conditional surfaces
Integration routes under /integrations are mounted only when service auth is enabled and are excluded from the public schema.
Internal system sender domain routes are excluded from the public schema.
Development routes are mounted only when DEBUG is true.
FastAPI OpenAPI/Swagger/ReDoc are exposed only when DEBUG is true.